Two-Step Verification/Two-Factor Authentication

Discussion in 'New Forum Features and User Guides' started by wagonmaster, Sep 9, 2015.

  1. wagonmaster

    wagonmaster Administrator Staff Member Moderator

    Joined:
    May 6, 2006
    Messages:
    12,286
    Likes Received:
    1,928
    Trophy Points:
    1,122
    Wagon Garage:
    2
    To improve account security, many popular websites have enabled two-step verification/two-factor authentication. You may optionally enable this for your forum account. In addition to your forum password, you will be required to provide a second set of credentials to complete your login. If someone were to obtain your forum password, they would not be able to login without the second set of credentials. To simplify the two-step login, you may register your device(s) as a trusted device for 30 days and you will not be prompted for the second set of credentials when logging in/out of the forum. At any time, you can revoke your trusted device(s).

    Go here to set up two-step verification.
    upload_2015-9-9_23-16-3.png

    You will be asked for your forum password
    upload_2015-9-9_23-17-28.png

    Select the two-step verification method you would like to use
    upload_2015-9-9_23-18-29.png

    If you select the Verification Code via App option, you will be required to have the 3rd party apps installed.
    upload_2015-9-9_23-20-27.png

    To stop trusting a device or if you need to revoke that trust for other devices, you can do this from the two-step verification setup page.
     
  2. ModelT1

    ModelT1 Still Lost in the 50's

    Joined:
    May 18, 2011
    Messages:
    22,124
    Likes Received:
    1,435
    Trophy Points:
    808
    Wagon Garage:
    1
    Location:
    Central Illinois
    I don't use the phone and no one else uses my home computer. Should I still have a second password or verification?
     
  3. wagonmaster

    wagonmaster Administrator Staff Member Moderator

    Joined:
    May 6, 2006
    Messages:
    12,286
    Likes Received:
    1,928
    Trophy Points:
    1,122
    Wagon Garage:
    2
    No need for it in your case.
     
    ModelT1 likes this.
  4. jaunty75

    jaunty75 Middling Member

    Joined:
    Jan 25, 2010
    Messages:
    5,845
    Likes Received:
    750
    Trophy Points:
    295
    Location:
    Southeast Michigan
    Two-step verification is fine, in my opinion, for financial and other life-critical websites (banks, brokerages, anything having to do with your money or your job), but for a site about station wagons? Really? Someone is going to steal my login credentials for this site so they can do what? Log in as me and make nasty comments about someone's car? That seems unlikely, and, even if somebody did something like that, it's hardly a life-shattering event on a par with having your identity stolen or your bank account cleaned out. In short, two-step verification is really overkill for a site like this.
     
  5. wagonmaster

    wagonmaster Administrator Staff Member Moderator

    Joined:
    May 6, 2006
    Messages:
    12,286
    Likes Received:
    1,928
    Trophy Points:
    1,122
    Wagon Garage:
    2
    Two-step verification is optional and can be beneficial to members who login to the forums on devices that they are temporarily using. If they forget to logout from the device and no longer have access to it, they can revoke the trust for that device. In most cases its overkill, however this is a standard feature that is a part of the software.
     
  6. jaunty75

    jaunty75 Middling Member

    Joined:
    Jan 25, 2010
    Messages:
    5,845
    Likes Received:
    750
    Trophy Points:
    295
    Location:
    Southeast Michigan
    True, but, in reality, prior to the addition of this feature with this software (and this site has been around for many years now), exactly how many times was this a problem for someone? I'm going to guess zero or nearly zero. If someone now does use a public computer to access the site and forgets to log off, how many of them are going to remember that "revoking the trust" for that device is something they can do (which they would have to do from another computer), and, even if they do remember that they can revoke the trust, how many of them will know HOW to do it?

    I've got nothing against the feature, and more power to those who want to use it, but this is a classic example of fixing something that ain't broken.
     
  7. wagonmaster

    wagonmaster Administrator Staff Member Moderator

    Joined:
    May 6, 2006
    Messages:
    12,286
    Likes Received:
    1,928
    Trophy Points:
    1,122
    Wagon Garage:
    2
    This feature is part of the new forum software, I did not develop it.

    This guide tells you how to do it. If you go through the trouble of setting it up, the odds are that you use this elsewhere and would know about revoking a trusted device.

    The software developers add features based on demand on customer demands
    https://xenforo.com/community/threads/two-step-verification-and-security-improvements.99881/
     

Share This Page