Page 6 of 6 FirstFirst ... 3456
Results 76 to 84 of 84

Click here to go to the first staff post in this thread.
Thread: Two-Factor Auth enabled on Frontier Forums

  1. #76
    Originally Posted by Wescott View Post (Source)
    Excellent idea spoilt by laziness off loading yet more to Google. I don't believe in putting all my eggs in one Google pot... It`s fine until Google slips up, remember the fiasco that occurred in 2013 to another Internet Giant, no company is invulnerable, besides Google is not all things wonderful to me for everything, if FD had brought out their own app that generated a security key from your phone similar to what I heard StarWars online did some years ago I would welcome it and use it. Google no, I`d rather stick pins in my eyes.
    Then don't use Google. The code for 2FA is a Github project and can be used (and vetted) by anyone. There are many 2FA apps that have this functionality. Authy, Lastpass, and others. Google is not the only game in town.

    "You're doing it wrong". No, we are having Fun OUR way.
    ~-~ The A-Team Wing ~-~

  2. #77
    I don't trust google to authenticate, they can't even authenticate a gmail account I have that is still forwarding emails to my prime account.
    Also using a mobile telephone number to authenticate is a stupid option when your mobile number can change if you swap operators.

  3. #78
    Originally Posted by CMDR Generic EventHandler View Post (Source)
    I don't trust google to authenticate
    And again, Google are not involved in the authentication process beyond providing an app that you can use. All that app does is generate a code based on a unique seed in your forum account and the current time.
    You wanna hear a good joke? Nobody talk about immersion, nobody experience an unfortunate restriction of their respiratory activities.

  4. #79
    Originally Posted by CMDR Generic EventHandler View Post (Source)
    I don't trust google to authenticate, they can't even authenticate a gmail account I have that is still forwarding emails to my prime account.
    Also using a mobile telephone number to authenticate is a stupid option when your mobile number can change if you swap operators.
    Adding to Shadowdancer's note above, the code generated is not tied to the SIM in any way at all. You don't even need a phone, you can get a desktop based version of the same algorithm if you'd prefer. Microsoft, lastpass, and countless others also have authentication using the same technique which will work here.

    If you change your phone you will need to update the seed for the new phone, unless you want to have your old phone as a simple code generator.
    http://i124.photobucket.com/albums/p14/WC_Yaffle/yafflesig2_zps1f3a9858.png

  5. #80
    About recovery though, would it be possible to have the seed text written next to the QR code, and also available once an authenticator has been linked?

    That would make it possible to link multiple authenticators and write down the seed in case the phone becomes unavailable. The Google app doesn't allow backing up anything or extracting the seeds (at least not without rooting the phone), and at least on Android, that feature generally appears to be only available in shady apps like Authy (seriously, why does that need my phone number to generate pseudo-random numbers?) or paid ones like Authenticator Plus.
    You wanna hear a good joke? Nobody talk about immersion, nobody experience an unfortunate restriction of their respiratory activities.

  6. #81
    Originally Posted by Brett C View Post (Source)
    Uhm... What?

    Those six digits are created every 30 seconds, every user has their own unique key-set of digits. I fail to see how it makes it easier for hackers.
    I meant that hackers don't have to leave google while they ply their nefarious trade.
    Trading by Choice. Exploring by Chance. Combat by Necessity.
    i7 4790K. 16gb ram. 240SSD. 500HDD. 1TB HDD. ASUS GTX 980 Strix. (water cooled)

  7. #82
    Is anyone else having trouble deploying weapons on an xbox one sometimes my weapons just will not deploy and I could not finish the mission.

  8. #83
    Any chance that you can make the forum disable the Two-Factor Auth message for users who have already enabled it?
    In-game: CMDR Vectron

  9. This is the last staff post in this thread. #84
    Originally Posted by Martin Schou View Post (Source)
    Any chance that you can make the forum disable the Two-Factor Auth message for users who have already enabled it?
    Hum, that was suppose to disappear on Jan 1st. I've force turned it off, seems there's a bit of PHP messing with the vbdate and vbtime calls..
    - Brett C / bc
    AKA: Forum Manager, Webmaster, Community Assistant/Manager, Social Media.
    Planet Coaster: Website - Forums - Twitter - Facebook - Instagram - Youtube - Reddit
    Elite Dangerous: Website - Forums - Twitter - Facebook - Instagram - Youtube - Reddit
    Frontier: Website - Jobs - News

Page 6 of 6 FirstFirst ... 3456