Two Factor Authentication ?

[UnixOp]

Hi,
Any chance RadioReference/Broadcastify can add two factor authentication (2FA) to better protect our user accounts ?

Thanks,
UnixOp
Broadcaster feed 29411

 

[mikewazowski]

I can't speak for Broadcastify but for the forums, it's a user group option that is either on or off. If I enable it, everyone in that user group will have to use it.

The only workaround would be to add a separate user group and add it to the profiles of members who request it. Not sure how many members would want it but that could turn into a huge workload for me.

I'll enable it on your account and you can give it a try.

 

[GTR8000]

Hmm, I wonder how that would work, since all the various components of RR/Broadcastify use a common username/password tied to your master RR account. If you want to change your Xenforo password, it takes you to your RR account to make the change, which subsequently affects your database password, forum password, wiki password, Broadcastify password, etc.

 

[mikewazowski]

I don't think it will be a problem unless the backend software that changes your password across the various platforms can't change the forums password because of 2fa.

 

[UnixOp]

You guys are awesome The 2FA is working perfectly here, it linked up with my google auth app no problems.
I just went to a laptop here that has never logged in to RR or Broadcastify and l can confirm that (currently) the 2FA only applies to the forums.
I was able to login to RR and Broadcastify (primary sites) with regular username and password.

I can understand there is some concern as the sites are sharing user auth data, the 2FA did provide backup auth codes that will allow me to access my forum account in the event the 2FA does not authenticate. I'm not familiar with how the sites are sharing user auth data so I'll defer to your expertise when it comes to what is/isn't possible here.
Again, thanks for the extra security on my forum account, I don't want to create a huge work load for anyone but I do welcome the increased security. (my professional background is [at present] 22 years working corp IT network security solutions, so I can appreciate the challenges you must face with administrating such a large and visible public entity like this) I'll ping this thread if I run into any issues with the 2FA.
unixop

 

[mikewazowski]

2fa should only affect your Forums account as far as I know.

I don't think you'll see any problems though. I have had it enabled on my account since we switched to Xenforo.

 

[DaveNF2G]

Have our accounts been compromised without it, or is this a solution in search of a problem?

 

[GTR8000]

Have our accounts been compromised without it, or is this a solution in search of a problem?

So I guess "best practices" is not an option, huh?

 

[mikewazowski]

Have our accounts been compromised without it, or is this a solution in search of a problem?

You lock your car doors at night, right?

 

[DaveNF2G]

2FA is pretty rare in my online experience, so I'm not sure if it has reached the status of "best practice" or not. It's not being widely promoted. So far, only my iPhone has offered it with the latest firmware update.

 

[mikewazowski]

Sorry Dave but I think you're behind the times. Most online places offer it now. I've got it on my PayPal, eBay, Amazon and Dropbox accounts just to name a few.

At work most of our accounts are 2fa enabled.

Looks like the Google Authenticator app was released 7 years ago.

Apple has offered it on their accounts since at least 2016. To get into my Apple account, you must enter a pass number sent to another device. There was no firmware upgrade necessary.

If you're not worried about someone compromising your RR account, I wouldn't worry about it. Just make sure you use a strong password and don't reuse the same password on multiple sites.

 

[Hit_Factor]

...and don't reuse the same password on multiple sites.

Great advice. I look for 2FA when money is involved.

For hobby accounts I'm switch slowly, but surely to strong passwords without any reuse.

For 20 years I re-used a password for non-financial accounts. No longer.


73, K8HIT
Icom: IC-7300, IC-PW1, ID-5100A, ID-51A Plus 2, IC-R30, Hytera PD782G, Kenwood TH-D74, Uniden SDS100, DVMega, SDRplay RSPduo

 

[GTR8000]

For anyone wanting to manage their 2FA settings, use this link to directly access those settings:

https://forums.radioreference.com/account/two-step/

 

[shadowst0rm]

I was looking for how to do this thank you! So my next question, will there, or can there, be an option to add hardware two-factor authentication? Sadly I did not see the option, but the authenticator was there, which is infinitely better than sms-authenticatn >_< I may have missed a conversation about security tokens, but, I don't think so?

 

[mikewazowski]

No, no plans to add hardware authentication.

 

[laidback]

You lock your car doors at night, right?

No, I don't even lock my house. Benifit of living in country and brothers Smith and Wesson.