TCWT Posted July 11, 2011 Share Posted July 11, 2011 There is already a drupal module available. IPB could benefit from this: http://www.duosecurity.com/web Also works with VPN and Linux server. :D Link to comment Share on other sites More sharing options...
bfarber Posted July 12, 2011 Share Posted July 12, 2011 I think 99.9% of our customers have no need to have a dual-login system. You don't use IP.Board to run a financial institution or government website. Link to comment Share on other sites More sharing options...
TCWT Posted July 13, 2011 Author Share Posted July 13, 2011 You don't have to run one of those sites to use it. I think many will use it if it was made available. Link to comment Share on other sites More sharing options...
bfarber Posted July 14, 2011 Share Posted July 14, 2011 Quite contrary, most website operators these days are trying to LOWER the barrier for entry (hence Facebook and Twitter single sign on options) in my experience. Link to comment Share on other sites More sharing options...
Joriz Posted June 8, 2012 Share Posted June 8, 2012 Did anybody integrate a Two-factor authentication into IPB? It is indeed a barrier bfarber, but I think a Two-factor authentication is not ment for normal users but for administrators or users who specific ask for it. With current hacks on LinkedIn, WHMCS and Last.FM I think it is great if at least administrator accounts have a higher barrier by Two-factor authentication. The https://code.google.com/p/google-authenticator/ is totally free and open source. We offcourse added already a password protected directories for the renamed admin directory but this kind of securies don't work if your passwords are stolen. The great thing about Two-factor authentication also a physical device needs to be stolen for someone to break in to your adminaccount. Link to comment Share on other sites More sharing options...
raindog308 Posted June 10, 2012 Share Posted June 10, 2012 I definitely agree on the need for two-factor auth for the ACP. Not running a bank...but you may be running a business (Nexus) and the possibility to destroy other businesses (hosting clients) is enormous. Even battle.net has two-factor auth...in my opinion, IPB needs this and indeed it's overdue. Link to comment Share on other sites More sharing options...
euantor Posted June 10, 2012 Share Posted June 10, 2012 I'd definitely like to see this. I use two factor auth on Google, paypal and name.com. It would be great to have the option at the very least. Link to comment Share on other sites More sharing options...
miraclesun Posted June 10, 2012 Share Posted June 10, 2012 I would like this for the Admin CP / IP.Nexus, definitely. Link to comment Share on other sites More sharing options...
Wiscansan Posted June 10, 2012 Share Posted June 10, 2012 It would very useful to have only on the ACP, especially if you're running Nexus. I see no point in having it for regular forum logins though. Link to comment Share on other sites More sharing options...
Rimi Posted June 11, 2012 Share Posted June 11, 2012 Don't do it. Link to comment Share on other sites More sharing options...
raindog308 Posted June 11, 2012 Share Posted June 11, 2012 Don't do it. You're completely opposed to having this as an option? Link to comment Share on other sites More sharing options...
Rimi Posted June 11, 2012 Share Posted June 11, 2012 You're completely opposed to having this as an option?100% opposed. Link to comment Share on other sites More sharing options...
miraclesun Posted June 11, 2012 Share Posted June 11, 2012 100% opposed. why? Link to comment Share on other sites More sharing options...
raindog308 Posted June 11, 2012 Share Posted June 11, 2012 100% opposed. I can understand someone deciding not to use a particular option but to be "100% opposed" to it even being included is...strange. Link to comment Share on other sites More sharing options...
Rimi Posted June 11, 2012 Share Posted June 11, 2012 why?Those things are annoying. I would hate having to use a site that has it. They should be illegal along with those sites that require you to have symbols, uppercase aand lowercase letters and numbers in your password. :s Link to comment Share on other sites More sharing options...
Rimi Posted June 11, 2012 Share Posted June 11, 2012 I can understand someone deciding not to use a particular option but to be "100% opposed" to it even being included is...strange.Nothing strange with not wanting IPS to add annoying options to my favorite forum software. Link to comment Share on other sites More sharing options...
