Two-Factor Authentication

  • 19 Replies
  • 1085 Views
*

John Davis

  • Secretary Of The Society
  • Administrator
  • 15118
  • Quantum Ab Hoc
Two-Factor Authentication
« on: January 23, 2018, 09:29:21 AM »
Anybody interested? I just implemented a TOTP based (those little 6 or more digit codes that facebook etc uses) for another project and it was fairly low impact.
[John Davis is a DANGEROUS TERRORIST who MAKES US LOOK BAD

*

markjo

  • Content Nazi
  • The Elder Ones
  • 37540
Re: Two-Factor Authentication
« Reply #1 on: January 25, 2018, 06:03:38 AM »
I suppose that depends on what you're thinking about two-factor authenticating.
Science is what happens when preconception meets verification.
Quote from: Robosteve
Besides, perhaps FET is a conspiracy too.
Quote from: bullhorn
It is just the way it is, you understanding it doesn't concern me.

*

John Davis

  • Secretary Of The Society
  • Administrator
  • 15118
  • Quantum Ab Hoc
Re: Two-Factor Authentication
« Reply #2 on: January 26, 2018, 08:34:32 AM »
Basic TOTP or HOTP (those 6 digit codes you get from facebook etc) to an email or perhaps a phone number via sms. Alternately I could roll up a quick cordova ios/android app and buy the appropriate enterprise licenses for distributing them outside the app store.
[John Davis is a DANGEROUS TERRORIST who MAKES US LOOK BAD

Re: Two-Factor Authentication
« Reply #3 on: January 26, 2018, 09:02:52 AM »
It might help with huge number of bot you have.  ::)

Seriously though, I'm on another forum that does this.  They use an app called Authenticator.  As long as someone has their phone/tablet handy it's pretty painless to logon.

We use two-factor authentication at work with a pin and smartcard but that's not viable for on online forum.  The problem here is I carry multiple smartcards for the different systems I need to log on to. 

Mike
Since it costs 1.82 to produce a penny, putting in your 2 if really worth 3.64.

*

John Davis

  • Secretary Of The Society
  • Administrator
  • 15118
  • Quantum Ab Hoc
Re: Two-Factor Authentication
« Reply #4 on: January 26, 2018, 09:41:35 AM »
Yeah, we can tie into other authenticators too. That does makes more sense for us. I've used keycard and fav auth as well. Definitely makes less sense here.

Interesting point about bots; perhaps a two factor auth on registering isn't a bad idea to start off with, and we can see how it goes. Lords knows this would help our moderators, to whom I promised a fix for the bots months ago.

I'll see if I can carve out some time this weekend.
[John Davis is a DANGEROUS TERRORIST who MAKES US LOOK BAD

Re: Two-Factor Authentication
« Reply #5 on: January 26, 2018, 12:52:12 PM »
I was just kidding about the bots.  A member has been making a big stink and claiming everyone is a bot. :D
Since it costs 1.82 to produce a penny, putting in your 2 if really worth 3.64.

Re: Two-Factor Authentication
« Reply #6 on: January 31, 2018, 03:45:54 AM »
I am not kidding about the bots, nor the alts...

Googleotomy, for instance, must have about 20 alts on this site alone.

Not to mention the ape/penguin.
Because the real deal is worthless...
Now run away and bother someone who cares!

Re: Two-Factor Authentication
« Reply #7 on: February 04, 2018, 12:37:26 PM »
An issue with it is how you deal with those that don't want to use it, especially with how it would tie into other aspects of people's lives.
If you want to use it to remove alts, then you need to link it to some personal aspect which uniquely identifies an individual.
Not everyone would want to share such info.

Also, I thought 2 factor-authentication was mainly to prevent theft of accounts or unauthorised use, not to also prevent bots and the like?

*

John Davis

  • Secretary Of The Society
  • Administrator
  • 15118
  • Quantum Ab Hoc
Re: Two-Factor Authentication
« Reply #8 on: March 07, 2018, 09:35:51 PM »
I'll use a hammer to put a screw in, if all I have is a hammer.

We would use a time based key (maybe a TOTP derivation), which would temporally tie it to a particular person, given a phone number that would not be stored but, bucketed in a hash. Its not perfect, but its far stronger than the weakest door in.
[John Davis is a DANGEROUS TERRORIST who MAKES US LOOK BAD

*

John Davis

  • Secretary Of The Society
  • Administrator
  • 15118
  • Quantum Ab Hoc
Re: Two-Factor Authentication
« Reply #9 on: March 07, 2018, 09:38:35 PM »
And you couldn't tie it back to a number or person.
[John Davis is a DANGEROUS TERRORIST who MAKES US LOOK BAD

*

disputeone

  • Ranters
  • 15030
  • Or should I?
Re: Two-Factor Authentication
« Reply #10 on: March 07, 2018, 11:43:32 PM »
this would help our moderators, to whom I promised a fix for the bots months ago.

