Two Factor Authentication

[wiscoaster]

I'm sorry, but if you make two-factor authentication mandatory, you will lose me. Two-factor authentication is a freakin' pain in the arse, and since I know I'm cautious enough to protect myself as much as is necessary already, it's an additional (and onerous) additional level of protection I don't want and don't think I need. Two-factor authentication should be an option, not a mandate.

I suspect those members that have been harmed wouldn't have been spared by two-factor authentication.

 

[jerry]

I'm curious about this, I did it and so far its a pain. I have to have my phone every time I want to log on? Is this necessary these days? Also, is there a proper forum where you discuss these changes at Talkbass? Thanks in advance!

 

[Mr_McBride]

I see the messages about mandatory MFA.

I really think that is way overkill for a forum, and, IMHO, not worth the hassle. If you enforce MFA, I will simply move to another forum.

 

[Jack]

Seriously? For a bass forum?

How about you need mfa to access the classifieds?

 

[paul]

I'm sorry, but if you make two-factor authentication mandatory, you will lose me. Two-factor authentication is a freakin' pain in the arse, and since I know I'm cautious enough to protect myself as much as is necessary already, it's an additional (and onerous) additional level of protection I don't want and don't think I need. Two-factor authentication should be an option, not a mandate.

I suspect those members that have been harmed wouldn't have been spared by two-factor authentication.

It involves entering a code emailed to you, once a month.

 

[paul]

Seriously? For a bass forum?

How about you need mfa to access the classifieds?

I suspect it’s the thinking that “it’s only a bass forum” that has caused so many here to reuse passwords. Do you know how much time the staff here spends playing wack a mole with scammers? It looks like about 14 accounts were broken into TODAY. We have to be fast in banning them before they post classifieds. Some even buy a supporting membership to rip us off. IMO it’s a small price to pay to enter a 6 digit code once every 30 days.

 

[Bass Ape]

Honestly, 2FA / multi factor auth is extremely important in digital security.

Most people reuse passwords so just a password is not enough. This is not just for your security but also the security of everyone else on this forum and the forum itself.

for example, suppose a scammer gets access to the forum. They now have potentially thousands of ppl they can social engineer into a scam. They do t need thousands, just one or two to make it worth their time. Ppl are moving $ in The classifieds. So there is money on the table for the scammers.

2FA, however, will look different in the near future when more sites adopt a web3 model and passkeys will be the only authentication you need to connect to a site.

OK, so you don’t care who has your info and access, because what are they going to steal if you’re too smart or have nothing to take. Then please think about all the other folks here on TB.

 

[gln1955]

It involves entering a code emailed to you, once a month.

Why don't you explain that this is how it works up front? When I went to sign up for 2FA, it recommended against the email option. The prospect of needing my phone to log into TB was very off-putting.

 

[Bass Ape]

Using Google Auth for 2fa is much raiser than finding a relevant thread with the search feature here. Just saying.

I personally use a hardware key that keeps my TOPT 2fa off my devices until I need them.

 

[wiscoaster]

...
Most people reuse passwords so just a password is not enough.... Then please think about all the other folks here on TB.

Just goes to show that people should be responsible for their own security. It should not be enforced upon them. The forum isn't held responsible for harm caused by fraud. Therefore the forum shouldn't feel it's their responsibility and their mandate to enforce protection on those members that don't need or don't want it.

 

[Bass Ape]

The thing is, what happens when your lack of security puts me a risk?

I agree that everyone should be responsible for their own level of security. However if a server owner requires it for their or their users protection, then they have all the right to run the server as they see fit.

the amount of scammers in the digital space are underestimated by most ppl.

its not 2003 anymore, our digital walls need to be more robust now days.

 

[Bass Ape]

Just goes to show that people should be responsible for their own security. It should not be enforced upon them. The forum isn't held responsible for harm caused by fraud. Therefore the forum shouldn't feel it's their responsibility and their mandate to enforce protection on those members that don't need or don't want it.

You would feel differently if the mods were not banning hacked accounts and scammers.

Your talkbass would be a very sad place to visit.

 

[Major Seven]

Why don't you explain that this is how it works up front? When I went to sign up for 2FA, it recommended against the email option. The prospect of needing my phone to log into TB was very off-putting.

And then you have the pleasure of more junk phone calls from whoever steals/buys the info.

 

[MuseChaser]

Using Google Auth for 2fa is much (easier) ....

Easier is not always better. My phone and tablet (android devices) are Google-free, and it sure wasn't easy, but it's worth it to me to remain clear of the Google-verse, or at least as much as humanly possible. I remember fondly a time when our lives and daily activities weren't commodities.

 

[Bass Ape]

And then you have the pleasure of more junk phone calls from whoever steals/buys the info.

Phone 2fa here is not via text, it’s using Google auth or authy. These both give you a unique 6 digit code to use to log in. This code changes every 60 seconds. So when you log into the server with the code, the server checks the code to see if it’s the same. If it is then you’re in.

You will get no one calling you.

 

[Bass Ape]

Easier is not always better. My phone and tablet (android devices) are Google-free, and it sure wasn't easy, but it's worth it to me to remain clear of the Google-verse, or at least as much as humanly possible. I remember fondly a time when our lives and daily activities weren't commodities.

So do t use Google auth, use authy.

I actually do t use either, I have a hardware key. In order for someone to get my codes, they would need physical access to the key.

 

[Bass Ape]

Easier is not always better. My phone and tablet (android devices) are Google-free, and it sure wasn't easy, but it's worth it to me to remain clear of the Google-verse, or at least as much as humanly possible. I remember fondly a time when our lives and daily activities weren't commodities.

Long gone days!!! The world looks and operates differently now.

 

[buldog5151bass]

Why don't you explain that this is how it works up front? When I went to sign up for 2FA, it recommended against the email option. The prospect of needing my phone to log into TB was very off-putting.

Yes. Obviously one code a month is easier that a text every time you want to use the site. @paul please let us know if the email is OK, or if it is recommended to use text.

 

[Bass Ape]

Yes. Obviously one code a month is easier that a text every time you want to use the site. @paul please let us know if the email is OK, or if it is recommended to use text.

It’s not a text, it’s a code via an authentication app.

 

[jerry]

Did we get a heads up on this? Now that it's been explained why, I don't mind, it just hit me when I went to login. My old man brain gets confused.