Add additional options for 2FA

[1337]

Hello,

Just a small suggestion that should be fairly easy to implement. I believe that U2f and Yubikey are both very important protocols and very easy ways to substantially increase user account security. There is already a xenforo extension made available to implement these, which can be found here: https://xenforo.com/community/resources/th-two-step-authentication-essentials.4987/.

Don't really see any downsides to this happening, but feel free to leave your opinions down below.

 

[Ajdin]

I think these are excessive. Regular 2FA should do just fine. I doubt many members have heard of these authentication methods.

Why they shouldn't add it? It's another thing to maintain and keep updated while it isn't actually needed.

 

[1337]

I think these are excessive. Regular 2FA should do just fine. I doubt many members have heard of these authentication methods.

Why they shouldn't add it? It's another thing to maintain and keep updated while it isn't actually needed.

It isn't exactly too much maintenance to drag & drop an addon..

 

[Landon]

I don't know what you mentioned are, but I do see the addon has SMS verification which I really have wanted for a while now.

 

[Jack]

It isn't exactly too much maintenance to drag & drop an addon..

That's what we'd all say, but seeing as you have been on MC-Market for just over 2 years now, you should know by now how much effort installing a 'drag and drop' addon is for the MC-Market administration (or rather, how much time it would take)

 

[Landon]

That's what we'd all say, but seeing as you have been on MC-Market for just over 2 years now, you should know by now how much effort installing a 'drag and drop' addon is for the MC-Market administration (or rather, how much time it would take)

Two weeks for the image proxy!!
4 months later

 

[1337]

Two weeks for the image proxy!!
4 months later

I think it's been close to 8 at this point

 

[Landon]

I think it's been close to 8 at this point

Image proxy works now

 

[Jack]

Shout out to Brent W, the non-admin sys admin

Image proxy works now

On-topic: Maybe we will see 2FA in the April update.

 

[Sloth]

I’d be more surprised if this suggestion was implemented before next year.

Everyone talks about how support tickets and resource requests are backed up but nobody talks about how neglected the suggestions section has become. It takes months/years for suggestions to even be decided on and then it takes another few months for it to be implemented.

 

[Kelsey]

I’d be more surprised if this suggestion was implemented before next year.

Everyone talks about how support tickets and resource requests are backed up but nobody talks about how neglected the suggestions section has become. It takes months/years for suggestions to even be decided on and then it takes another few months for it to be implemented.

My suggestion has been pending for more than 2 years now.

 

[LA Confidential]

Hello,

Just a small suggestion that should be fairly easy to implement. I believe that U2f and Yubikey are both very important protocols and very easy ways to substantially increase user account security. There is already a xenforo extension made available to implement these, which can be found here: https://xenforo.com/community/resources/th-two-step-authentication-essentials.4987/.

Don't really see any downsides to this happening, but feel free to leave your opinions down below.

do you know anyone personally that their mcm account got jacked/hacked? nothings wrong with being too cautious. Unless you're giving your password out freely or mcm has a database breach it's not needed. if you're a over secure weirdo stick with 2fa only devs at mcm have access to that type of information.

 

[Sloth]

do you know anyone personally that their mcm account got jacked/hacked? nothings wrong with being too cautious. Unless you're giving your password out freely or mcm has a database breach it's not needed. if you're a over secure weirdo stick with 2fa only devs at mcm have access to that type of information.

People get their accounts compromised all the time unfortunately.

 

[LA Confidential]

People get their accounts compromised all the time unfortunately.

who do you know personally? they must've gave their information out.

 

[Sloth]

who do you know personally? they must've gave their information out.

There was a database breach on a competitor site and certain users thought it was a good idea to have the same password on both sites.

 

[LA Confidential]

There was a database breach on a competitor site and certain users thought it was a good idea to have the same password on both sites.

completely irrelevant to this post. theres no need for additional security. nobody should have to tell you to not have the same password. only a idiot that mindlessly cares about security would use the same password for everything. thats equal to wiping your ass with already used toilet paper to a hat (White/Black/Grey).

 

[jxhdvn]

I think these are excessive. Regular 2FA should do just fine. I doubt many members have heard of these authentication methods.

Why they shouldn't add it? It's another thing to maintain and keep updated while it isn't actually needed.

They're way better than standard email 2FA which a lot use

 

[1337]

do you know anyone personally that their mcm account got jacked/hacked? nothings wrong with being too cautious. Unless you're giving your password out freely or mcm has a database breach it's not needed. if you're a over secure weirdo stick with 2fa only devs at mcm have access to that type of information.

There's plenty of people who have had their accounts compromised on MCM and thousands of data breaches occur constantly, having a yubikey doesn't make someone "an oversecure weirdo", it makes them either legitimately concerned about the privacy of their data, or someone that's required to be compliant with certain regulations. Additionally, MCM admins do not have access to our passwords, they're stored as hashes/salts within a database and they couldn't decrypt them if they tried.

You look like Edward Snowden

*reacts optimistic*

They're way better than standard email 2FA which a lot use

E-Mail and SMS 2fa are long out of date and unfortunately too many people believe they're still secure. While better than having nothing, simply getting SIM swapped would completely eliminate the layer of protection 2fa-SMS gives you and via E-Mail, it could also be compromised. TOTP, U2F, and FIDO2 are pretty much the only truly secure/reliable means of multifactor authentication.

 

[jxhdvn]

There's plenty of people who have had their accounts compromised on MCM and thousands of data breaches occur constantly, having a yubikey doesn't make someone "an oversecure weirdo", it makes them either legitimately concerned about the privacy of their data, or someone that's required to be compliant with certain regulations. Additionally, MCM admins do not have access to our passwords, they're stored as hashes/salts within a database and they couldn't decrypt them if they tried.

*reacts optimistic*

E-Mail and SMS 2fa are long out of date and unfortunately too many people believe they're still secure. While better than having nothing, simply getting SIM swapped would completely eliminate the layer of protection 2fa-SMS gives you and via E-Mail, it could also be compromised. TOTP, U2F, and FIDO2 are pretty much the only truly secure/reliable means of multifactor authentication.

What about an Authenticator app?