2FA for added account safety

Discussion in 'Announcements' started by ancestor(v), Nov 28, 2016.

  1. ancestor(v)

    ancestor(v) Admin
    Staff Member

    Jun 26, 2007
    2,703
    4,556
    90
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. pisthai

    pisthai Imperfect Human

    Jul 29, 2009
    6,857
    2,029
    210
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. ancestor(v)

    ancestor(v) Admin
    Staff Member

    Jun 26, 2007
    2,703
    4,556
    90
    As stated, other apps do work as well. I tested Authy and authenticator+ and both worked fine.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. pisthai

    pisthai Imperfect Human

    Jul 29, 2009
    6,857
    2,029
    210
    Thanks for the answer.

    It simply looks like that the Google Authenticator is the only one working on MDL because it's mentioned in Settings as the only one.

    Thanks.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. NeXtStatioN

    NeXtStatioN MDL Senior Member

    Dec 29, 2014
    325
    591
    10
    I'm using Authy and it works well ;)

    Thanks ancestor
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. Mr.X

    Mr.X MDL Guru

    Jul 14, 2013
    5,996
    13,567
    180
    Bit off-topic

    Also I was concerned about the hard delete thing. I know you have already thought about this and set proper strategies in place, but just saying:

    Hard delete this thread?
    Enter 1st authorized staff person password:______________________
    Enter 2nd authorized staff person password:______________________

    That is, for hard delete a thread, two staff guys must authorize it... :cool:
     
  7. wazzock

    wazzock MDL Senior Member

    Oct 22, 2016
    340
    185
    10
    like the nuclear button MrX :D
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. Mr.X

    Mr.X MDL Guru

    Jul 14, 2013
    5,996
    13,567
    180
    Exactly, if you are gonna nuke something at least share blame with another one :D:p
     
  9. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    11,245
    11,059
    340
    I can confirm authy and the paid authenticator+ work as well. Google provides the API only... there is actually a way without any 'google'...
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. NeXtStatioN

    NeXtStatioN MDL Senior Member

    Dec 29, 2014
    325
    591
    10
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. Daz

    Daz MDL Developer / Admin
    Staff Member

    Jul 31, 2009
    9,488
    66,572
    300
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  12. urie

    urie Moderator
    Staff Member

    May 21, 2007
    8,717
    3,084
    300
  13. digitool

    digitool MDL Novice

    Mar 12, 2010
    45
    26
    0
    #13 digitool, Dec 1, 2016
    Last edited by a moderator: Apr 20, 2017
  14. Tiger-1

    Tiger-1 MDL Guru

    Oct 18, 2014
    3,759
    4,043
    120
    @Daz I follow you changing now:)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  15. Mr.X

    Mr.X MDL Guru

    Jul 14, 2013
    5,996
    13,567
    180
    #15 Mr.X, Dec 1, 2016
    Last edited by a moderator: Apr 20, 2017
  16. johnlgalt

    johnlgalt MDL Novice

    Aug 21, 2013
    23
    6
    0
    Thank you! for implementing 2FA.

    Just as a heads up, the FOSS PW Manager, KeePass, can handle Timed One-time Passwords (TOTPs) using either of 2 plugins, named (appropriately) KeeOTP and Tray OTP. Both work with this, and I've eliminated the need to use Google Authenticator (and thus plugged a security hole in case someone steals my phone).

    Setup is easy, upon enabling it for the entry for MDL, you simple have to enter the secret key that the forum generates. What makes it a bit harder is that, most other sites also provide you with the text of the key needed to create the OTP, whereas here you only get a QR code. To get the text, I simply used a BarCode Scanner on my phone, grabbed the secret key, entered it into the KeeOTP window and my code was automatically generated, changing every 30 seconds as it is supposed to.

    Would it be prudent to display the secret key text as well as the QR Code for future users? If not, then there is still the above workaround if users want to use an app that doesn't directly scan the QR Code....
     
  17. Daz

    Daz MDL Developer / Admin
    Staff Member

    Jul 31, 2009
    9,488
    66,572
    300
    We're thinking of changing the forums software and what we're thinking of using has a 2FA option built into it already. It's much more feature complete than what I've set up here too, but the implementation is also different. That'll​ mean that you'll have to re-enable 2FA if/when we change the software.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  18. Daz

    Daz MDL Developer / Admin
    Staff Member

    Jul 31, 2009
    9,488
    66,572
    300
    Authy already works. It's mentioned in post #1 too.

    Currently you wouldn't be able to access my account even if my password was easy because you'd have no idea what my recovery code is or how to generate valid time based codes. If, however, I were to share the plugins source code then it would expose how the data is being stored and read, which only weakens an accounts security. That's why I'm not going to be sharing the source code.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  19. Smorgan

    Smorgan Glitcher

    Mar 25, 2010
    1,854
    1,034
    60
    I appreciate the way MDL is transitioning to a more secure format. Ya I know me complimenting anything is like pulling teach but I do actually appreciate this one.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...