Support NeoGAF

[Corronchilejano]

I need this. I actually store all important passwords in my private messages and generate new ones from subscribed thread titles.

 

[The Albatross]

Gaf has greater security issues, mostly related around the email restrictions and needing to contact someone to change your email.

Email restrictions make it so that if your email address was ever compromised and you didn't have another "private" email address, you're unable to prevent the spread of the compromise without finding a person to do it for you and hoping they take care of it in time. The only good thing is that passwords aren't sent to an email, instead it uses password reset links. It's a restriction that has no upside and only downside for users. I don't really know what the methodology behind it is for the site either.

 

[BiggNife]

I am a big supporter of 2 Factor these days but I don't understand why it would be necessary for a forum that doesn't store credit card information

Using LastPass or 1Password should be more than enough.

 

[Shanlei91]

If my enemies ever hacked my account they would see all of the awkward private messages I send to people with females as their avatar.

 

[JeTmAn81]

Two factor authentication is the devil. I hate having to pull out my phone every time I want to log in to my work PC.

 

[nasax]

I for one, can't wait until gaf implements penis scan authentication.

 

[Beren the Empty-Handed]

I for one, can't wait until gaf implements penis scan authentication.

Anything under 12 inches and we'd know they weren't really a gaf member.

Security and shaming, all in one.

 

[cwmartin]

Two factor really only exists in the consumer market because people are so lazy and mindless about what passwords they use. Education on decent password creation and management would be better than 2 factor in almost all consumer cases.

 

[Dagobert Duck]

I need this. I actually store all important passwords in my private messages and generate new ones from subscribed thread titles.

What?

 

[Jotaka]

2 Step authentication is the future of securing our precious accounts. Would you guys like to see NeoGAF incorporate the Google app into their login process? Yes, there will be quite a bit of extra development, but will secure our accounts tenfold.

Waste of resources just to keep your forum account safe.

 

[Trojita]

over the top. It's just a forum. Mods don't do this, it's uneeded.

Mods have nothing to do with it.

Gaf has greater security issues, mostly related around the email restrictions and needing to contact someone to change your email.

Email restrictions make it so that if your email address was ever compromised and you didn't have another "private" email address, you're unable to prevent the spread of the compromise without finding a person to do it for you and hoping they take care of it in time. The only good thing is that passwords aren't sent to an email, instead it uses password reset links. It's a restriction that has no upside and only downside for users. I don't really know what the methodology behind it is for the site either.

That e-mail restriction isn't changing. It keeps the forum from getting inundated with membership requests from trolls and alts.

I can't imagine how long the membership approval request would take if they had to go through every Hotmail, yahoo, and gmail account request.

 

[E92 M3]

Two factor really only exists in the consumer market because people are so lazy and mindless about what passwords they use. Education on decent password creation and management would be better than 2 factor in almost all consumer cases.

That's not true at all; I don't think you know what you're talking about. Do you think most passwords are cracked by random guessing? That's not the case. Systems get compromised and passwords are leaked. 2 step exists to make sure that even if a password is leaked, the secondary passcode will still be required for login.

Waste of resources just to keep your forum account safe.

Like I said before, it depends on what future plans Evil has for the forum. I can see an optional membership coming in the future.

 

[Trojita]

The only accounts worth protecting are the GAF Gold ones.

 

[cwmartin]

That's not true at all; I don't think you know what you're talking about. Do you think most passwords are cracked by random guessing? That's not the case. Systems get compromised and passwords are leaked. 2 step exists to make sure that even if a password is leaked, the secondary passcode will still be required for login.

This isn't really true, sorry. Sites with poor user security tend to not store financial and personal data. The ones that do, use expensive and responsive services to deal with the fallout, ie target, etc.

The problem comes from unsecure sites being hacked and releasing passwords. Then those passwords being used across multiple services, such as banking, retirement accounts, etc.

If my MySpace password from 2005 got leaked to the world, I wouldn't be thankful two factor secured my account on that service. I would be fucked if that password was used across multiple services. That's the real culprit.

 

[FyreWulff]

Two factor really only exists in the consumer market because people are so lazy and mindless about what passwords they use. Education on decent password creation and management would be better than 2 factor in almost all consumer cases.

Passwords can be bruteforced offline.

Proper use of 2 factor (in that you don't give someone the second factor) is not, not only because it requires physical possession but also because the 2nd factor is (usually) time sensitive.

It's one of the better security practices, and will probably eventually be near standard in the future, but as it is the threat potential for a forum isn't high enough for it.

 

[Garuda1One]

Please no, this is a forum ffs..
ill be happy to use it for Paypal or Gmail, but for forum ?

nope...

 

[cwmartin]

Passwords can be bruteforced offline.

Proper use of 2 factor (in that you don't give someone the second factor) is not, not only because it requires physical possession but also because the 2nd factor is (usually) time sensitive.

It's one of the better security practices, and will probably eventually be near standard in the future, but as it is the threat potential for a forum isn't high enough for it.

I'm not doubting the security 2 factor provides. That's not deniable. The necessity of it in a general consumer sense is equal to zero in my opinion.

 

[andythinkpad]

This is Facebook/GAF's conspiracy to get my phone number.

OP is a plant.

 

[Hoo-doo]

The day I have to pull out some app just to log in to NeoGAF any given day is going to be a terrible one.

I probably log in to this damn site over 20 times a day out of habit. I have a strong password, i'm not worried.

