LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > LinuxQuestions.org > LQ Suggestions & Feedback
User Name
Password
LQ Suggestions & Feedback Do you have a suggestion for this site or an idea that will make the site better? This forum is for you.
PLEASE READ THIS FORUM - Information and status updates will also be posted here.

Notices


View Poll Results: Should LQ have Two-Factor authentication
Yes 4 16.67%
No 15 62.50%
I don't know / care 5 20.83%
Voters: 24. You may not vote on this poll

Reply
  Search this Thread
Old 06-19-2018, 04:30 PM   #1
Jeebizz
Senior Member
 
Registered: May 2004
Distribution: Slackware14.2 64-Bit Desktop, Devuan 2.0 ASCII Toshiba Satellite Notebook
Posts: 2,622

Rep: Reputation: 720Reputation: 720Reputation: 720Reputation: 720Reputation: 720Reputation: 720Reputation: 720
Post Two-Factor authentication for LQ


I posted this idea a while back, but I didn't want to necrothread - so here it is anew. What is the status, or plans to have Two-Factor authentication for LQ? I think for security it would actually be a good thing.
 
Old 06-19-2018, 05:01 PM   #2
scasey
Senior Member
 
Registered: Feb 2013
Location: Tucson, AZ, USA
Distribution: CentOS 7.5
Posts: 2,032

Rep: Reputation: 629Reputation: 629Reputation: 629Reputation: 629Reputation: 629Reputation: 629
Is there any evidence of cracking of user's accounts?
 
Old 06-19-2018, 05:12 PM   #3
Jeebizz
Senior Member
 
Registered: May 2004
Distribution: Slackware14.2 64-Bit Desktop, Devuan 2.0 ASCII Toshiba Satellite Notebook
Posts: 2,622

Original Poster
Rep: Reputation: 720Reputation: 720Reputation: 720Reputation: 720Reputation: 720Reputation: 720Reputation: 720
https://www.linuxquestions.org/quest...ed-4175631758/ - While not LQ, I just think it would be prudent to consider using 2FA.
 
Old 06-19-2018, 06:34 PM   #4
ChuangTzu
Senior Member
 
Registered: May 2015
Location: Where ever needed
Distribution: Slackware/Salix, FreeBSD
Posts: 1,065

Rep: Reputation: 835Reputation: 835Reputation: 835Reputation: 835Reputation: 835Reputation: 835Reputation: 835
Good lord, its not a bank account...use a strong password (better yet use a password generator/storage program), change your password every 6 months, once per year etc...

Hopefully LQ/Jeremy has the passwords on a different server then the actual forum, usually when a site gets cracked its because the passwords/usernames/data are all on the same server.
 
Old 06-19-2018, 06:56 PM   #5
Jeebizz
Senior Member
 
Registered: May 2004
Distribution: Slackware14.2 64-Bit Desktop, Devuan 2.0 ASCII Toshiba Satellite Notebook
Posts: 2,622

Original Poster
Rep: Reputation: 720Reputation: 720Reputation: 720Reputation: 720Reputation: 720Reputation: 720Reputation: 720
It does not have to be a bank account; Google uses it and some people just only use their gmail services; also social media sites (Twitter) has the option. I do not think it has to be mandatory, but if one is given the option to utilize it, I think it would be a good thing. You can opt not to choose 2FA on a Google account, but at least you have the option to use it at one point. Maybe LQ could go that route.
 
Old 06-19-2018, 07:00 PM   #6
ChuangTzu
Senior Member
 
Registered: May 2015
Location: Where ever needed
Distribution: Slackware/Salix, FreeBSD
Posts: 1,065

Rep: Reputation: 835Reputation: 835Reputation: 835Reputation: 835Reputation: 835Reputation: 835Reputation: 835
Quote:
Originally Posted by Jeebizz View Post
It does not have to be a bank account; Google uses it and some people just only use their gmail services; also social media sites (Twitter) has the option. I do not think it has to be mandatory, but if one is given the option to utilize it, I think it would be a good thing. You can opt not to choose 2FA on a Google account, but at least you have the option to use it at one point. Maybe LQ could go that route.
Google uses it because so many of their services are tied to your email account, so it helps to make all of their services a little more secure. Other sites offer it because its hip and trendy similar to https for all sites.
 
Old 06-19-2018, 07:07 PM   #7
Jeebizz
Senior Member
 
Registered: May 2004
Distribution: Slackware14.2 64-Bit Desktop, Devuan 2.0 ASCII Toshiba Satellite Notebook
Posts: 2,622

Original Poster
Rep: Reputation: 720Reputation: 720Reputation: 720Reputation: 720Reputation: 720Reputation: 720Reputation: 720
Quote:
Originally Posted by ChuangTzu View Post
Google uses it because so many of their services are tied to your email account, so it helps to make all of their services a little more secure. Other sites offer it because its hip and trendy similar to https for all sites.
You're right, lets get LQ to stop using https
 
Old 06-19-2018, 08:32 PM   #8
Keith Hedger
Senior Member
 
Registered: Jun 2010
Location: Wiltshire, UK
Distribution: Linux From Scratch, Slackware64, Partedmagic
Posts: 2,653

Rep: Reputation: 661Reputation: 661Reputation: 661Reputation: 661Reputation: 661Reputation: 661
this forum doesnt hold any sensitive info so whats the point its just complexity fo the sake of it, unneeded
 
Old 06-20-2018, 11:41 AM   #9
jeremy
root
 
Registered: Jun 2000
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 12,770

Rep: Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563
Optional 2fa will likely be available once we implement the next code update.

