[nodebb-plugin-2factor] Two-Factor Authentication
-
@darkpollo said in [nodebb-plugin-2factor] Two-Factor Authentication:
Pretty sure you were the one that commented about them not being techy. I know zero people that admin a website (and I know a lot since I've been around doing them since around 2010) that the admins and even the staff do not have phones. In fact, on several of the sites that I am friends of the admins of, they now require their staff to use TOTP at the least for their staff accounts. If they can't do that, then they cease being staff.
But see what you want. The point was, the excuse that YOU gave this description:
I agree it is not the best for security, but I am comparing having an email 2fa for websites vs not having anything because the admin is not "techy" enough to use which is much worse.
I simply commented that if they were not techy enough to use a cell phone and install a simple app to use then maybe they have no business administering a website. And no, that's not talking down. Certain positions require certain skills. Sometimes they also involve having certain equipment. For those that don't have those skills, they maybe they should not have that position. It works that way in the world of business generally.
The point with the spouse was she is a FAR cry from being "techy" and is still able to use a TOTP app. And if she can, anyone should be able to.
I was not tryin got be offensive.. but I am rather blunt. Bad security is bad security and I never try to encourage it. -
@darkpollo said in [nodebb-plugin-2factor] Two-Factor Authentication:
Also you trying to tell me I cannot detect ofensive comments because I am not English native is also kind of dismissive as well.
This will be the last comment I make on this subject, but I never made any assumption that you could not detect "offensive" comments - it is your interpretation. If you find it offensive, then so be it - I cannot and will not attempt to change that view based your response.
@darkpollo said in [nodebb-plugin-2factor] Two-Factor Authentication:
if they got access to anyone email, then the person have other issues bigger than a forum credentials.
Correct. And if they make use of password recycling, then they likely have access to much more in the process - not just a forum. Humans have a bad habit of making things easier to remember and will re-use passwords across the board. This in itself seriously dilutes the effectiveness of security.
Finally, there is no corporate entity on this planet that will agree that SMS for 2FA is a good idea. Period.
-
@phenomlab said in [nodebb-plugin-2factor] Two-Factor Authentication:
Finally, there is no corporate entity on this planet that will agree that SMS for 2FA is a good idea. Period.
Troy Hunt agreed. For me that is enough value.
Also, this is a forum software, aimed to anyone, not a corporate entity. We can assume that not all admins and global moderators are techy enough to have real 2FA or TOTP.
"Looking for a way to engage your followers, away from the noise and chaos of today’s “social” sites?
NodeBB takes the spirit and energy of the great online forum communities of old, and empowers it with powerful, mobile-ready and easy to use software.
Establish your own platform for real conversations. Start today!"
