Get Paid to Participate - up to $1 per post!     Twitter     Facebook     Google+
Hosting Discussion
 

Hosting Discussion > Web Hosting Forums > Website Development & Design > Two factor authentication implementation...
forgot password?


Reply


Old
  Post #16 (permalink)   07-27-2016, 02:58 AM
HD Newbie
 
Join Date: Jul 2016
Posts: 7

Status: persuasiv is offline
I will suggest not to bother user to confirm their identity with Two-Factor Auth every time when they want to log in!
On the other hand, you may perform a basis check of IP address when they login. Assuming that you store login IP Addresses history, you may compare locations! If once the login IP is from Kazakhstan and the user is from USA, and he usually login from USA, then you may push Two-Factor Auto to confirm his identity.
You can also push T-F Auth on big orders.
__________________
I am over critical thinking. It is like checking everyday if gravity works!
Anyway, dedicated servers here: 1way.pro
 
 


Old
  Post #17 (permalink)   07-27-2016, 08:41 AM
HD Guru
 
Join Date: Mar 2013
Posts: 781

Status: Alex HubRocket is offline
I agree with people that you should avoid making things a hassle for your customers. At the same time, certain customers (especially any larger, stricter companies that you may or may not get) may wish to have additional security measures in place.

You could meet your clients in the middle. Have a mix of the standard: SSL certificate, password strength hints etc but then offer 2 factor to those that want to enable in the clients portal. Those that want it, have it. Those that would have stopped buying from you simply don't have to enable it.

@1wayhosting - Google uses Geo detection when you sign in to any Google service and will act according to how a profile is set up. In some cases it will just send an alert to the backup email account informing them a login to place, the general location an device. But if set to do so, it can actually block the login until you provide additional verification (SMS, secret q answer etc).
 
 


Old
  Post #18 (permalink)   07-27-2016, 10:17 AM
HD Amateur
 
Join Date: Dec 2004
Posts: 56

Status: CDNgine is offline
There was an interesting small article out yesterday discussing how NIST is now recommending that SMS should no longer be used in TFA.

https://www.engadget.com/2016/07/26/...on-guidelines/
__________________
★ ★ ★ ★ https://www.cdngine.com ★ ★ ★ ★
26 Global POP's Pure SSD CDN Full Featured
Unlimited Zones Video Streaming HTTPS/SSL & SPDY
 
 
 


Old
  Post #19 (permalink)   07-28-2016, 04:56 AM
HD Wizard
 
easyhostmedia's Avatar
 
Join Date: Mar 2011
Location: Northumberland, UK
Posts: 4,537
Send a message via MSN to easyhostmedia

Status: easyhostmedia is offline
cPanel now provide Two-Factor Auth which can be enabled in the root WHM.
This then places a icon in clients cPanel, so clients can chose to enable this or not.

Yes it may but some clients off, but for us as business owners the more lines of security we can use helps protect our infrastructures
__________________
Terry Robertson - CEO The Easyhost Media Group
Niceday Hosting - Affordable Hosting
PowerSSL - - We Secure your World
The Scamlist Forum - Fighting against scammers
 
 
 


Old
  Post #20 (permalink)   08-13-2016, 10:47 PM
HD Amateur
 
Join Date: Aug 2016
Posts: 62

Status: serverbundle is offline
Personally, two-factor authentication is really something which should be available as a feature on all major websites or places where crucial data is being stored.

Nowadays there are a lot of different services which help to make the two-factor authentication process for the client as smooth as possible to name a few - Google Authenticator , Authy , LastPass ( Now supports Two Factor ).
__________________
▀▄ ServerBundle.com, Go bare and get the whole box to yourself !
▀▄ 100TB Dedicated Servers
▀▄ Netherlands Dedicated Servers
▀▄ Ask for a quote today Email: sales-at-serverbundle.com
 
 
Reply
Previous Thread Next Thread


Thread Tools

New Post New Post   Old Post Old Post
Posting Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Sponsored By: