Enhanced Account Security Option - Two Factor Authentication

[mauserme]

One of the great things about the recent upgrade is our ability to tighten member security without intruding on the flow of the forum.  Several things are going on in the background that you may never see.  Others, like sending you an email when there's a login from a device you haven't used before, is pretty standard these days and is fully implemented as of yesterday.

 

Another enhancement is the ability to use two factor authentication.  We've left this optional for those who want an extra layer of safety, though we encourage everyone to use it.  When enabled on your account, you will need to provide answers to 3 questions that only you will know how to answer.  It's a familiar process, and the questions do not intrude into your privacy.  When enabled, doing things like changing your password or email address will require that you provide both your current password and an answer to one of those questions.

 

To activate two factor authentication, go to Account Settings -> Security & Privacy and click "Enable" under Security Questions.  You'll have to provide your password again to access this area (yes, this is new as well). 

 

Rest assured that if you later decide against this, it can be turned back off.

[Euler]

This isn't really a nit, because it's too big to be a nit.

 

Multi-factor authentication means choosing two or more types of authentication from among: what you know (shared secrets, i.e., passwords), what you have (hard/soft token, phone, etc.), and what you are (biometrics). "Secret" questions and answers are really just more passwords. Multiple passwords isn't truly multi-factor, since it's multiple factors of the same type.

 

Hard tokens would be something like RSA SecurID. Soft tokens would be something like Google Authenticator or digital certificates. Biometrics is something like your fingerprint (pretty unreliable, actually) or your eyeball (iris or retina - better reliability). Organ removal movie trope aside, if someone has your eyeball, it's probably you.

[mauserme]

Thanks for the info.

 

We're using the term in the same way Authy uses it in it's first example of 2FA.  Authy is a paid 2FA service that we can optionally integrate into the forum.

 

2FA To The Rescue

2FA is an extra layer of security used to make sure that people trying to gain access to an online account are who they say they are. First, a user will enter their username and a password. Then, instead of immediately gaining access, they will be required to provide another piece of information. This second factor could come from one of the following categories:

• Something you know: This could be a personal identification number (PIN), a password, answers to “secret questions” or a specific keystroke pattern
• Something you have: Typically, a user would have something in their possession, like a credit card, a smartphone, or a small hardware token
• Something you are: This category is a little more advanced, and might include biometric pattern of a fingerprint, an iris scan, or a voice print

[mauserme]

Being a topic in Site Support, I should add that if anyone has questions that don't involve a semantics debate, please post them here or drop me a PM.  I prefer accomplishment to argument.

[Joe45]

I generally use Tapatalk to view the forum which no longer seems to be working.   Would this be due to the recent upgrade?   Is tapatalk still supported?  

[Tip]

3 minutes ago, Joe45 said:

I generally use Tapatalk to view the forum which no longer seems to be working.   Would this be due to the recent upgrade?   Is tapatalk still supported?  

This is mentioned in a couple of threads. They are working on it but it’s not back yet. I have faith that, if it’s possible, they’ll get it back before long.