Suggestion: 2-step verification

joemgap · Jun 9, 2014

Hello,

I want to suggest if possible that we may have the option to log in our account with 2-step verification using an "Authenticator" app, popularly the Google ones. For this can increase the security of our accounts with you. It doesn't have to be a mobile number but the use of an Authenticator app. I feel sorry to those who don't have smartphone. But please, x10Hosting, let us have this option.

I've seen this as a plugin for a WordPress self-hosted website so I presume that you can incorporate it as security measure option.

I'll look forward for the response of the x10Hosting team! Thank you very much!

Thank you!

Read more:
https://github.com/wstrange/GoogleAuth
http://stackoverflow.com/questions/5087005/google-authenticator-available-as-a-public-service
https://code.google.com/p/google-authenticator/

joemgap · Jun 10, 2014

Hello,

I want to suggest if possible that we may have the option to log in our account with 2-step verification using an "Authenticator" app, popularly the Google ones. For this can increase the security of our accounts with you. It doesn't have to be a mobile number but the use of an Authenticator app. I feel sorry to those who don't have smartphone. But please, x10Hosting, let us have this option.

I've seen this as a plugin for a WordPress self-hosted website so I presume that you can incorporate it as security measure option.

I'll look forward for the response of the x10Hosting team! Thank you very much!

Thank you!

Read more:
https://github.com/wstrange/GoogleAuth
http://stackoverflow.com/questions/5087005/google-authenticator-available-as-a-public-service
https://code.google.com/p/google-authenticator/

kenny9 · Jun 10, 2014

I do not need someone that only has a "smart"phone for a life to feel sorry for me because I choose not to be tied to a telephone of any type.

bmccoy11 · Jun 10, 2014

joemgap said:
Hello,

I want to suggest if possible that we may have the option to log in our account with 2-step verification using an "Authenticator" app, popularly the Google ones. For this can increase the security of our accounts with you. I doesn't have to be a mobile number but the use of an Authenticator app. I feel sorry to those who don't have smartphone. But please, x10Hosting, let us have this option.

I've seen this as a plugin for a WordPress self-hosted website so I presume that you can incorporate it as security measure option.

I'll look forward for the response of the x10Hosting team! Thank you very much!

Thank you!

Read more:
https://github.com/wstrange/GoogleAuth
http://stackoverflow.com/questions/5087005/google-authenticator-available-as-a-public-service
https://code.google.com/p/google-authenticator/

Unfortunately, 2-step verification isn't as easy as it seems. x10Hosting would have to set up its own SMS service, and would require a lot of work.

joemgap · Jun 29, 2014

I'm not talking about the SMS service on it. We can use Google Authenticator method of just having secret code in-sync.

joemgap · Jun 29, 2014

Still waiting for a reply.

leafypiggy · Jun 29, 2014

Hi,

We've been looking into something like this, however it's not really a priority.

You can create very secure passwords that even you don't know if you really need the security. Put your password behind two factor authentication like with LastPass or something similar.

essellar · Jun 30, 2014

... and whatever you do, you are restricting access for a significant number of users, which kind of runs contrary to the aims of providing free hosting in the first place. If you want 2FA, go for it - on your own site or on your own server (VPS).

Livewire · Jun 30, 2014

Just to quick clarify here, OP doesn't say "required" for all users:

I want to suggest if possible that we may have the option to log in our account with 2-step verification using an "Authenticator" app

Assuming we do it (which would require a fair amount of setup and testing to ensure it properly interfaces with all levels of our system, likely including the forum itself), I'm sure it would be presented as an available option, similar to the authenticators Blizzard uses for its games - you can enable it, but you don't have to.

Juuuust making sure everyone caught that one specific word as it makes a huge difference

I agree it shouldn't be forced upon all users (as noted, not all of us have smartphones, myself included), but I don't see any problem making it available to those who would like to use it, assuming we do decide to implement one.

joemgap · Jun 30, 2014

Ain't LassPass was attacked years ago?

joemgap · Jun 30, 2014

Livewire,

I'm grateful for clarifying up my very words said before.
Thanks for this positive response!
More power on you and the company, x10Hosting!

leafypiggy · Jun 30, 2014

Lastpass is not vulnerable or insecure in any way.

Suggestion: 2-step verification

joemgap

Member

joemgap

Member

kenny9

Active Member

bmccoy11

Member

joemgap

Member

joemgap

Member

leafypiggy

Manager of Pens and Office Supplies

essellar

Community Advocate

Livewire

Abuse Compliance Officer

joemgap

Member

joemgap

Member

leafypiggy

Manager of Pens and Office Supplies

Free Web Hosting

Our Community

Legal