--jeremy
 
Old 06-20-2018, 12:17 PM   #10
hazel
Senior Member
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: Debian, Crux, LFS, AntiX
Posts: 2,377
Blog Entries: 6

Rep: Reputation: 1047Reputation: 1047Reputation: 1047Reputation: 1047Reputation: 1047Reputation: 1047Reputation: 1047Reputation: 1047
I would be against anything that makes the use of LQ more complicated for old codgers like me. Already it's impossible register on some sites if you don't have a mobile phone. The gmail account that I use for mailing lists (and LQ communications) only exists because someone else created it so that I could work on a documentation project for them.

Nothing of great import is revealed on sites like this, so why go overboard about security?
 
1 members found this post helpful.
Old 06-20-2018, 12:27 PM   #11
rtmistler
Moderator
 
Registered: Mar 2011
Location: MA, USA
Distribution: MINT Debian, Angstrom, SUSE, Ubuntu, Debian
Posts: 7,214
Blog Entries: 12

Rep: Reputation: 2656Reputation: 2656Reputation: 2656Reputation: 2656Reputation: 2656Reputation: 2656Reputation: 2656Reputation: 2656Reputation: 2656Reputation: 2656Reputation: 2656
I agree with Hazel's comment.

I'd instead rather see something like captcha be used to stop bots.

I realize it is used somehow during registration. I must have registered before that was required because I don't recall having done so.

Either case, for newbies who haven't posted some number of posts or something, they should be required to answer a captcha those first numbers of posts to ensure we don't get bots posting.
 
1 members found this post helpful.
Old 06-20-2018, 12:29 PM   #12
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 3,524
Blog Entries: 3

Rep: Reputation: 1568Reputation: 1568Reputation: 1568Reputation: 1568Reputation: 1568Reputation: 1568Reputation: 1568Reputation: 1568Reputation: 1568Reputation: 1568Reputation: 1568
Quote:
Originally Posted by Jeebizz View Post
It does not have to be a bank account; Google uses it and some people just only use their gmail services; also social media sites (Twitter) has the option. I do not think it has to be mandatory, but if one is given the option to utilize it, I think it would be a good thing. You can opt not to choose 2FA on a Google account, but at least you have the option to use it at one point. Maybe LQ could go that route.
No. Google only partially uses it. It's there in their web mail interface and, AFAIK, nothing else. It is certainly not their in Google's IMAPS which is a protocol they appear to be actively trying to eliminate from the Internet at large not just their own services. If LQ could implement 2FA without requiring Javascript then it might be usable. Since Jeremey has already answered that it is likely in the next code roll out, we'll have to wait and see unless he decides to drop hints or more substantial information.
 
Old 06-20-2018, 12:47 PM   #13
jeremy
root
 
Registered: Jun 2000
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 12,770

Rep: Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563
As mentioned, it would be optional. We implemented CAPTCHA before you registered in 2011.

--jeremy
 
Old 06-21-2018, 02:43 PM   #14
ChuangTzu
Senior Member
 
Registered: May 2015
Location: Where ever needed
Distribution: Slackware/Salix, FreeBSD
Posts: 1,065

Rep: Reputation: 835Reputation: 835Reputation: 835Reputation: 835Reputation: 835Reputation: 835Reputation: 835
Quote:
Originally Posted by jeremy View Post
Optional 2fa will likely be available once we implement the next code update.

--jeremy
Why are you adding 2FA?
 
Old 06-23-2018, 12:54 PM   #15
jsbjsb001
Senior Member
 
Registered: Mar 2009
Location: Earth? I would say I hope so but I'm not so sure about that... I could just be a figment of your imagination too.
Distribution: CentOS at the time of this writing, but some others over the years too...
Posts: 2,031

Rep: Reputation: 927Reputation: 927Reputation: 927Reputation: 927Reputation: 927Reputation: 927Reputation: 927Reputation: 927
Quote:
Originally Posted by ChuangTzu View Post
Why are you adding 2FA?
What's wrong with some extra security ?

While for the very most part it doesn't bother me either way; as long as it doesn't degrade the site's performance, I don't see any harm in doing it, particularly if it's optional anyway. I don't think the site not having sensitive information on it is really any good reason not to do it.

Just for the record; and like I said before, it doesn't bother me if it happens or not. I trust that Jeremy and his admin team know what their doing, and I trust their judgement either way.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
2 factor authentication queries LYC Solaris / OpenSolaris 1 02-24-2015 10:09 PM
2 Factor Authentication on Desktop szboardstretcher Linux - Security 2 11-09-2012 11:50 AM
Discussion: Multi-factor and two-factor authentication richinsc Linux - Security 7 09-22-2011 02:29 AM
two factor authentication LinuxLover Linux - General 16 11-25-2009 10:03 AM
Two-factor authentication XsuX Linux - Security 1 11-28-2004 06:13 AM

LinuxQuestions.org > Forums > LinuxQuestions.org > LQ Suggestions & Feedback

All times are GMT -5. The time now is 06:42 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration