Geekzone login security: OTP?

Forums › Geekzone › Geekzone login security: OTP?

freitasm

BDFL - Memuneh
80646 posts

Uber Geek
+1 received by user: 41030

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#63573 30-Jun-2010 10:30

I am thinking of things we can do to improve identity security...

What are you worried about when logging into Geekzone?
Would you use a one time password sent via SMS to login to Geekzone?
What else would you want to see in terms of security?

Ideas, suggestions. Not sure we'd implement everything, but who knows?

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

k1wi

484 posts

Ultimate Geek
+1 received by user: 111

#346588 30-Jun-2010 10:45

As I only use the forums, I don't need security that is over the top, but I would value it if we were able to use the site in https if we chose to.

freitasm

BDFL - Memuneh
80646 posts

Uber Geek
+1 received by user: 41030

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#346589 30-Jun-2010 10:48

We do use SSL for login at the moment, but not the entire site. This would cause problems with our use of multiple domains for serving different resources - CSS, header/footer images, avatars, etc.

We do that to increase parallel downloads where possble. Also because all those other domains are cookieless, so there's less traffic when your browser requests all those resources.

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

Phaedrus

74 posts

Master Geek

#346592 30-Jun-2010 11:10

freitasm:
Would you use a one time password sent via SMS to login to Geekzone?

I'm sure I'm about to kill my street cred here but I often don't use a 'phone with SMS capability

so that'd rule me out.

Otherwise, what k1wi said.

Cheers, P.

old3eyes

9158 posts

Uber Geek
+1 received by user: 1364

Subscriber

#346610 30-Jun-2010 12:34

It seems fine as it is. I don't want to have even more issues logging into this website..

Regards,

Old3eyes

Noodles

487 posts

Ultimate Geek
+1 received by user: 95

#349509 9-Jul-2010 14:27

Geekzone used to pass login/password via GET for a while, I'm not sure if it still does (haven't logged in for a while). While it's not a huge problem, it shows my password in cleartext in my browser history.

freitasm

BDFL - Memuneh
80646 posts

Uber Geek
+1 received by user: 41030

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#349510 9-Jul-2010 14:28

This was changed months ago. Actually a lot had changed.

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

Lenovo

Shop now for Lenovo laptops and other devices (affiliate link).

xcubed

195 posts

Master Geek
+1 received by user: 17

ID Verified

Lifetime subscriber

#349543 9-Jul-2010 15:19

Using something like OpenID would be nice, so that we can login with our Google or Facebook accounts.
Janrain have a nice front-end for this called Engage (formerly RPXNow).

nickd

447 posts

Ultimate Geek
+1 received by user: 1

#349573 9-Jul-2010 16:16

Security on this site isn't exactly a concern to me. You seem easy enough to contact that I'm sure I could get any issues that I had sorted out smartly in any case.

graemeh

2080 posts

Uber Geek
+1 received by user: 226

#349587 9-Jul-2010 16:38

Like others I'm concerned about security here at all.

I do like Xcubed's suggestion though of being able to log in with my google account. Of course transitioning to something like this will be difficult as being typical geeks people here will moan that they don't want a google account :D

richms

29098 posts

Uber Geek
+1 received by user: 10208

Trusted

Lifetime subscriber

#350285 12-Jul-2010 15:08

You trust google to not suspend you for some random complaint and then as a result having your access here unavailable too?

I'm fine how it is. I dont want to have to screw around finding my phone, checking what sim is in it getting a text, etc just to log in.

Perhaps if there is a need for a password reset or something then a sms may be a workable idea, but I am fine with username/password. Im not even happy with one of my banks which make me have a damn massive keyring just to login. Thats a pain enough that I never really use them for saving and just use my normal bank since I can login easier.

Richard rich.ms

xcubed

195 posts

Master Geek
+1 received by user: 17

ID Verified

Lifetime subscriber

#350566 13-Jul-2010 11:13

That's one of the nice things about OpenID though. You're not dependent on a single login provider. At the end of the day, your Google/Facebook/Twitter account becomes merely another way to login, just a mapping to your underlying Geekzone account. You can still use your Geekzone password by itself to authenticate, or you can use any of the OpenID accounts that you've linked with your Geekzone account. If you don't want to link your Google account with Geekzone, you won't have to. It is just an alternate method of identifying yourself.

Considering I spend all day logged into Google services, this would make logging into Geekzone easier as I wouldn't need to type anything, just click a couple of buttons. BTW, if Google refused to let me sign in one day, logging into Geekzone would be the last of my concerns.