Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


BDFL - Memuneh
61524 posts

Uber Geek
+1 received by user: 12243

Administrator
Trusted
Geekzone
Lifetime subscriber

Topic # 203119 18-Sep-2016 15:23
4 people support this post
Send private message

I have now added an option to enabled two factor authentication to your Geekzone account. You can do this from your profile page or directly from 2FA-enable your Geekzone account.

 

This is used for login on the main site only. Currently not used on mobile and APIs - those don't allow profile changes or PM so not a priority at the moment.

 

You will need an authenticator app - Authy or Google Authenticator for example.

 

 





View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3
Aussie
4269 posts

Uber Geek
+1 received by user: 1221

Trusted
Subscriber

  Reply # 1635495 18-Sep-2016 16:00
Send private message

Quick thought about the login. With the 2FA and the captcha, what happens if you don't instantly get the tick that you're not a robot and your 2FA code times out? This could get frustrating, continually having to change codes and re-captcha. Any chance of a page after the captcha that you can insert your 2FA, for those that use it? 

 

I'm asking this as I use the full site on my mobile, and it nearly always tells me I'm a robot. Changing codes on it will be a pain.. eg, open auth app, open GZ, swap back to auth app, wait for keyboard in browser, captcha says I'm a robot, do the picture thing, switch back to auth app coz my code has expired, back to browser, wait for keyboard to change 2FA code... You get the idea...


Mr Snotty
8032 posts

Uber Geek
+1 received by user: 4019

Moderator
Trusted
Lifetime subscriber

  Reply # 1635496 18-Sep-2016 16:01
Send private message

Perfect! Enabled.

 

Just noticed there is no badge for doing this though :)







BDFL - Memuneh
61524 posts

Uber Geek
+1 received by user: 12243

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 1635497 18-Sep-2016 16:02
One person supports this post
Send private message

I thought of the timeout for the captcha - something for phase two where 2FA will actually be optional and only required if your connection triggers a warning.

 

Badges... Yes, will look at this.





Mr Snotty
8032 posts

Uber Geek
+1 received by user: 4019

Moderator
Trusted
Lifetime subscriber

  Reply # 1635515 18-Sep-2016 16:31
Send private message
3472 posts

Uber Geek
+1 received by user: 1928

Trusted
Lifetime subscriber

  Reply # 1635520 18-Sep-2016 17:06
Send private message

Sweet





Information wants to be free. The Net interprets censorship as damage and routes around it.


1586 posts

Uber Geek
+1 received by user: 156

Trusted

  Reply # 1635557 18-Sep-2016 18:00
Send private message

No need to reauthenicate before setting up?

 

Should require username and password before the 2FA QR code is shown...





CPU: Intel 3770k| RAM: F3-2400C10D-16GTX G.Skill Trident X |MB:  Gigabyte Z77X-UD5H-WB | GFX: GV-N660OC-2GD gv-n660oc-2gd GeForce GTX 660 | Monitor: Qnix 27" 2560x1440

 

 




BDFL - Memuneh
61524 posts

Uber Geek
+1 received by user: 12243

Administrator
Trusted
Geekzone
Lifetime subscriber

1586 posts

Uber Geek
+1 received by user: 156

Trusted

  Reply # 1635565 18-Sep-2016 18:34
Send private message

And then I guess conversely if it's not there already, to disable 2FA requires user,pass and valid 2FA token..

 

 

 

But well done on adding 2FA!!!





CPU: Intel 3770k| RAM: F3-2400C10D-16GTX G.Skill Trident X |MB:  Gigabyte Z77X-UD5H-WB | GFX: GV-N660OC-2GD gv-n660oc-2gd GeForce GTX 660 | Monitor: Qnix 27" 2560x1440

 

 


1819 posts

Uber Geek
+1 received by user: 654

Trusted
Subscriber

  Reply # 1635567 18-Sep-2016 18:37
Send private message

Done! Good work.

368 posts

Ultimate Geek
+1 received by user: 133

Subscriber

  Reply # 1635569 18-Sep-2016 18:41
Send private message

Thank you for adding this!




BDFL - Memuneh
61524 posts

Uber Geek
+1 received by user: 12243

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 1635581 18-Sep-2016 19:13
Send private message

mentalinc:

 

And then I guess conversely if it's not there already, to disable 2FA requires user,pass and valid 2FA token..

 

But well done on adding 2FA!!!

 

 

It requires a valid 2FA token or a reset code created when you add the 2FA to account.

 

No password required because if an email account is compromised then password reset is trivial so the 2FA is independent of the password to reset.

 

Also I am planning to remove passwords from Geekzone. See discussion here.





1586 posts

Uber Geek
+1 received by user: 156

Trusted

  Reply # 1635818 19-Sep-2016 13:05
Send private message

michaelmurfy:

 

Perfect! Enabled.

 

Just noticed there is no badge for doing this though :)

 

 

I seem to be raining on this parade far more than I'd like as its a very positive step forward...

 

However, having the badge visible (must collect them all) on public pages now provides a way to easily identify who has and hasn't got 2FA on their account...

 

Not sure how the no password approach in the future will change or make this less of a concern...

 

but a good way to signal my account is more secure go look at another one..





CPU: Intel 3770k| RAM: F3-2400C10D-16GTX G.Skill Trident X |MB:  Gigabyte Z77X-UD5H-WB | GFX: GV-N660OC-2GD gv-n660oc-2gd GeForce GTX 660 | Monitor: Qnix 27" 2560x1440

 

 


I fix stuff!
1710 posts

Uber Geek
+1 received by user: 381

Trusted
Vocus
Subscriber

  Reply # 1635821 19-Sep-2016 13:07
Send private message

Awesome! Done!

 

 

 

 




BDFL - Memuneh
61524 posts

Uber Geek
+1 received by user: 12243

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 1636102 19-Sep-2016 20:22
One person supports this post
Send private message
6 posts

Wannabe Geek


  Reply # 1642262 29-Sep-2016 08:15
Send private message

Well done getting the 2FA enabled and also your fast responses to suggestions for improvements.

 

We are looking to provide similar authentication option to our clients and was wondering if you have any recommendations of the tools/controls to use or any pitfalls to avoid.


 1 | 2 | 3
View this topic in a long page with up to 500 replies per page Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.