Lobby: Up
Online: 59
Sync Range: 40
* FAQ    * Search
It is currently Thu Mar 28, 2024 4:02 pm

All times are UTC




Post new topic  Reply to topic  [ 39 posts ]  Go to page 1 2 3 4 Next

How do you want to secure your account?
I'm a man, and use real secure passwords that aren't password1 43%  43%  [ 43 ]
I would prefer to generate a one time password. 18%  18%  [ 18 ]
I would prefer to manually authorize my login each time. 40%  40%  [ 40 ]
Total votes: 101
Author Message
PostPosted: Thu Oct 03, 2019 9:46 pm 
Offline
Site Admin

Joined: Wed Feb 24, 2016 4:44 pm
Posts: 321
This topic is to discuss one time passwords, as an added security measure. This would be an opt-in system. It honestly isn't necessary if you have secure passwords that aren't used elsewhere.

There are two methods I have come up with.
1. Generate One Time Password
-You would log into the account page, click your character, and click generate password, which you would then use to log into your character. Once logged in, the password would become invalid and no password would work.
2. Authorize login
-You would log into the account page, click your character, and click "Authorize Login", which would authorize your character for login for 60 seconds using your own password. Without authorizing the login on the site, your character would be unable to be logged in.

I will implement one of these if the demand is high enough. I think #2 is the best option, but I will leave it up to you.


Top
   
PostPosted: Thu Oct 03, 2019 9:52 pm 
Offline

Joined: Tue Apr 17, 2018 8:38 pm
Posts: 143
Nice! anything to make accounts more secure would be worth going through whatever is needed.

_________________
Image


Top
   
PostPosted: Thu Oct 03, 2019 9:56 pm 
Offline

Joined: Fri Sep 06, 2019 9:46 pm
Posts: 194
Edit: nvm, I'm an idiot that apparently didn't know how to click a button properly... I got my [proper] vote cast this time :)


It'd be awesome if we had the option to use something like Google Authenticator (since the implementation is open source/etc.), but I wouldn't even know where to start on implementing that check on the back-end :\

_________________
o/

I'd put cool pics of my achievements/items here, if they were anything interesting. How about "I pooped today! \o/"


Top
   
PostPosted: Thu Oct 03, 2019 10:06 pm 
Offline

Joined: Wed Sep 11, 2019 1:27 am
Posts: 4
When I was hacked, it wasn't an issue of my characters password being used. They accessed my forum account and changed the password to the character they swiped items from. Just a heads up.


Top
   
PostPosted: Thu Oct 03, 2019 10:23 pm 
Offline

Joined: Sun Oct 07, 2018 3:42 am
Posts: 11
First option is to keep it the way it is?


Top
   
PostPosted: Thu Oct 03, 2019 10:26 pm 
Offline
User avatar

Joined: Fri Mar 25, 2016 5:16 pm
Posts: 16
I like the one-time idea, but in the meantime, if you're worried that your password is weak, something like this will give you a decent alphanumeric string, so that you're safer from brute force/dictionary attacks. Although, it's probably an exploit somewhere else.

https://www.random.org/passwords/


Top
   
PostPosted: Thu Oct 03, 2019 10:28 pm 
Offline

Joined: Sun Jun 17, 2018 11:24 pm
Posts: 767
I like #2, but adding one time password for site login would also be something I would like. Combine the two and it should be super secure.

_________________
PhD Shitposting 2037 | Cthalupa 75 BLM BRD RNG RDM WAR | Cathatwopa 75 NIN THF BLU BRD PLD

http://rfklinkshell.com/


Top
   
PostPosted: Thu Oct 03, 2019 11:19 pm 
Offline

Joined: Wed Oct 02, 2019 9:32 pm
Posts: 3
Brent wrote:
When I was hacked, it wasn't an issue of my characters password being used. They accessed my forum account and changed the password to the character they swiped items from. Just a heads up.


This is exactly what happened with me, but I am glad to see this topic here. :)


Top
   
PostPosted: Fri Oct 04, 2019 12:37 pm 
Offline

Joined: Wed Apr 03, 2019 2:40 am
Posts: 177
There is nothing negative about two-factor authentication.

I for one would welcome it. There are downtimes to two-factor authentication - as many have been defeated but the overall argument is that unsecured 2fa is still better than no 2fa.

_________________
Image


Top
   
PostPosted: Fri Oct 04, 2019 12:54 pm 
Offline

Joined: Wed Apr 03, 2019 2:40 am
Posts: 177
cthalupa wrote:
I like #2, but adding one time password for site login would also be something I would like. Combine the two and it should be super secure.



I am ... about anything that uses this forum for handling authentication. PhpBB is notorious for having exploits and vulnerabilities. Unfortunately, 2FA/MFA authentication platforms aren't free .. some aren't even cheap.

_________________
Image


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 39 posts ]  Go to page 1 2 3 4 Next

All times are UTC


Who is online

Users browsing this forum: No registered users and 54 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Limited