d2jsp
Log InRegister
d2jsp Forums > d2jsp > General Help > Site Suggestions >
Poll > Two Factor Authentication
Prev12
Closed New Topic New Poll
Views: 695Replies: 17Track Topic
  Guests cannot view or vote in polls. Please register or login.
Member
Posts: 44,625
Joined: Feb 12 2007
Gold: 1,444.13
#11
Dec 5 2018 09:24am
hell no
can't use a cellphone where I use a pc so would never be able to get on.
Member
Posts: 2,903
Joined: Aug 25 2009
Gold: 170.00
#12
Dec 6 2018 08:33am
Its a forum, not a bank.
Member
Posts: 67,180
Joined: Jan 26 2009
Gold: 245.89
#13
Dec 6 2018 09:05am
Enable 2FA for you e-mail, problem solved
Member
Posts: 35,405
Joined: Mar 13 2007
Gold: 0.00
Trader: Trusted
#14
Dec 6 2018 09:20am
Voted yes. Although if you have 2FA enabled on your mail account, should be fine.

Also make it so you need your gold pw to sign in. :P
Member
Posts: 924
Joined: Aug 1 2006
Gold: 15,320.00
#15
Dec 6 2018 09:34pm
Quote (Cheetos @ Dec 5 2018 12:42am)
is that how you got this account? :rofl:

haha good 1 man ROFL!1!

Quote (Caulder10 @ Dec 5 2018 08:24am)
hell no
can't use a cellphone where I use a pc so would never be able to get on.

You don't have to use it if you don't want/are unable to.

Quote (FreeUsername @ Dec 6 2018 07:33am)
Its a forum, not a bank.

This kind of backwards attitude really hinders progress.

Quote (ium @ Dec 5 2018 07:10am)
That is very true! Just as much as if someone got access to your email (which is protected by only one password) they can verify your 2 FA. If you use 2FA on the cellphone you are absolutely protected, but once you lose your
phone number, then you can just imagine the procedure to verify that you are the rightful owner of your d2jsp account.

How are people going to guess two passwords without your computer being compromised? And if your computer is compromised, then they can steal your web-session and use your account without a password. Which means
a 2FA is useless unless you have a gold password combined OR require it every time you send FG.


Does Google 2-step verification protect user from session hijacking?
- Short answer: Yes, the attacker can use session hijacking.

source: https://security.stackexchange.com/questions/56555/does-google-2-step-verification-protect-user-from-session-hijacking

Beyond that, SMS 2FA is horrible, and the wrong way to do it.
Session hijacking is a lot more involved than a simple keylogger, and U2F is one of a few solutions to solve that.

Quote (Caulder10 @ Dec 5 2018 08:24am)
How are people going to guess two passwords without your computer being compromised? And if your computer is compromised, then they can steal your web-session and use your account without a password. Which means
a 2FA is useless unless you have a gold password combined OR require it every time you send FG.

Try recovering your account on JSP.
Literally anyone who has access to your email immediately can reset your account and gold password and it's game over. Your computer doesn't even need to be compromised.

This post was edited by xXZyZXx on Dec 6 2018 09:39pm
Member
Posts: 2,903
Joined: Aug 25 2009
Gold: 170.00
#16
Dec 12 2018 05:16am
Quote (xXZyZXx @ 7 Dec 2018 05:34)

This kind of backwards attitude really hinders progress.


And this kind of stuff is exactly the type that break in future compatibility. It gives more maintenance and more can break.

Personally i use a password manager that has 2FA, so to obtain my pw, i need already 2 device's. That being said, if you prefer this kind of methods like 2FA, you already can implement it yourself.
Member
Posts: 23,518
Joined: Aug 3 2011
Gold: 3,575.00
#17
Dec 12 2018 11:42am
Quote (ium @ Dec 5 2018 06:54am)
Gold password is a million times better, in my books.

2 FA is lame and time consuming... People will have problems when they change emails & phone numbers, etc. I also don't like to rely on google to not charge for this service in the future...

Big and firm No - I don't like to rely on external technique .


Voted NULL because forcing it upon people is a pain, but it would be nice for those who feel like they need to be in control. Would be cool if you could link it to a Gmail or something as I know the API exists but it's entirely up to Njaguar :)
Member
Posts: 924
Joined: Aug 1 2006
Gold: 15,320.00
#18
Dec 13 2018 12:11pm
Quote (FreeUsername @ Dec 12 2018 03:16am)
And this kind of stuff is exactly the type that break in future compatibility. It gives more maintenance and more can break.


I'm confident in njag's ability to maintain such a feature. What's the point of a site suggestions forum if not for new features?

Quote (FreeUsername @ Dec 12 2018 03:16am)
Personally i use a password manager that has 2FA, so to obtain my pw, i need already 2 device's. That being said, if you prefer this kind of methods like 2FA, you already can implement it yourself.


You really can't, it's not the same at all. Having 20 deadbolts on your fence doesn't prevent people from just jumping the fence...
I urge you to think about this some more, and perhaps you will come to the conclusion that you're still effectively only protected by one factor when you do this (your password on JSP).

Quote (Cocoo @ Dec 12 2018 09:42am)
Voted NULL because forcing it upon people is a pain, but it would be nice for those who feel like they need to be in control. Would be cool if you could link it to a Gmail or something as I know the API exists but it's entirely up to Njaguar :)


Yeah, in hindsight I should've added a choice that it would be an optional feature. People seem to assume it's all or nothing.
Go Back To Site Suggestions Topic List
Prev12
Closed New Topic New Poll

© 2003-2024 d2jsp  Contact