Koby Posted May 4, 2017 Report Share Posted May 4, 2017 As you've noticed by now, we recently made the switch to HTTPS (SSL). In an effort to keep up with security options and whatnot, we've also recently patched a security issue discovered related with the linking of display pictures. As well as we've finally enabled the ability for users to opt-in to 2FA (Two Factor Authentication). We have decided to keep this an optional feature as we feel not everyone would want to use it or even see a need in using it. After all what would someone gain from accessing your forum account if you're not a staff member for example? Not much really, but that doesn't mean you want to let them either. Anyways for now, we offer the ability for 2FA through Google Authenticator which requires you to have an app installed on your smart phone to utilize. You can set it up here: https://kametsu.com/settings/account-security/ We'll look into doing a 3 Question Based 2FA option in the future. If someone would like to submit to me common questions to utilize that would typically be used for such a thing and offer unique answers that people who don't know you wouldn't be able to answer, then it'd probably speed this addition up on actually being added. In other news, we've enabled various caching of things to do with the forum that should help improve performance. At least on the backend anyways. You may not actually notice any performance gains, but you never know. 1 Quote Link to comment Share on other sites More sharing options...
Catar Posted May 4, 2017 Report Share Posted May 4, 2017 1 minute ago, Koby said: We'll look into doing a 3 Question Based 2FA option in the future. If someone would like to submit to me common questions to utilize that would typically be used for such a thing and offer unique answers that people who don't know you wouldn't be able to answer, then it'd probably speed this addition up on actually being added.. Always hated this as a verification since it's vulnerable to data mining or social engineering, but anyway: cut out the middle man, let users choose both the question and answer if IPB allows it. Solves the problem easily and simply. Thanks for 2FA though <3 1 Quote Link to comment Share on other sites More sharing options...
Koby Posted May 4, 2017 Author Report Share Posted May 4, 2017 4 minutes ago, Catar said: Always hated this as a verification since it's vulnerable to data mining or social engineering, but anyway: cut out the middle man, let users choose both the question and answer if IPB allows it. Solves the problem easily and simply. Thanks for 2FA though <3 Well ideally people would opt for the Google Authenticator option. The other would just be for those without access to a smart phone for w/e reason but still wanted a little extra security. Even if someone did some data mining as you put it, they'd still require your original password to go along with the three answers to actually get through. And a pro-tip about these sorts of things is to not actually answer the question specifically, but come up with your own unique answer for that question that you'll memorize but doesn't even answer the actual question so someone who managed to look up a lot of information about you, would never be able to guess what you were thinking that way. For example-- Q: "What is your mothers maiden name?" A: "two plus seven equals eight". Hehe, lame answer, but yeah the point is still made. 1 Quote Link to comment Share on other sites More sharing options...
Catar Posted May 4, 2017 Report Share Posted May 4, 2017 Just now, Koby said: Well ideally people would opt for the Google Authenticator option. The other would just be for those without access to a smart phone for w/e reason but still wanted a little extra security. Even if someone did some data mining as you put it, they'd still require your original password to go along with the three answers to actually get through. And a pro-tip about these sorts of things, is to not actually answer the question specifically, but come up with your own unique answer for that question that you'll memorize but doesn't even answer the actual question so someone who managed to look up a lot of information about you, would never be able to guess what you were thinking that way. Mine are just longer randomly generated strings for places that need it, otherwise I don't enable questions at all. And yeah, not necessary if you're good about your passwords. Different passwords everywhere people, everyone should know this by now. 1 Quote Link to comment Share on other sites More sharing options...
Koby Posted May 4, 2017 Author Report Share Posted May 4, 2017 Just now, Catar said: Mine are just longer randomly generated strings for places that need it, otherwise I don't enable questions at all. And yeah, not necessary if you're good about your passwords. Different passwords everywhere people, everyone should know this by now. Yeah and don't write your passwords on a Post-It Note and stick it to your monitor. Quote Link to comment Share on other sites More sharing options...
Catar Posted May 4, 2017 Report Share Posted May 4, 2017 3 minutes ago, Koby said: Yeah and don't write your passwords on a Post-It Note and stick it to your monitor. Of course not. Those are more expensive. Off brand sticky notes for life. 1 Quote Link to comment Share on other sites More sharing options...
Moodkiller Posted May 20, 2017 Report Share Posted May 20, 2017 On 04/05/2017 at 5:45 PM, Catar said: On 04/05/2017 at 5:41 PM, Koby said: Yeah and don't write your passwords on a Post-It Note and stick it to your monitor. Of course not. Those are more expensive. Off brand sticky notes for life. Ew, why use expensive (or not) sticky notes when Windows has built in digital sticky notes?? Best thing, they are hidden when you turn your computer or screen off, so privacy/security is not an issue for those praying eyes. Save the trees. Quote Link to comment Share on other sites More sharing options...
Catar Posted May 20, 2017 Report Share Posted May 20, 2017 Just now, Moodkiller said: Ew, why use expensive (or not) sticky notes when Windows has built in digital sticky notes?? Best thing, they are hidden when you turn your computer or screen off, so privacy/security is not an issue for those praying eyes. Save the trees. I store all my passwords in imgur folders. That way people can't just copypaste them off my computer, you know? Quote Link to comment Share on other sites More sharing options...
Moodkiller Posted May 20, 2017 Report Share Posted May 20, 2017 27 minutes ago, Catar said: I store all my passwords in imgur folders. That way people can't just copypaste them off my computer, you know? Good thinking! Alright, I will take screenshots of the sticky notes and put them into their own album, "Passwords" \o/ 1 Quote Link to comment Share on other sites More sharing options...
Neko-fish Posted May 20, 2017 Report Share Posted May 20, 2017 I find here is more than secure enough...you're not a banking place...so your fine ...yeah ..people need to use different passwords for each site/forum they join,,,,it really IS important.. and like Catar has said don't leave them laying about ,,put them on a pen drive off machine is good,,if you really need them written down please store those in a safe place away from your machine.... @Koby and sad as this is to say I do not own a smart phone or even a bargain off brand cell phone .. I use my comp to work on not to flutter around the net,,so I have a desktop model,but added securities for those who do have the smart phones and such is nice...as most know WiFi IS never really secure remember that .. Quote Link to comment Share on other sites More sharing options...
pixxelherz Posted May 24, 2017 Report Share Posted May 24, 2017 (edited) Kudos for adding 2FA. As a side-note: It doesn't have to be Google's Authenticator App. I personally use Authy. Edited May 24, 2017 by eljayflintok typo Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.