06-23-2020, 07:10 PM
@ikk157 Thank you for the feedback and motivation for the suggestion. I'm very much with @xdude on this and I hope if @Dynamo thinks this system is necessary that he will give those members like me who are not in favour of 2FA the choice of not having to register for it.
For me there is more than enough security on the Forum. I have to go through double additional security to get into the Admin Panel, Admin Forum, every where I go. I really don't want to go through 2-factor authentication on top of it all just to get into the Forum. I log out properly at every end of my session in the Forum. 2FA will be creating additional steps that are going to add more time to my session that I'd preferably spend on real work of the Forum instead of getting involved with opening other pages to access e-mails. And as security systems go these days, the commercial e-mail systems like Google with their own blocks and loops are rarely perfect. My e-mail address may become blocked for some or other reason (this is a real horror movie when it does and Google is famous for that) next thing I can't get into the Forum at all and that may be the day I have to publish the Giveaway Announcement. I like things to be simple please. I work as secure as I can.
I can however see that this would suit your specific style of browsing the Forum. I get it you personally work from a number of devices on the fly. But not every one has the same style of using devices as you do. I think this is where @xdude and I would be on the same page. Our work area, ISP, etc are conservative, static and not as vulnerable for the same security worries you have. But OK, maybe there are others browsing the Forum who feel the same way as you do, so a poll may have been able to identify this better.
For me there is more than enough security on the Forum. I have to go through double additional security to get into the Admin Panel, Admin Forum, every where I go. I really don't want to go through 2-factor authentication on top of it all just to get into the Forum. I log out properly at every end of my session in the Forum. 2FA will be creating additional steps that are going to add more time to my session that I'd preferably spend on real work of the Forum instead of getting involved with opening other pages to access e-mails. And as security systems go these days, the commercial e-mail systems like Google with their own blocks and loops are rarely perfect. My e-mail address may become blocked for some or other reason (this is a real horror movie when it does and Google is famous for that) next thing I can't get into the Forum at all and that may be the day I have to publish the Giveaway Announcement. I like things to be simple please. I work as secure as I can.
I can however see that this would suit your specific style of browsing the Forum. I get it you personally work from a number of devices on the fly. But not every one has the same style of using devices as you do. I think this is where @xdude and I would be on the same page. Our work area, ISP, etc are conservative, static and not as vulnerable for the same security worries you have. But OK, maybe there are others browsing the Forum who feel the same way as you do, so a poll may have been able to identify this better.
(06-23-2020, 09:17 AM)ikk157 Wrote: And to those wondering why this extra security measure is necessary for such a small forum: bare in mind that our VPSs are on the line here... so the last thing we need is a VPS holder account to be compromised, causing trouble from it, and pretty much losing the VPS. And proving that it wasn’t you using your account would be insanely hard. Obviously strong passwords must be used by everyone... but 2FA will step up the security significantly... which is much needed considering the trouble that would be caused if an account gets compromised.To be honest. And as far as I know. I don't know of a single event in the history of Post4VPS that a VPS has been compromised through the Forum. All members are asked to change their passwords immediately after the VPS has been given to them. I also am completely unaware of any of the members' Forum accounts compromised. But yes, I can see the possibilities of attracting security issues through multi device browsing of Forums. Is there any way you could make your browsing more secure, other than expecting the Forum to be more secure in the event your devices are compromised? Or possibly @Dynamo can set it up such that 2FA is only triggered for phones and tablets.