sircaliban: (Default)
sircaliban ([personal profile] sircaliban) wrote in [site community profile] dw_suggestions2012-09-25 11:31 am
  • Add Memory
  • Share This Entry
Entry tags:

2 factor authentication

Title:
2 factor authentication

Area:
improvement to login

Summary:
Create a 2 factor authentication option. The user would login with the password, and then the server would sent a code to a cell phone. The user would then enter the code to verify that they are trying to log in and it's not someone trying to hack into the account.

Description:
This would of course only be necessary for when users are connecting from unknown networks or networks they have not connected to from before. Once logging in, the user would have the option to 'trust this computer', so subsequent authentication requests would not have to got through this option.

Yahoo, Google and Facebook all off similiar functionality.

ETA: I see this option as being 'opt-in', if you opt-in, then the system will ask you for an additional code. The code is generated via something you have (cell phone, hard token, soft token).

Poll #11749 2 factor authentication
Open to: Registered Users, detailed results viewable to: All, participants: 72

View Respondents

This suggestion:

View Answers

Should be implemented as-is.
10 (13.9%)

Should be implemented with changes. (please comment)
15 (20.8%)

Shouldn't be implemented.
35 (48.6%)

(I have no opinion)
10 (13.9%)

(Other: please comment)
2 (2.8%)

Flat | Top-Level Comments Only
pauamma: Cartooney crab wearing hot pink and acid green facemask holding drink with straw (Default)

[personal profile] pauamma 2012-09-28 01:55 pm (UTC)(link)
if I change my phone number and forget to tell DW, what evidence will Support accept that I am who I say I am?
Or worse, if someone steals my phone and claims the login/recovery attempts are invalid when asked to confirm them.
Flat | Top-Level Comments Only