LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > LinuxQuestions.org > LQ Suggestions & Feedback
User Name
Password
LQ Suggestions & Feedback Do you have a suggestion for this site or an idea that will make the site better? This forum is for you.
PLEASE READ THIS FORUM - Information and status updates will also be posted here.

Notices


View Poll Results: Should LQ have Two-Factor authentication
Yes 4 16.67%
No 15 62.50%
I don't know / care 5 20.83%
Voters: 24. You may not vote on this poll

Reply
  Search this Thread
Old 06-19-2018, 03:30 PM   #1
Jeebizz
Senior Member
 
Registered: May 2004
Distribution: Slackware15.0 64-Bit Desktop, Debian 11 non-free Toshiba Satellite Notebook
Posts: 4,167

Rep: Reputation: 1373Reputation: 1373Reputation: 1373Reputation: 1373Reputation: 1373Reputation: 1373Reputation: 1373Reputation: 1373Reputation: 1373Reputation: 1373
Post Two-Factor authentication for LQ


I posted this idea a while back, but I didn't want to necrothread - so here it is anew. What is the status, or plans to have Two-Factor authentication for LQ? I think for security it would actually be a good thing.
 
Old 06-19-2018, 04:01 PM   #2
scasey
LQ Veteran
 
Registered: Feb 2013
Location: Tucson, AZ, USA
Distribution: CentOS 7.9.2009
Posts: 5,701

Rep: Reputation: 2208Reputation: 2208Reputation: 2208Reputation: 2208Reputation: 2208Reputation: 2208Reputation: 2208Reputation: 2208Reputation: 2208Reputation: 2208Reputation: 2208
Is there any evidence of cracking of user's accounts?
 
Old 06-19-2018, 04:12 PM   #3
Jeebizz
Senior Member
 
Registered: May 2004
Distribution: Slackware15.0 64-Bit Desktop, Debian 11 non-free Toshiba Satellite Notebook
Posts: 4,167

Original Poster
Rep: Reputation: 1373Reputation: 1373Reputation: 1373Reputation: 1373Reputation: 1373Reputation: 1373Reputation: 1373Reputation: 1373Reputation: 1373Reputation: 1373
https://www.linuxquestions.org/quest...ed-4175631758/ - While not LQ, I just think it would be prudent to consider using 2FA.
 
Old 06-19-2018, 05:34 PM   #4
ChuangTzu
Senior Member
 
Registered: May 2015
Location: Where ever needed
Distribution: Slackware/Salix while testing others
Posts: 1,718

Rep: Reputation: 1857Reputation: 1857Reputation: 1857Reputation: 1857Reputation: 1857Reputation: 1857Reputation: 1857Reputation: 1857Reputation: 1857Reputation: 1857Reputation: 1857
Good lord, its not a bank account...use a strong password (better yet use a password generator/storage program), change your password every 6 months, once per year etc...

Hopefully LQ/Jeremy has the passwords on a different server then the actual forum, usually when a site gets cracked its because the passwords/usernames/data are all on the same server.
 
Old 06-19-2018, 05:56 PM   #5
Jeebizz
Senior Member
 
Registered: May 2004
Distribution: Slackware15.0 64-Bit Desktop, Debian 11 non-free Toshiba Satellite Notebook
Posts: 4,167

Original Poster
Rep: Reputation: 1373Reputation: 1373Reputation: 1373Reputation: 1373Reputation: 1373Reputation: 1373Reputation: 1373Reputation: 1373Reputation: 1373Reputation: 1373
It does not have to be a bank account; Google uses it and some people just only use their gmail services; also social media sites (Twitter) has the option. I do not think it has to be mandatory, but if one is given the option to utilize it, I think it would be a good thing. You can opt not to choose 2FA on a Google account, but at least you have the option to use it at one point. Maybe LQ could go that route.
 
Old 06-19-2018, 06:00 PM   #6
ChuangTzu
Senior Member
 
Registered: May 2015
Location: Where ever needed
Distribution: Slackware/Salix while testing others
Posts: 1,718

Rep: Reputation: 1857Reputation: 1857Reputation: 1857Reputation: 1857Reputation: 1857Reputation: 1857Reputation: 1857Reputation: 1857Reputation: 1857Reputation: 1857Reputation: 1857
Quote:
Originally Posted by Jeebizz View Post
It does not have to be a bank account; Google uses it and some people just only use their gmail services; also social media sites (Twitter) has the option. I do not think it has to be mandatory, but if one is given the option to utilize it, I think it would be a good thing. You can opt not to choose 2FA on a Google account, but at least you have the option to use it at one point. Maybe LQ could go that route.
Google uses it because so many of their services are tied to your email account, so it helps to make all of their services a little more secure. Other sites offer it because its hip and trendy similar to https for all sites.
 
Old 06-19-2018, 06:07 PM   #7
Jeebizz
Senior Member
 
Registered: May 2004
Distribution: Slackware15.0 64-Bit Desktop, Debian 11 non-free Toshiba Satellite Notebook
Posts: 4,167

Original Poster
Rep: Reputation: 1373Reputation: 1373Reputation: 1373Reputation: 1373Reputation: 1373Reputation: 1373Reputation: 1373Reputation: 1373Reputation: 1373Reputation: 1373
Quote:
Originally Posted by ChuangTzu View Post
Google uses it because so many of their services are tied to your email account, so it helps to make all of their services a little more secure. Other sites offer it because its hip and trendy similar to https for all sites.
You're right, lets get LQ to stop using https
 
Old 06-19-2018, 07:32 PM   #8
Keith Hedger
Senior Member
 
Registered: Jun 2010
Location: Wiltshire, UK
Distribution: Linux From Scratch, Slackware64, Partedmagic
Posts: 3,129

Rep: Reputation: 852Reputation: 852Reputation: 852Reputation: 852Reputation: 852Reputation: 852Reputation: 852
this forum doesnt hold any sensitive info so whats the point its just complexity fo the sake of it, unneeded
 
Old 06-20-2018, 10:41 AM   #9
jeremy
root
 
Registered: Jun 2000
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 13,597

Rep: Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080
Optional 2fa will likely be available once we implement the next code update.

