2-Factor Authorization for Account Logins

Discussion in 'Requests' started by Codemonkey, May 30, 2015.

?

Should we get optional 2-factor authorization for more secure accounts?

  1. Yes

  2. Maybe

  3. No

  4. I don't know

Results are only viewable after voting.
  1. Codemonkey

    Codemonkey Registered User Member

    Messages:
    71
    Likes:
    18
    Local Time:
    4:39 AM
    Taking this idea from @Tyler's thread about BoonForum's new 2-factor authorization method, I thought I'd suggest it here.

    I believe we should be able to have a settable mode in Account Settings for either enabling or disabling this login method, for reasons such as preventing account hacking (let's say one got scammed of their login and they want to protect their account), or in cases of siblings on the same IP who may try and break into their brother/sister's account. It could work out like if it's enabled, then the user must enter an encrypted pass code or must click a link in their email account to disable the lock.

    Please consider this, thanks!
     
    Superior and Tyler like this.
  2. Tyler

    Tyler SpeedySRV Member

    Messages:
    971
    Likes:
    662
    Local Time:
    3:39 AM
    Boon:
  3. Tyler
  4. I think this would be a good idea if @123 or @Sledmore can implement an API to work with Google Authentication.
     
    Superior and Codemonkey like this.
  5. Hejwala

    Hejwala Registered User Member

    Messages:
    8
    Likes:
    13
    Local Time:
    10:39 AM
    Boon:
  6. Hejula
  7. Definitely. It can be implemented rather easily in about half an hour even quicker if you use something like Authy.
     
  8. 123

    123 Registered User Member

    Messages:
    74
    Likes:
    42
    Local Time:
    10:39 AM
    Boon:
  9. 123
  10. If this gets enough votes I'll do it.
     
    Codemonkey likes this.
  11. Ralph

    Ralph KING Member

    Messages:
    1,237
    Likes:
    376
    Local Time:
    6:39 AM
    Boon:
  12. ralph
  13. Would you really want to take your time, open your email, click on a link and wait for it to load just to protect your account a bit more, rather than just make a harder password?
     
  14. Kyle

    Kyle Habboon Staff Member

    Messages:
    58
    Likes:
    16
    Local Time:
    10:39 AM
    Boon:
  15. MOD-Kyle
  16. You would have the choice.. Some people would love it.
     
  17. 123

    123 Registered User Member

    Messages:
    74
    Likes:
    42
    Local Time:
    10:39 AM
    Boon:
  18. 123
  19. It wouldn't be via email, it'd be an app you download on your phone + it'd be optional.
     
    Superior and Tyler like this.
  20. Tyler

    Tyler SpeedySRV Member

    Messages:
    971
    Likes:
    662
    Local Time:
    3:39 AM
    Boon:
  21. Tyler
  22. I already implemented this for the forums. It doesn't include the use of logging into your email to verify anything. You simply download a bar code scanner app and Google Authenticator app to your mobile device. When you add a device to your account, you will be automatically generated a random QR code. You scan that QR code with the bar code scanner app which will then open Google Authenticator where an authorization code is regenerated every 30 seconds which you would enter whichever one is generated at the time to fully access your account. Strong passwords or not, an account can be accessed if a true attacker wanted to.
     
  23. Codemonkey

    Codemonkey Registered User Member

    Messages:
    71
    Likes:
    18
    Local Time:
    4:39 AM
    Bumping up the thread, anyone else think we should get this?
     
  24. Zachary

    Zachary Registered User Member

    Messages:
    28
    Likes:
    6
    Local Time:
    5:39 AM
    Boon:
  25. Zach
  26. I think if people want that much security then it's great! Would be great, have my vote!
     
  27. Superior

    Superior Problematic Forum Moderator

    Messages:
    358
    Likes:
    118
    Local Time:
    4:39 AM
    Boon:
  28. Roi
  29. Bumping this thread just because it would be really nice to add this feature on the hotel. Some advantages I think of this is:
    • More secured accounts
    • Avoid people making ban appeals and blame it on his/her siblings/cousins.
    • Secure Accounts
    • And did I say secure accounts
    Probably just make this an option like in BoonForums so people who wants to use this, can. Possible con is:
    • Removed app from phone (actually happened to me after I restored my phone. thank God @Tyler helped me) -- but could be fixed with a password reset

    Another reason for bumping is for people to vote on this for those who haven't yet

    @Sledmore @Wouto

    Sorry for bumping. :( #InfractionIncoming Ahhhh
     
    T J and Tyler like this.
  30. Ralph

    Ralph KING Member

    Messages:
    1,237
    Likes:
    376
    Local Time:
    6:39 AM
    Boon:
  31. ralph
  32. What do you mean by this? Anyways, this could be a good idea as long as it's kept optional and not forced on the users
     
  33. Superior

    Superior Problematic Forum Moderator

    Messages:
    358
    Likes:
    118
    Local Time:
    4:39 AM
    Boon:
  34. Roi
  35. I restored my phone and it lost the app (Google Auth) from my phone and when I download it again, it's not showing my BoonForums account codes. I messaged Tyler if he could temporarily turn off the "2-Factor Authorization" from account so I access my account again. And he did.

    If this will be an option on the hotel, they could just probably request for password reset or probably just same format as password reset but just turn off it on their account for them to access it.

    I may not make sense right now because I'm sleepy af.


    -- Edit --
    Scratch that first paragraph from this reply. Because I really didn't read the message you quoted - properly.

    If they removed their auth app, they will have problem logging in to the hotel if it asks for the code like what happened to me but had Tyler helped fixed it.
     
    Last edited: Nov 10, 2015
  36. Lee

    Lee Lee the Legend ;) Member

    Messages:
    204
    Likes:
    80
    Local Time:
    10:39 AM
    Boon:
  37. Lee
  38. Yeah, this is a good suggestion.
     
    Superior likes this.
  39. Imperial

    Imperial Registered User Member

    Messages:
    547
    Likes:
    176
    Local Time:
    11:39 PM
    Boon:
  40. Imperial
  41. Could we add protection like Habbo has. For example, if it's a new IP on the account a security question pops up?
     
    T J likes this.