LQ Suggestions & FeedbackDo you have a suggestion for this site or an idea that will make the site better? This forum is for you.
PLEASE READ THIS FORUM - Information and status updates will also be posted here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
View Poll Results: Should LQ have Two-Factor authentication
I posted this idea a while back, but I didn't want to necrothread - so here it is anew. What is the status, or plans to have Two-Factor authentication for LQ? I think for security it would actually be a good thing.
Distribution: Slackware/Salix while testing others
Posts: 1,718
Rep:
Good lord, its not a bank account...use a strong password (better yet use a password generator/storage program), change your password every 6 months, once per year etc...
Hopefully LQ/Jeremy has the passwords on a different server then the actual forum, usually when a site gets cracked its because the passwords/usernames/data are all on the same server.
It does not have to be a bank account; Google uses it and some people just only use their gmail services; also social media sites (Twitter) has the option. I do not think it has to be mandatory, but if one is given the option to utilize it, I think it would be a good thing. You can opt not to choose 2FA on a Google account, but at least you have the option to use it at one point. Maybe LQ could go that route.
Distribution: Slackware/Salix while testing others
Posts: 1,718
Rep:
Quote:
Originally Posted by Jeebizz
It does not have to be a bank account; Google uses it and some people just only use their gmail services; also social media sites (Twitter) has the option. I do not think it has to be mandatory, but if one is given the option to utilize it, I think it would be a good thing. You can opt not to choose 2FA on a Google account, but at least you have the option to use it at one point. Maybe LQ could go that route.
Google uses it because so many of their services are tied to your email account, so it helps to make all of their services a little more secure. Other sites offer it because its hip and trendy similar to https for all sites.
Google uses it because so many of their services are tied to your email account, so it helps to make all of their services a little more secure. Other sites offer it because its hip and trendy similar to https for all sites.
I would be against anything that makes the use of LQ more complicated for old codgers like me. Already it's impossible register on some sites if you don't have a mobile phone. The gmail account that I use for mailing lists (and LQ communications) only exists because someone else created it so that I could work on a documentation project for them.
Nothing of great import is revealed on sites like this, so why go overboard about security?
I'd instead rather see something like captcha be used to stop bots.
I realize it is used somehow during registration. I must have registered before that was required because I don't recall having done so.
Either case, for newbies who haven't posted some number of posts or something, they should be required to answer a captcha those first numbers of posts to ensure we don't get bots posting.
It does not have to be a bank account; Google uses it and some people just only use their gmail services; also social media sites (Twitter) has the option. I do not think it has to be mandatory, but if one is given the option to utilize it, I think it would be a good thing. You can opt not to choose 2FA on a Google account, but at least you have the option to use it at one point. Maybe LQ could go that route.
No. Google only partially uses it. It's there in their web mail interface and, AFAIK, nothing else. It is certainly not their in Google's IMAPS which is a protocol they appear to be actively trying to eliminate from the Internet at large not just their own services. If LQ could implement 2FA without requiring Javascript then it might be usable. Since Jeremey has already answered that it is likely in the next code roll out, we'll have to wait and see unless he decides to drop hints or more substantial information.
Distribution: Currently: OpenMandriva. Previously: openSUSE, PCLinuxOS, CentOS, among others over the years.
Posts: 3,881
Rep:
Quote:
Originally Posted by ChuangTzu
Why are you adding 2FA?
What's wrong with some extra security ?
While for the very most part it doesn't bother me either way; as long as it doesn't degrade the site's performance, I don't see any harm in doing it, particularly if it's optional anyway. I don't think the site not having sensitive information on it is really any good reason not to do it.
Just for the record; and like I said before, it doesn't bother me if it happens or not. I trust that Jeremy and his admin team know what their doing, and I trust their judgement either way.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.