sircaliban: (Default)
sircaliban ([personal profile] sircaliban) wrote in [site community profile] dw_suggestions2012-09-25 11:31 am
  • Add Memory
  • Share This Entry
Entry tags:

2 factor authentication

Title:
2 factor authentication

Area:
improvement to login

Summary:
Create a 2 factor authentication option. The user would login with the password, and then the server would sent a code to a cell phone. The user would then enter the code to verify that they are trying to log in and it's not someone trying to hack into the account.

Description:
This would of course only be necessary for when users are connecting from unknown networks or networks they have not connected to from before. Once logging in, the user would have the option to 'trust this computer', so subsequent authentication requests would not have to got through this option.

Yahoo, Google and Facebook all off similiar functionality.

ETA: I see this option as being 'opt-in', if you opt-in, then the system will ask you for an additional code. The code is generated via something you have (cell phone, hard token, soft token).

Poll #11749 2 factor authentication
Open to: Registered Users, detailed results viewable to: All, participants: 72

View Respondents

This suggestion:

View Answers

Should be implemented as-is.
10 (13.9%)

Should be implemented with changes. (please comment)
15 (20.8%)

Shouldn't be implemented.
35 (48.6%)

(I have no opinion)
10 (13.9%)

(Other: please comment)
2 (2.8%)

Flat | Top-Level Comments Only
tyger: Axel sprite with a :/-face. Text: you have GOT to be fucking shitting me (Axel - you're shitting me)

[personal profile] tyger 2012-09-28 02:02 pm (UTC)(link)
FUCK PHONES.

...yeah, um. I'm not against the idea of two-factor authentication in itself? Particularly if it's opt-in. But not phones. I hate phones, and while I have been browbeaten into having one, I often don't know where it is, and even if I do it's usually out of battery. Also I don't know the number, though I guess I could find that out. But I don't want to have to find my fucking phone to log into ANYTHING, and I don't care what it is. (Also, don't a lot of US phone companies charge you for receiving texts, particularly if you're prepaid? Which is complete and utter crock, but...)

If it was a different kind of two-factor - secret questions? auto generated emails you have to grab the link from? I don't know pretty much anything about this, heh, but I'm sure the internet has thought of many ways it could be done - I think it'd definitely be a good idea to at least look into!

But seriously, fuck phones.
Flat | Top-Level Comments Only