06-23-2020, 07:25 PM
(06-23-2020, 07:10 PM)deanhills Wrote: @ikk157 Thank you for the feedback and motivation for the suggestion. Pity you didn't add a poll to it so that those like me who are not in favour of the system could express this through a poll. I'm very much with @xdude on this.
I hope if @Dynamo thinks this system is necessary that he will give those members like me who are not in favour of 2FA the option of not having to register for it.
For me there is more than enough security on the Forum. I have to go through double additional security to get into the Admin Panel, Admin Forum, every where I go. I really don't want to go through 2-factor authentication on top of it all just to get into the Forum. I log out properly at every end of my session in the Forum. 2FA will be creating additional steps that are going to add more time to my session that I'd preferably spend on real work of the Forum instead of getting involved with opening other pages to access e-mails. And as security systems go these days, the commercial e-mail systems like Google with their own blocks and loops are rarely perfect. My e-mail address may become blocked for some or other reason (this is a real horror movie when it does and Google is famous for that) next thing I can't get into the Forum at all and that may be the day I have to publish the Giveaway Announcement. I like things to be simple please. I work as secure as I can.
I can however see that this would suit your specific style of browsing the Forum. I get it you personally work from a number of devices on the fly. But not every one has the same style of using devices as you do. I think this is where @xdude and I would be on the same page. Our work area, ISP, etc are conservative, static and not as vulnerable for the same security worries you have. But OK, maybe there are others browsing the Forum who feel the same way as you do, so a poll may have been able to identify this better.
To be honest. And as far as I know. I don't know of a single event in the history of Post4VPS that a VPS has been compromised through the Forum. All members are asked to change their passwords immediately after the VPS has been given to them. I also am completely unaware of any of the members' Forum accounts compromised. But yes, I can see the possibilities of attracting security issues through multi device browsing of Forums. Is there any way you could make your browsing more secure, other than expecting the Forum to be more secure in the event your devices are compromised? Or possibly Dynamo set it up such that 2FA is only triggered for phones and tablets.
The post already has a poll...
And you seem to have misunderstood the entire concept:
2FA is completely optional to the user (that’s literally the case with all places that have 2FA). So if you don’t want it it, you simply don’t set it up to your account... and hence there’s absolutely no need to worry about any extra steps that you’re referring to.
And as I described again in a response above, the security issue isn’t the VPS itself getting compromised. But rather losing your VPS through someone that has gained access to your forum account and is causing trouble with your username!
And also, i was never talking about my device getting compromised. Heck, I use an iPhone so that’s not even a thing. If your device gets compromised then not even 2FA can help you.
Thank you Post4VPS and VirMach for providing me with VPS9! But now it’s time to say farewell due to my studies.