Server pod 50
LoginJoin

2FA or Time Based Security Code

Log in to reply
MonroeCpl830
Monroe, LA, Us

[quote=Single_again1960][quote=sls_WayneC][quote=Single_again1960]I'm seeing lots of improvements with the new site....are you aware that using the common form of swing dot com is a prohibited word and not allowed?

Any idea when, or if, Multi Factor Authentication (2FA) will be implemented?[/quote]<p>The forums do not allow web addresses due to the danger of posting those.</p>

<p>The company is looking into different technologies to enhance the security, such as 2FA.</p>[/quote]I know a lot of people thing that this is being silly but site security is very important and requires more than a simple password, a lot of headaches can be caused with poor security, especially on social media sites. Since you're rewriting the site it's easier to security now instead of later. This is not advanced security, it's the basic minimum:

  1. Log in attempts should be limited. Automatically resetting after 24 hours
  1. Password resets should be allowed
  1. The entire site, not just the login page, should use TLS/HTTPS
  1. Strong 128bit passwords should be required
  1. Passwords should never be stored in plaintext or with obsolete fast hashes (server side)
  1. The server side should offer protection against XSS, injection, and CSRF[/quote]100% agree with this!
Report#3095780
Single_again1960Regular
Scranton, PA, Us

[quote=sls_WayneC][quote=Single_again1960]I'm seeing lots of improvements with the new site....are you aware that using the common form of swing dot com is a prohibited word and not allowed?

Any idea when, or if, Multi Factor Authentication (2FA) will be implemented?[/quote]<p>The forums do not allow web addresses due to the danger of posting those.</p>

<p>The company is looking into different technologies to enhance the security, such as 2FA.</p>[/quote]I know a lot of people thing that this is being silly but site security is very important and requires more than a simple password, a lot of headaches can be caused with poor security, especially on social media sites. Since you're rewriting the site it's easier to security now instead of later. This is not advanced security, it's the basic minimum:

  1. Log in attempts should be limited. Automatically resetting after 24 hours
  1. Password resets should be allowed
  1. The entire site, not just the login page, should use TLS/HTTPS
  1. Strong 128bit passwords should be required
  1. Passwords should never be stored in plaintext or with obsolete fast hashes (server side)
  1. The server side should offer protection against XSS, injection, and CSRF
Report#3095246
sls_WayneCMod
Gainesville, FL, Us

[quote=Single_again1960]I'm seeing lots of improvements with the new site....are you aware that using the common form of swing dot com is a prohibited word and not allowed?

Any idea when, or if, Multi Factor Authentication (2FA) will be implemented?[/quote]<p>The forums do not allow web addresses due to the danger of posting those.</p>

<p>The company is looking into different technologies to enhance the security, such as 2FA.</p>

Report#3095241
Single_again1960Regular
Scranton, PA, Us

I'm seeing lots of improvements with the new site....are you aware that using the common form of swing dot com is a prohibited word and not allowed?

Any idea when, or if, Multi Factor Authentication (2FA) will be implemented?

Report#3095229
WebmasterMod
Delray Beach, FL, Us

[quote=Single_again1960]I'd like to see either 2FA (2 Factor Authentication) or a time based security code (Google Authenticator or similar) for login[/quote]<p>We are working on two factor authentication</p>

Report#3077220
Single_again1960Regular
Scranton, PA, Us

I'd like to see either 2FA (2 Factor Authentication) or a time based security code (Google Authenticator or similar) for login

Report#3077125