![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
sircaliban) wrote in ![[site community profile]](https://www.dreamwidth.org/img/comm_staff.png){kind=small}
dw_suggestions2012-09-25 11:31 am
2 factor authentication
Title:
2 factor authentication
Area:
improvement to login
Summary:
Create a 2 factor authentication option. The user would login with the password, and then the server would sent a code to a cell phone. The user would then enter the code to verify that they are trying to log in and it's not someone trying to hack into the account.
Description:
This would of course only be necessary for when users are connecting from unknown networks or networks they have not connected to from before. Once logging in, the user would have the option to 'trust this computer', so subsequent authentication requests would not have to got through this option.
Yahoo, Google and Facebook all off similiar functionality.
ETA: I see this option as being 'opt-in', if you opt-in, then the system will ask you for an additional code. The code is generated via something you have (cell phone, hard token, soft token).
This suggestion:
Should be implemented as-is.
10 (13.9%)
Should be implemented with changes. (please comment)
15 (20.8%)
Shouldn't be implemented.
35 (48.6%)
(I have no opinion)
10 (13.9%)
(Other: please comment)
2 (2.8%)
Various points
Once activated, how is it going to be possible to turn off this feature? If it's turned off, will the mobile number be deleted completely?
The database of contact details means Dreamwidth becomes a more attractive target for nefarious people looking for phone numbers, possibly with a view to linking them to other identities. This could be crooks, it could be stalkers, it could be lawyers.
In the grand scheme of things, Dreamwidth accounts are cheap. I don't see that they're on the same scale as bank accounts, and I don't see that the cost outweighs the benefits.
Even at the best of times, I strongly advocate against giving any business to G****e. If I recall correctly, the evil empire has demonstrated it really doesn't want to do business with Dreamwidth, having closed a Checkout account in an unreasonably short time.