--jeremy
 
Old 06-20-2018, 11:17 AM   #10
hazel
LQ Guru
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: LFS, AntiX, Slackware
Posts: 7,477
Blog Entries: 19

Rep: Reputation: 4409Reputation: 4409Reputation: 4409Reputation: 4409Reputation: 4409Reputation: 4409Reputation: 4409Reputation: 4409Reputation: 4409Reputation: 4409Reputation: 4409
I would be against anything that makes the use of LQ more complicated for old codgers like me. Already it's impossible register on some sites if you don't have a mobile phone. The gmail account that I use for mailing lists (and LQ communications) only exists because someone else created it so that I could work on a documentation project for them.

Nothing of great import is revealed on sites like this, so why go overboard about security?
 
1 members found this post helpful.
Old 06-20-2018, 11:27 AM   #11
rtmistler
Moderator
 
Registered: Mar 2011
Location: USA
Distribution: MINT Debian, Angstrom, SUSE, Ubuntu, Debian
Posts: 9,876
Blog Entries: 13

Rep: Reputation: 4929Reputation: 4929Reputation: 4929Reputation: 4929Reputation: 4929Reputation: 4929Reputation: 4929Reputation: 4929Reputation: 4929Reputation: 4929Reputation: 4929
I agree with Hazel's comment.

I'd instead rather see something like captcha be used to stop bots.

I realize it is used somehow during registration. I must have registered before that was required because I don't recall having done so.

Either case, for newbies who haven't posted some number of posts or something, they should be required to answer a captcha those first numbers of posts to ensure we don't get bots posting.
 
1 members found this post helpful.
Old 06-20-2018, 11:29 AM   #12
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 7,236
Blog Entries: 3

Rep: Reputation: 3710Reputation: 3710Reputation: 3710Reputation: 3710Reputation: 3710Reputation: 3710Reputation: 3710Reputation: 3710Reputation: 3710Reputation: 3710Reputation: 3710
Quote:
Originally Posted by Jeebizz View Post
It does not have to be a bank account; Google uses it and some people just only use their gmail services; also social media sites (Twitter) has the option. I do not think it has to be mandatory, but if one is given the option to utilize it, I think it would be a good thing. You can opt not to choose 2FA on a Google account, but at least you have the option to use it at one point. Maybe LQ could go that route.
No. Google only partially uses it. It's there in their web mail interface and, AFAIK, nothing else. It is certainly not their in Google's IMAPS which is a protocol they appear to be actively trying to eliminate from the Internet at large not just their own services. If LQ could implement 2FA without requiring Javascript then it might be usable. Since Jeremey has already answered that it is likely in the next code roll out, we'll have to wait and see unless he decides to drop hints or more substantial information.
 
Old 06-20-2018, 11:47 AM   #13
jeremy
root
 
Registered: Jun 2000
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 13,597

Rep: Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080
As mentioned, it would be optional. We implemented CAPTCHA before you registered in 2011.

--jeremy
 
Old 06-21-2018, 01:43 PM   #14
ChuangTzu
Senior Member
 
Registered: May 2015
Location: Where ever needed
Distribution: Slackware/Salix while testing others
Posts: 1,718

Rep: Reputation: 1857Reputation: 1857Reputation: 1857Reputation: 1857Reputation: 1857Reputation: 1857Reputation: 1857Reputation: 1857Reputation: 1857Reputation: 1857Reputation: 1857
Quote:
Originally Posted by jeremy View Post
Optional 2fa will likely be available once we implement the next code update.

--jeremy
Why are you adding 2FA?
 
Old 06-23-2018, 11:54 AM   #15
jsbjsb001
Senior Member
 
Registered: Mar 2009
Location: Earth, unfortunately...
Distribution: Currently: OpenMandriva. Previously: openSUSE, PCLinuxOS, CentOS, among others over the years.
Posts: 3,881

Rep: Reputation: 2063Reputation: 2063Reputation: 2063Reputation: 2063Reputation: 2063Reputation: 2063Reputation: 2063Reputation: 2063Reputation: 2063Reputation: 2063Reputation: 2063
Quote:
Originally Posted by ChuangTzu View Post
Why are you adding 2FA?
What's wrong with some extra security ?

While for the very most part it doesn't bother me either way; as long as it doesn't degrade the site's performance, I don't see any harm in doing it, particularly if it's optional anyway. I don't think the site not having sensitive information on it is really any good reason not to do it.

Just for the record; and like I said before, it doesn't bother me if it happens or not. I trust that Jeremy and his admin team know what their doing, and I trust their judgement either way.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
2 factor authentication queries LYC Solaris / OpenSolaris 1 02-24-2015 09:09 PM
2 Factor Authentication on Desktop szboardstretcher Linux - Security 2 11-09-2012 10:50 AM
Discussion: Multi-factor and two-factor authentication richinsc Linux - Security 7 09-22-2011 01:29 AM
two factor authentication LinuxLover Linux - General 16 11-25-2009 09:03 AM
Two-factor authentication XsuX Linux - Security 1 11-28-2004 05:13 AM

LinuxQuestions.org > Forums > LinuxQuestions.org > LQ Suggestions & Feedback

All times are GMT -5. The time now is 06:57 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration