Two-Factor Auth enabled on Frontier Forums

Mobile theme isn't supported much any more. No plans to really touch that portion of the forums, too much code that needs to be completely changed or reworked.
Thats fine, but it is the Default that someone gets with no previous login. So if I head over on my phone, I will never get the 2FA unless I KNOW to request the desktop as soon as the page loads. It happens before the login is complete and loads my preferred theme, so it will lock some people out. Is there any way to kill the default theme and force the desktop site automagically? If not, then maybe some sort of notice should be posted on that theme.
 
Excellent idea spoilt by laziness off loading yet more to Google. I don't believe in putting all my eggs in one Google pot... It`s fine until Google slips up, remember the fiasco that occurred in 2013 to another Internet Giant, no company is invulnerable, besides Google is not all things wonderful to me for everything, if FD had brought out their own app that generated a security key from your phone similar to what I heard StarWars online did some years ago I would welcome it and use it. Google no, I`d rather stick pins in my eyes.
 
Last edited:
Excellent idea spoilt by laziness off loading yet more to Google. I don't believe in putting all my eggs in one Google pot... It`s fine until Google slips up, remember the fiasco that occurred in 2013 to another Internet Giant, no company is invulnerable, besides Google is not all things wonderful to me for everything, if FD had brought out their own app that generated a security key from your phone similar to what I heard StarWars online did some years ago I would welcome it and use it. Google no, I`d rather stick pins in my eyes.
Then don't use Google. The code for 2FA is a Github project and can be used (and vetted) by anyone. There are many 2FA apps that have this functionality. Authy, Lastpass, and others. Google is not the only game in town.
 
I don't trust google to authenticate, they can't even authenticate a gmail account I have that is still forwarding emails to my prime account.
Also using a mobile telephone number to authenticate is a stupid option when your mobile number can change if you swap operators.
 

Yaffle

Volunteer Moderator
I don't trust google to authenticate, they can't even authenticate a gmail account I have that is still forwarding emails to my prime account.
Also using a mobile telephone number to authenticate is a stupid option when your mobile number can change if you swap operators.
Adding to Shadowdancer's note above, the code generated is not tied to the SIM in any way at all. You don't even need a phone, you can get a desktop based version of the same algorithm if you'd prefer. Microsoft, lastpass, and countless others also have authentication using the same technique which will work here.

If you change your phone you will need to update the seed for the new phone, unless you want to have your old phone as a simple code generator.
 
About recovery though, would it be possible to have the seed text written next to the QR code, and also available once an authenticator has been linked?

That would make it possible to link multiple authenticators and write down the seed in case the phone becomes unavailable. The Google app doesn't allow backing up anything or extracting the seeds (at least not without rooting the phone), and at least on Android, that feature generally appears to be only available in shady apps like Authy (seriously, why does that need my phone number to generate pseudo-random numbers?) or paid ones like Authenticator Plus.
 
Top Bottom