That's interesting.
For all the law is fulfilled in one word, even in this.

The reason I am consistently personally attacked here.
https://www.theflatearthsociety.org/forum/index.php?topic=69306.msg1960160#msg1960160

*

Cahaya

  • 420
Re: Two-Factor Authentication
« Reply #11 on: March 08, 2018, 07:55:32 AM »
I for one would be fascinated to know if there is even one bot here. Anything that clarifies on that score gets my vote

*

Crouton

  • Flat Earth Inspector General of High Fashion Crimes and Misdemeanors
  • Planar Moderator
  • 8610
  • V is for Viceroy
Re: Two-Factor Authentication
« Reply #12 on: March 08, 2018, 08:05:15 AM »
I for one would be fascinated to know if there is even one bot here. Anything that clarifies on that score gets my vote

Only spam bots.  Maybe once there was a chinese propoganda bot.  Those are painfully obvious and tend to get banned fast. 
Intelligentia et magnanimitas vincvnt violentiam et desperationem.
The truth behind NASA's budget

*

Space Cowgirl

  • MOM
  • Administrator
  • 37899
  • Official FE Recruiter
Re: Two-Factor Authentication
« Reply #13 on: March 08, 2018, 09:12:18 AM »
I would ban them faster if people reported spambots, but they'll slide right past a spambot to report someone for saying something they disagree with.
I'm sorry. Am I to understand that when you have a boner you like to imagine punching the shit out of Tom Bishop? That's disgusting.

*

boydster

  • Illegal Alien
  • Planar Moderator
  • 10864
  • May I have 55 words with you?
Re: Two-Factor Authentication
« Reply #14 on: March 08, 2018, 05:58:19 PM »
I would ban them faster if people reported spambots, but they'll slide right past a spambot to report someone for saying something they disagree with.

REPORTED!

I'm guilty of replying to the spam bots. Sometimes I just really want a Vietnamese driver's license. I'll try harder to report them instead though.
Let me explain this in a way you can understand. What you just wrote sounds exactly like something that a gay rights Portuguese Samurai would write.

*

disputeone

  • Ranters
  • 15030
  • Or should I?
Re: Two-Factor Authentication
« Reply #15 on: March 09, 2018, 04:33:06 PM »
I think Papa was reporting bots but you banned him instead of any bots ???
For all the law is fulfilled in one word, even in this.

The reason I am consistently personally attacked here.
https://www.theflatearthsociety.org/forum/index.php?topic=69306.msg1960160#msg1960160

*

Cahaya

  • 420
Re: Two-Factor Authentication
« Reply #16 on: March 10, 2018, 04:36:25 AM »
I think Papa was reporting bots but you banned him instead of any bots ???

No Papa was calling everyone a bot...

Or a pedophile...

Or a child murderer...

Didn't see any evidence of any of those from Papa

*

Space Cowgirl

  • MOM
  • Administrator
  • 37899
  • Official FE Recruiter
Re: Two-Factor Authentication
« Reply #17 on: March 10, 2018, 07:02:13 AM »
I think Papa was reporting bots but you banned him instead of any bots ???

No Papa was calling everyone a bot...

Or a pedophile...

Or a child murderer...

Didn't see any evidence of any of those from Papa

He knows that. He thinks he's being edgy and cool.
I'm sorry. Am I to understand that when you have a boner you like to imagine punching the shit out of Tom Bishop? That's disgusting.

*

th3rm0m3t3r0

  • At least 3 words, please.
  • 4688
  • It's SCIENCE!
Re: Two-Factor Authentication
« Reply #18 on: March 10, 2018, 07:23:52 AM »
If it's optional, sure. I wouldn't want to use it. My security on this site means very little to me, no offense.


I don't profess to be correct.
Quote from: sceptimatic
I am correct.

*

Space Cowgirl

  • MOM
  • Administrator
  • 37899
  • Official FE Recruiter
Re: Two-Factor Authentication
« Reply #19 on: March 10, 2018, 07:27:26 AM »
Another forum I post on used to use two factor authentication but it stopped sending the codes and ended up being turned off.
I'm sorry. Am I to understand that when you have a boner you like to imagine punching the shit out of Tom Bishop? That's disgusting.