Ryan H. Posted June 11, 2012 Share Posted June 11, 2012 Those things are annoying. I would hate having to use a site that has it. They should be illegal along with those sites that require you to have symbols, uppercase aand lowercase letters and numbers in your password. :s It would be a security feature... for security. For admins. Hell, you wouldn't even have to use it if you don't want to. Link to comment Share on other sites More sharing options...
Marcher Technologies Posted June 11, 2012 Share Posted June 11, 2012 Not against this, but wanted to state.... as it stands, social logins affect not the ACP anyway. Link to comment Share on other sites More sharing options...
raindog308 Posted June 11, 2012 Share Posted June 11, 2012 Nothing strange with not wanting IPS to add annoying options to my favorite forum software. I can't see how a Use Two-Factor Authentication for ACP? option that defaults to No would annoy you. Link to comment Share on other sites More sharing options...
Rimi Posted June 11, 2012 Share Posted June 11, 2012 I can't see how a Use Two-Factor Authentication for ACP? option that defaults to No would annoy you.Similarly I can't see why anyone would want such a feature. It's just how humans work. Opinions suck. Link to comment Share on other sites More sharing options...
Calvin39 Posted June 11, 2012 Share Posted June 11, 2012 As I disagree with all this signing in lark anyway, (every board you go to on the internet) if I have to sign in I leave and don't go back. And therefore yes I would be 100% against this as well. Its all right saying "but you can turn it off," however it has to be installed to turn it off in the first place and I have enough crap installed on this board that I didn't want or ask for, as it is. I have a government forum and we have no need for it, however if you want to drive traffic and customers away from your board then you use it, I know we won't. So its a no from me. Link to comment Share on other sites More sharing options...
raindog308 Posted June 11, 2012 Share Posted June 11, 2012 Similarly I can't see why anyone would want such a feature. It's just how humans work. Opinions suck. No. This is not a question of "I like blue, you like orange". IPB competitors already have this feature. For those who are using IPB for an ecommerce platform - and it is designed to allow people to run hosting companies - this feature is practically a requirement. If my ACP was compromised, the intruder could destroy all of my client web sites. The liability is enormous. I appreciate that some people use IPB for a forum (hobby, paying or not) - and yes, in those cases it's probably not needed. Some people don't even use HTTPS. No problem. IPB is flexible. But for those using the software to run hosting companies, there is no such thing as too much security. Multi-factor authentication provides a protection that is impossible to achieve otherwise. Again, optional and for ACP only - IPS needs to keep up with competitors. Link to comment Share on other sites More sharing options...
Joriz Posted June 11, 2012 Share Posted June 11, 2012 Please people. Don't argue how you get forced into new features. I and the other people who suggested the Two-factor authentication see this as an OPTIONAL feature for the ACP. Of course I don't want to force people or all members on a forum to use all kind of new possibly annoying features. This and last year user-names and passwords of millions of people were on the Internet. For example the leaks on Linkedin, Last.FM and a mayor ISP in the Netherlands. You currently see that the leaked passwords are misused on many other website. With a Two-factor authentication even if passwords and user-names are leaked Internet criminals still need your token generator or your phone. I think the addition of two-factor authentication will give many administrators a safer feeling and also add a great sales point to Invision Power Board. Link to comment Share on other sites More sharing options...
Tripp★ Posted June 11, 2012 Share Posted June 11, 2012 Isn't changing the ACP location, to a secret location and protecting it with .HTACCESS password, along with a secure username and password to access the ACP, secure enough? I mean I don't have my login name the same as my display name, and that's kept secret too. I've never been hacked, and my ACP has never been hijacked. So surely this is secure enough. And that can already be done with the current set up. I don't see how adding this would make it any more secure. It looks annoying and I hate that Gmail and Facebook do it to their users. I wouldn't wish it on my users or my staff. Please don't add this feature, and if it's being considered please make it optional. Link to comment Share on other sites More sharing options...
Mrdoodle Posted August 28, 2012 Share Posted August 28, 2012 I also would like to have the option to use two way auth. The minimum would be for the admin section. There is so many forums that get hacked because of poor passwords from mods and admins. Using SSL for admin should not be the only option, two way auth is a must for admins. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.