| Nasomi Community FFXI Server https://na.nasomi.com/forum/ |
|
| One time password or Authorize login https://na.nasomi.com/forum/viewtopic.php?f=6&t=12270 |
Page 1 of 4 |
| Author: | nasomi [ Thu Oct 03, 2019 9:46 pm ] |
| Post subject: | One time password or Authorize login |
This topic is to discuss one time passwords, as an added security measure. This would be an opt-in system. It honestly isn't necessary if you have secure passwords that aren't used elsewhere. There are two methods I have come up with. 1. Generate One Time Password -You would log into the account page, click your character, and click generate password, which you would then use to log into your character. Once logged in, the password would become invalid and no password would work. 2. Authorize login -You would log into the account page, click your character, and click "Authorize Login", which would authorize your character for login for 60 seconds using your own password. Without authorizing the login on the site, your character would be unable to be logged in. I will implement one of these if the demand is high enough. I think #2 is the best option, but I will leave it up to you. |
|
| Author: | nebulacloud [ Thu Oct 03, 2019 9:52 pm ] |
| Post subject: | Re: One time password or Authorize login |
Nice! anything to make accounts more secure would be worth going through whatever is needed. |
|
| Author: | Gollum [ Thu Oct 03, 2019 9:56 pm ] |
| Post subject: | Re: One time password or Authorize login |
Edit: nvm, I'm an idiot that apparently didn't know how to click a button properly... I got my [proper] vote cast this time  It'd be awesome if we had the option to use something like Google Authenticator (since the implementation is open source/etc.), but I wouldn't even know where to start on implementing that check on the back-end :\ |
|
| Author: | Brent [ Thu Oct 03, 2019 10:06 pm ] |
| Post subject: | Re: One time password or Authorize login |
When I was hacked, it wasn't an issue of my characters password being used. They accessed my forum account and changed the password to the character they swiped items from. Just a heads up. |
|
| Author: | K_LESS [ Thu Oct 03, 2019 10:23 pm ] |
| Post subject: | Re: One time password or Authorize login |
First option is to keep it the way it is? |
|
| Author: | Boötes [ Thu Oct 03, 2019 10:26 pm ] |
| Post subject: | Re: One time password or Authorize login |
I like the one-time idea, but in the meantime, if you're worried that your password is weak, something like this will give you a decent alphanumeric string, so that you're safer from brute force/dictionary attacks. Although, it's probably an exploit somewhere else. https://www.random.org/passwords/ |
|
| Author: | cthalupa [ Thu Oct 03, 2019 10:28 pm ] |
| Post subject: | Re: One time password or Authorize login |
I like #2, but adding one time password for site login would also be something I would like. Combine the two and it should be super secure. |
|
| Author: | Spincrusha2 [ Thu Oct 03, 2019 11:19 pm ] |
| Post subject: | Re: One time password or Authorize login |
Brent wrote: When I was hacked, it wasn't an issue of my characters password being used. They accessed my forum account and changed the password to the character they swiped items from. Just a heads up. This is exactly what happened with me, but I am glad to see this topic here.
|
|
| Author: | Zigma [ Fri Oct 04, 2019 12:37 pm ] |
| Post subject: | Re: One time password or Authorize login |
There is nothing negative about two-factor authentication. I for one would welcome it. There are downtimes to two-factor authentication - as many have been defeated but the overall argument is that unsecured 2fa is still better than no 2fa. |
|
| Author: | Zigma [ Fri Oct 04, 2019 12:54 pm ] |
| Post subject: | Re: One time password or Authorize login |
cthalupa wrote: I like #2, but adding one time password for site login would also be something I would like. Combine the two and it should be super secure. I am ... about anything that uses this forum for handling authentication. PhpBB is notorious for having exploits and vulnerabilities. Unfortunately, 2FA/MFA authentication platforms aren't free .. some aren't even cheap. |
|
| Page 1 of 4 | All times are UTC |
| Powered by phpBB® Forum Software © phpBB Limited https://www.phpbb.com/ |
|