 

[E92 M3]

This isn't really true, sorry. Sites with poor user security tend to not store financial and personal data. The ones that do, use expensive and responsive services to deal with the fallout, ie target, etc.

The problem comes from unsecure sites being hacked and releasing passwords. Then those passwords being used across multiple services, such as banking, retirement accounts, etc.

If my MySpace password from 2005 got leaked to the world, I wouldn't be thankful two factor secured my account on that service. I would be fucked if that password was used across multiple services. That's the real culprit.

Having different passwords important, but that doesn't remove the importance of 2 step.

The day I have to pull out some app just to log in to NeoGAF any given day is going to be a terrible one.

I probably log in to this damn site over 20 times a day out of habit. I have a strong password, i'm not worried.

I never use the app on my home PC. One time only.

 

[EviLore]

Optional 2FA has been looked into as part of overall security updates. The main concern I've noted, though, isn't that NeoGAF accounts tend to actually be compromised, as they're not high value targets in terms in terms of facilitating identity theft or fraud etc. like your bank account login or primary email login etc. might be, but that members in some cases end up losing access to their accounts eventually: if their isp/academic/work registration email dies wiithout their knowledge and they subsequently lose their NeoGAF password, they're then unable to recover their account without admin intervention. So, while full optional 2FA may or may not be overkill realistically, an account recovery option at least (like an SMS or backup permanent email address associated with your account) is on the to-do list if feasible and I've been looking into possible solutions there.

Expect many updates and improvements rolling out throughout 2016. There's a lot on the agenda.

 

[Ray Wonder]

Optional 2FA has been looked into as part of overall security updates. The main concern I've noted, though, isn't that NeoGAF accounts tend to actually be compromised, as they're not high value targets in terms in terms of facilitating identity theft or fraud etc. like your bank account login or primary email login etc. might be, but that members in some cases end up losing access to their accounts eventually: if their isp/academic/work registration email dies wiithout their knowledge and they subsequently lose their NeoGAF password, they're then unable to recover their account without admin intervention. So, while full optional 2FA may or may not be overkill realistically, an account recovery option at least (like an SMS or backup permanent email address associated with your account) is on the to-do list if feasible and I've been looking into possible solutions there.

Expect many updates and improvements rolling out throughout 2016. There's a lot on the agenda.

I feel like you keep adding stuff we can use.

 

[Geist-]

So many people against it in this thread. Why would anyone care if it was optional? If you don't want it, don't use it. I for one always use 2FA if it's available, regardless of how important or not a website is.

Optional 2FA has been looked into as part of overall security updates. The main concern I've noted, though, isn't that NeoGAF accounts tend to actually be compromised, as they're not high value targets in terms in terms of facilitating identity theft or fraud etc. like your bank account login or primary email login etc. might be, but that members in some cases end up losing access to their accounts eventually: if their isp/academic/work registration email dies wiithout their knowledge and they subsequently lose their NeoGAF password, they're then unable to recover their account without admin intervention. So, while full optional 2FA may or may not be overkill realistically, an account recovery option at least (like an SMS or backup permanent email address associated with your account) is on the to-do list if feasible and I've been looking into possible solutions there.

Expect many updates and improvements rolling out throughout 2016. There's a lot on the agenda.

Very excited to see an updated site, thanks EviLore.

 

[Catdaddy]

But if that happens we can't use that excuse for drive-by shit postings.

 

[Kid Ska]

What value is there in stealing a NeoGAF account?

Usurping EviLore starts somewhere.

 

[E92 M3]

Optional 2FA has been looked into as part of overall security updates. The main concern I've noted, though, isn't that NeoGAF accounts tend to actually be compromised, as they're not high value targets in terms in terms of facilitating identity theft or fraud etc. like your bank account login or primary email login etc. might be, but that members in some cases end up losing access to their accounts eventually: if their isp/academic/work registration email dies wiithout their knowledge and they subsequently lose their NeoGAF password, they're then unable to recover their account without admin intervention. So, while full optional 2FA may or may not be overkill realistically, an account recovery option at least (like an SMS or backup permanent email address associated with your account) is on the to-do list if feasible and I've been looking into possible solutions there.

Expect many updates and improvements rolling out throughout 2016. There's a lot on the agenda.

Awesome, looking forward to the improvement.

 

[ebullientprism]

LOL Precious accounts and GAF in the same sentence.

I like this site and its a decent time waster. But its not email or banking.

 

[E92 M3]

LOL Precious accounts and GAF in the same sentence.

I like this site and its a decent time waster. But its not email or banking.

No idea why the term "optional" is so hard to grasp.

 

[Trojita]

So, while full optional 2FA may or may not be overkill realistically, an account recovery option at least (like an SMS or backup permanent email address associated with your account) is on the to-do list if feasible and I've been looking into possible solutions there.

Expect many updates and improvements rolling out throughout 2016. There's a lot on the agenda.

That would probably be the best option for now.

 

[Ray Wonder]

That would probably be the best option for now.

It'll be available on Mobile too i'm sure. No worries.

Usurping EviLore starts somewhere.

I wonder what his version of NeoGAF looks like.

 

[E92 M3]

It'll be available on Mobile too i'm sure. No worries.



I wonder what his version of NeoGAF looks like.

Maybe he can post us a screenshot with details omitted

 

[Trojita]

It'll be available on Mobile too i'm sure. No worries.

I don't understand what this meanssssssssssssss.