Sorry, we don't support your browser.  Install a modern browser

MFA login#60

?

i would like to suggest to include multi factor authentication as a feature for securing login

2 years ago
N

I suggest OTP since it’s open, flexible and widely adapted.
Might not be the most performant choice though?

Tip: Aegis is a very straightforward 2FA application for Android. It can be found on F-Droid.

a year ago

If this ever gets implemented please allow to disable it.

a year ago
7
W

please please please add this

a year ago
3
A

Sending a code through email might be just as secure in place of 2FA authenticator codes, because most email providers provide 2FA as a security measure.

However, it should be optional in Settings rather than default, as the ease of use will be negatively impacted if it’s not simple password-only.

9 months ago
4
N

Passkey support would be nice, but I’d settle with 2FA.

8 months ago
1
?

Yubikey please!

7 months ago
1
N

Sending a code through email sounds good.
It’s simple & proven reliable.
And ofc it’s an optional and opt-in feature.

Honestly I think 2fA for a blog is completely overdoing it.
Just use good passwords. And if you need more, you could use OTP or email to verify.

@nullfound & Anonymous: Please remember we’re talking about access to a blog. Not online banking or some seriously discrete stuff.

7 months ago
2
?

Some people use blogs and want to remain anonymous. There’s no IP log and no way to know if our account has been accessed by an unauthorized party, because there are no verification orders for logins.

It would be perfect to have an opt-in option to verify using email, because email often provides 2FA by default, so we’d have

login to bear –> email <– 2FA

5 months ago
1
N

That’s a good idea!
I guess you mean a one time passphrase that’s sent via E-Mail in order to complete the login.

This is a proven workflow which works quite well if you have a working email setup.
Some platforms actually don’t have passwords at all. They send you a one time passphrase via mail every time you login.

4 months ago
?

I would like to see at least email send code as an optional security measurement for login. 2FA would be also nice though

4 months ago

Coming here as a new user, I’d appreciate some more security for my personal site. My emails is linked to the same domain so the reputation is important for me to manage.

4 months ago
1
N

@Kaizen Have you ever had breaches in accounts where you set a secure password?

3 months ago
?

Thousands of examples of that …

3 months ago
N

Then it was either not a very secure password ~ or the issue wasn’t the password but the server side security.

⪧⩫·⩫·⩫·⩫·⩫·⩫·⩫·⩫·⩫·⩫·⩫·⩫·⩫·⩫·⩫·⩫·⩫·⩫⪦
Do you really think all that cases where accounts on big platforms were infiltrated multiple times were mere brute-force attacks?

The Companies behind theese Platforms try to conceal information as best as they can. But when suddenly a huge percentage of all accounts get infiltrated no matter the password quality, you can be pretty certain that someone managed to infiltrate their infrastructure (loop-hole).

If you remember the cause with Google Accounts about 4 ~ 6 years ago. Almost everyone I talked to had logs and warnings of strangers logging into their Google Account.
Once I got such a message 2 minutes after I changed my password.
⪧⩫·⩫·⩫·⩫·⩫·⩫·⩫·⩫·⩫·⩫·⩫·⩫·⩫·⩫·⩫·⩫·⩫·⩫⪦

After all that: Do you really want to tell me that a password in itself is too weak?
If it get’s infiltrated, it probably wasn’t that good.

And don’t forget: This is a very small blogging platform.
Really nothing crazy or of great interest to breach into.

If you attract people who try to harm you with the kind of work you do ~ or how you do it ~ it’s your responsibility to change it.

Even if we’re talking about Journalists.
If you don’t create attack surface or reasons to attack you, there’s no one to harm you. And I can say from my own experience that this is absolutely possible while still retaining the freedom to unfold, grow, and do things your way.

Cheers

3 months ago
N

As an example, I provide people I don’t know with many information about me freely.
They technically could possibly use that to try to harm me.
But they won’t.

Simply because the way I communicate would not even get them the idea of doing harm. The exact reason is not easy to put in short terms. You could say it’s a subconcious psychological principle ~ but in reality it’s much more than that.

————————

You could also say that the issue with people getting attacked lies within their own mindset. But it may take time to realize that in life.

3 months ago