Jump to content

Two step verification dots vs. clear

Giray

By Giray
in Feedback

 Share

Recommended Posts

Recommended

Posted by Charles,

@Giray is referring to the challenge questions. You are right though, we can make that a hidden input.
Recommended by Jordan Miller

2 reactions

Go to this post
Recommended

Posted by Adriano Faria,

I developed a quick plugin last year for this matter:  
Recommended by Jordan Miller

2 reactions

Go to this post
Giray Experienced

Giray

Posted
Posted (edited)

Nowadays with virtual meetings, I sometimes show my screen during a call. If I have to go to the Admin CP, and I have to sign in, the two-step verification window is now visible to all. As I type in my challenge answer, everyone gets to see it. Considering it's a form of password, wouldn't it make sense to at least have the option to hide cover the answer with dots like a password?

Not mission critical, but I think it would add some security comfort.

Thx.

Edited by Giray
Link to comment
Share on other sites
Giray Experienced

Giray

Posted
  • Author
Posted

It's actually permanent. I type it in every single time I have to log into my admin cp. In my case I use my favorite sports team. So, again, in the interest of max security, now everyone knows what I would answer. Is it a critical security flaw? Probably not. But it does feel awkward to type what is meant to be a private phrase openly. If one uses the converse logic, one could argue that it's not necessary to hide passwords either.

Link to comment
Share on other sites
  • Featured Comment
Adriano Faria Grand Master

Adriano Faria

Posted
  • Featured Comment
Posted
18 minutes ago, Giray said:

Nowadays with virtual meetings, I sometimes show my screen during a call. If I have to go to the Admin CP, and I have to sign in, the two-step verification window is now visible to all. As I type in my challenge answer, everyone gets to see it. Considering it's a form of password, wouldn't it make sense to at least have the option to hide cover the answer with dots like a password?

Not mission critical, but I think it would add some security comfort.

Thx.

I developed a quick plugin last year for this matter:

 

Link to comment
Share on other sites
Giray Experienced

Giray

Posted
  • Author
Posted

Thanks Nathan. I actually was using it but it just got too tedious. I'm in and out of the back and using GA every single time was driving me nuts. Not to mention that my two other admins threatened to feed me mushrooms (I hate mushrooms 🤐). But I agree, better.

Thanks to all. Like I said, not mission critical, but just a little security tweak.

Link to comment
Share on other sites
CoffeeCake Veteran

CoffeeCake

Posted
Posted
3 hours ago, Giray said:

I actually was using it but it just got too tedious. I'm in and out of the back and using GA every single time was driving me nuts. Not to mention that my two other admins threatened to feed me mushrooms (I hate mushrooms 🤐). But I agree, better.

You can enable the TOTP token without forcing others to use it, yet this is also a problem from the perspective of looking up your member record in ACP, as the questions and answers are visible in plaintext.

See:

 

Link to comment
Share on other sites
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Invision Community © 2024 IPS, Inc.
×
×
  • Create New...