Page 2 of 2

Re: Two-factor authentication?

PostPosted: 2019-06-03 02:14
by sickpig
GarryRicketson wrote:we do the very best we can, with very limited tools, etc. And almost never a thank you or anything.

thank you GarryRicketson
your other post about apt-netselect helped me find the closest mirror near to my location. I did not comment there because if u reply to an old post u get heckled for necromancy.

Re: Two-factor authentication?

PostPosted: 2019-06-03 02:30
by GarryRicketson
Head_on_a_Stick wrote:We don't even provide https here, what makes you think 2FA is a possibility?

There is a extension for phpBB, but it still is in development, it is not recommended for any production sites, yet.

Anyway, I appreciate the fact that the server owner at least keeps the server running, and
allows us to have the forum. It might not be the best "soup kitchen" in town, but any way, at least it is available. And easy to access. There is nothing more frustrating then trying to get on-line, and access some so called support forum, but you can't, because your system is very crippled, the clock / and date is not set and you don't know how to set it,...., or some other problem, that triggers the ssl mal ware to block you, any way, I appreciate what we have here, and am comfortable with the way it is, makes me sad when I see that others simply do not appreciate it, of course they can all ways go somewhere else to beg for a free meal, or pay for more secure services, that offer good technical support.

Re: Two-factor authentication?

PostPosted: 2019-06-03 03:02
by chaanakya
GarryRicketson wrote:There is a extension for phpBB, but it still is in development, it is not recommended for any production sites, yet.

Yeah, I saw that. And as you said, it's not recommended for production sites yet.

I honestly don't know what the options are in terms of phpBB, I just thought it was worth looking into.

And I very much appreciate that the forum is still running and it's useful and everything. As I said initially, I'm frustrated when websites don't take security seriously and end up jeopardizing their users in the process, which is what drove me to make this post in the first place.

As for the clock setting preventing you from accessing the site, that could easily be fixed by providing both an HTTP and an HTTPS version of the site (no automatic redirect). This way, people could go to the secure version if they are able to and could fall back to the insecure version if everything's screwed up. And no, ssl isn't "malware". Transport security is very much necessary, especially in the case of login.

I genuinely don't get why you are being so derisive towards me when I am simply trying to make suggestions to make the site more secure. I have tried to be as polite as possible when responding, and it's very frustrating to be told to essentially f*ck off.

I appreciate the forum as it is, but that doesn't mean it's perfect or that there aren't improvements that can be made. It's very disconcerting to be told that I either must like the forum exactly as it is or I should leave. If so, what's the point of this entire category/subforum/forum/whatever it's called? Why not just relabel it "self-congratulation"?

Look, I understand y'all work hard, and it's often a thankless role. You probably have tons of people yelling at you and you probably need to answer the same damn questions all the time. I get it. But I've been nothing but polite in responding to you and have tried to respond to your points rather than attack you personally, and it feels like you're not extending the same courtesy to me, which is disheartening.

Re: Two-factor authentication?

PostPosted: 2019-06-03 03:42
by GarryRicketson
Oh, well , sorry about that, , so any way Thank you for your suggestions, and ideas, and taking the time to share here. You are right, and I apologize for my bad attitude, I will try to do better in the future.

Re: Two-factor authentication?

PostPosted: 2019-08-10 14:21
by Bloom
As long as a 2FA is unavailable, you could look into requireing new people who register to answer one question like "In what city are the United Nations located?" with the correct answer "New York".
That is good enough for robots to fail and people worldwide to answer correctly, at least if they speak English. A lot of spammers who register seem to have no grasp of the English language...