Hot Summer Deals are Here!
Celebrate with up to 90% off on 13,800 resources
04
Days
17
Hours
14
Mins
35
Secs
View all deals

Add additional options for 2FA

Status
1337

1337

ash is our purest form
Supreme
Feedback score
159
Posts
1,541
Reactions
1,523
Resources
0
Hello,

Just a small suggestion that should be fairly easy to implement. I believe that U2f and Yubikey are both very important protocols and very easy ways to substantially increase user account security. There is already a xenforo extension made available to implement these, which can be found here: https://xenforo.com/community/resources/th-two-step-authentication-essentials.4987/.

Don't really see any downsides to this happening, but feel free to leave your opinions down below.
 
Type
Suggestion
Status
Denied
Upvote 6 Downvote
PebbleHost
High performance, consistent uptime and fast support. Minecraft hosting that just works.
1337

1337

ash is our purest form
Supreme
Feedback score
159
Posts
1,541
Reactions
1,523
Resources
0
pnknick said:
What about an Authenticator app?
Click to expand...
Authy is frequently used but also, as it depends primarily on SMS/phone # for verification, it is unsecure and can be exploited via SIM swap. If hardware keys like yubikey aren't an option, my personal recommendation is using something like https://bitwarden.com which is both a great PW manager and has very good built-in 2FA/TOTP support.
 
jxhdvn

jxhdvn

The Visionary
Supreme
Feedback score
30
Posts
2,480
Reactions
1,282
Resources
0
1337 said:
Authy is frequently used but also, as it depends primarily on SMS/phone # for verification, it is unsecure and can be exploited via SIM swap. If hardware keys like yubikey aren't an option, my personal recommendation is using something like https://bitwarden.com which is both a great PW manager and has very good built-in 2FA/TOTP support.
Click to expand...
I've been using the Authenticator app from Google and from what I can tell it doesn't require either of those. Is this a viable option
 
1337

1337

ash is our purest form
Supreme
Feedback score
159
Posts
1,541
Reactions
1,523
Resources
0
pnknick said:
I've been using the Authenticator app from Google and from what I can tell it doesn't require either of those. Is this a viable option
Click to expand...
It's meh, no obvious downsides security wise but if you lose your phone you're kinda fucked. Make sure to keep a copy of those backup keys. :eyes:

I'd still recommend switching to bitwarden/hardware if that's an option for you, but if you'd like to ask more in-depth, feel free to DM me on disc.
 
jxhdvn

jxhdvn

The Visionary
Supreme
Feedback score
30
Posts
2,480
Reactions
1,282
Resources
0
1337 said:
It's meh, no obvious downsides security wise but if you lose your phone you're kinda fucked. Make sure to keep a copy of those backup keys. :eyes:

I'd still recommend switching to bitwarden/hardware if that's an option for you, but if you'd like to ask more in-depth, feel free to DM me on disc.
Click to expand...
Thanks for the tips
 
Mick

Mick

BuiltByBit Owner
Management
Feedback score
28
Posts
6,411
Reactions
7,662
Resources
0
While accounts being compromised is a concern, introducing new methods of 2FA isn't going to prevent that from occurring. I don't think any user with 2FA enabled has ever had their accounts compromised since that would require a targeted attack against a single user which is significantly harder than password cracking.

If you're concerned about the security of your account then use google authenticator, it's perfectly secure and used by the staff team.

Denied, thanks for the suggestion.
 
Status
Top