Two-factor authentication is now available
Another excellent open-source contribution has been deployed today - @oden has added two-factor authentication support (via TOTP apps like Google Authenticator). Here's the code, if anyone wants to take a look.
If you want to set it up for your account, the link is available on the settings page. If you do, please please please write down or store the backup codes that it gives you after you enable it. If your phone dies or you otherwise lose access to your 2FA device, you won't be able to recover access to your Tildes account.
On that note, I wanted to ask for input about whether I should be willing to bypass 2FA for people if they've set up the email-based account recovery. People will lose access to their 2FA device and not have the backup codes, and I don't know if just telling them that I can't help them is truly the best thing to do. Allowing it to be bypassed does lower the security, but sometimes it's a reasonable trade-off. One possibility is adding a security option that people could enable for maximum security, like "Do not bypass 2FA for me under any circumstance, I promise that I've kept my backup codes".
Let me know what you think about that, as well as if you have any concerns or notice any issues with the feature. Thanks again, @oden!
Yay! Thanks @oden!
I personally like the idea of having an option to bypass. The most often my 2FA has actually kicked in is when I'm on vacation and don't have my physical device or codes. (And I know it's my own fault, but having the option gives me a bit of breathing room, without horribly compromising security). And honestly, in this case, I could probably just live without Tildes while I'm away, but also am not too worry to have the bypass.
True, but I think it's also worth keeping in mind that this is basically a message board. Having your account compromised here is likely to be more on the "annoying" end of the scale than the "devastating" one. Treating 2FA as un-bypassable is definitely reasonable for banks, DNS providers, etc. but is probably overkill for the large majority of accounts here.
Sure, but like I said, it's a trade-off. You're comparing:
vs.
One of those scenarios is far more likely than the other one, and I don't think it's unreasonable to be able to handle it while still giving people the option to maximize the security if they're concerned about it.
Pretty cool, going to enable it ASAP
EDIT: On the app sugestions there should be AndOTP which is an open source app for OTP (not sure if the other sugested ones are open source or not)
FreeTOTP is a great app. It currently looks horrendous on iOS because it hasn't been updated in so long (4 years without an update), but I've never had any issues with its functionality. Its also worth noting that codes are saved across iPhone backup/restores to new devices, unlike some other authentication apps.
nice to know :) i may try it, now i'm using andOTP and i'm quite happy with it.
Wasn't FreeTOTP that was developed by redhat?
Yes, FreeOTP is developed by RedHat. I suggested it because it's FOSS and it's available on both iOS and Android. (as opposed to just Android like andOTP)
Oh sure, that should be simple enough to add. Thanks for pointing it out.
Oh boy! I was actually reading this on Gitlab last night and saw it was close! Thanks.
I also realized there is documentation on setting up a development environment and a vagrant file in the docs too. Really cool to see the stack the site runs on.
I'm not sure I understand the need for two-factor authorisation here. It's not like someone hacking this account is going to get access to my money or my personal information. And, if you're the sort of person who's invested enough to use two-factor authorisation, you're also the sort of person who's invested enough to create a strong password - so you'll be less likely to actually need two-factor authorisation. The people who are most likely to need this are the people who are least likely to use it: they already didn't put much effort into creating a strong password, so they won't put in the effort to enable two-factor authorisation.
Having said that...
I don't see why there would be a work-around. If you choose to set up a high level of security on your account, then you shouldn't be able to get around that security easily. Otherwise, what's the point of having the feature at all?