2-step verification support

News for the main page
User avatar
Edge100x
Founder
Founder
Posts: 12945
https://www.youtube.com/channel/UC40BgXanDqOYoVCYFDSTfHA
Joined: Thu Apr 18, 2002 11:04 pm
Location: Seattle
Contact:

2-step verification support

Post by Edge100x »

We added 2-Step Verification as an option last month! For increased security, we recommend that customers enable this feature through the control panel, under "My account".

Using 2SV means that an extra code will be sent to your email when a log in is attempted (we also support authenticator apps). If an attacker somehow finds out your password and tries to access your account, the extra step should stop the attempt, as long as your email account is secure.

We're also activating this feature automatically for dormant accounts that haven't been used in a long time, such as a year, to protect customers who may leave payment sources on their accounts here and forget about them. We've seen a few cases of an attacker using credentials stolen from elsewhere to log in to old accounts and attempt purchases.
User avatar
Edge100x
Founder
Founder
Posts: 12945
Joined: Thu Apr 18, 2002 11:04 pm
Location: Seattle
Contact:

Re: 2-step verification support

Post by Edge100x »

We've also made some other minor behind-the-scenes security improvements, such as enhanced CSRF protection and tokenized login credentials.
User avatar
sniperfodder
New to forums
New to forums
Posts: 12
Joined: Wed Nov 23, 2011 1:22 am

Re: 2-step verification support

Post by sniperfodder »

Nice, will you be bringing MFA to the forums as well?
[ILSN]SniperFodder
Naleksuh
This is my homepage
This is my homepage
Posts: 298
Joined: Thu Jul 25, 2019 12:35 am

Re: 2-step verification support

Post by Naleksuh »

sniperfodder wrote: Tue Apr 11, 2023 1:46 pm Nice, will you be bringing MFA to the forums as well?
The forums are a completely seperate software on a completely seperate login. I do think a unified login would be simpler especially because email is becoming less of an identifier in modern times and adding usernames to NFO logins would be useful.
User avatar
Edge100x
Founder
Founder
Posts: 12945
Joined: Thu Apr 18, 2002 11:04 pm
Location: Seattle
Contact:

Re: 2-step verification support

Post by Edge100x »

Not a high priority for the forums to have MFA/2FA/2SV, since an attacker wouldn't be able to do much damage (nothing could be deleted, for instance). But it's something we can consider.

We have thought about combining the forums login with the login from the main site but have not implemented that. It would be a bit complicated, both up-front and ongoing in terms of maintaining the forums software, and there are just higher priorities on the list.
Naleksuh
This is my homepage
This is my homepage
Posts: 298
Joined: Thu Jul 25, 2019 12:35 am

Re: 2-step verification support

Post by Naleksuh »

if you do ever combine them, will we know in advance? Currently my NFO login and NFO forums login use different emails so if they were combined without warning it might cause issue for me. I am glad to see more priority issues fixed though; slowly but steadily
User avatar
Edge100x
Founder
Founder
Posts: 12945
Joined: Thu Apr 18, 2002 11:04 pm
Location: Seattle
Contact:

Re: 2-step verification support

Post by Edge100x »

There would have to be some merging functionality, and further communications, but I don't have details, since I have not explored it in depth.
Naleksuh
This is my homepage
This is my homepage
Posts: 298
Joined: Thu Jul 25, 2019 12:35 am

Re: 2-step verification support

Post by Naleksuh »

Also, could you consider stopping announcements that are exclusive to Facebook? "Delete facebook" is a very popular thing and I would have never had one in the first place if it weren't for NFO servers. Facebook also makes you have an account just to read them. I would appreciate if you could post them in at least one other place, such as on the forums or on Twitter (which seems to have not tweeted in 4 years). That way, people can read announcements without using Facebook, but if they don't read the Facebook page, worry that they are missing something. It wouldbe helpful
User avatar
Edge100x
Founder
Founder
Posts: 12945
Joined: Thu Apr 18, 2002 11:04 pm
Location: Seattle
Contact:

Re: 2-step verification support

Post by Edge100x »

Any important news is posted to Facebook and here, or to users/event logs accounts directly.

You are welcome to delete your Facebook account if you wish. A Facebook account is not needed to read the Facebook feed.

The FB->Twitter plugin broke years ago and Twitter is such a terrible mess right now that we don't plan to start manually posting there.
Naleksuh
This is my homepage
This is my homepage
Posts: 298
Joined: Thu Jul 25, 2019 12:35 am

Re: 2-step verification support

Post by Naleksuh »

It is needed, https://www.facebook.com/nfoservers has a popup telling you to login and it used to directly redirect you to the login screen. Even mbasic.facebook.com the only way to use Facebook without proprietary code makes you log in.

I was asking because I thought all annoucements were here but when I loaded the page I saw a huge amount of Facebook-only stuff that I had no idea I was missing. hiimcody1 also was not aware that these Facebook posts were occuring even though he is an employee
User avatar
Edge100x
Founder
Founder
Posts: 12945
Joined: Thu Apr 18, 2002 11:04 pm
Location: Seattle
Contact:

Re: 2-step verification support

Post by Edge100x »

https://www.facebook.com/nfoservers is not requiring me to log in to see anything on a new incognito window. It has an annoying banner advertisement at the top and bottom, but everything is functional (news can be expanded, all comments viewed, etc.).

hiimcody1 is definitely aware of all of the same information that you see posted there.

I can certainly appreciate that you don't like Facebook.
Naleksuh
This is my homepage
This is my homepage
Posts: 298
Joined: Thu Jul 25, 2019 12:35 am

Re: 2-step verification support

Post by Naleksuh »

This was about a year and a half ago. I mentioned to him that the Facebook page was posting things the forums were not, and he seemed surprised it was still being used at all.

At this time, https://www.facebook.com/nfoservers would immediately server-side redirect you to the login screen. Now, it just shows a popup telling you to log in. And when you X it, it just shows up again about a quarter of a second later. Meaning you cannot realistically do anything on the site. Looks like this for me:
Image
And it used to not even let you do that, just immediately redirecting you to the login screen. mbasic still does this.
I can certainly appreciate that you don't like Facebook.
I don't dislike it more than anyone else. I did not mean to come off as anti-Facebook, I just thought it would be nice for you to put announcements in at least one other spot so that I, and other customers, can more easily read them
User avatar
TimeX
Staff
Staff
Posts: 1730
Joined: Thu Jul 22, 2004 12:24 am
Location: Big Bear, CA

Re: 2-step verification support

Post by TimeX »

I can confirm what Edge100x is seeing. I see the exact same thing here using plain old Chrome, including disabled ad/popup blocker.
TimeX
User avatar
Edge100x
Founder
Founder
Posts: 12945
Joined: Thu Apr 18, 2002 11:04 pm
Location: Seattle
Contact:

Re: 2-step verification support

Post by Edge100x »

Odd. Maybe they're doing some A/B testing there, or they treat apparent proxy IPs differently.

We just post little bits there that don't justify a full-blown news post. Possibly I can create a new forum to double-post here.
User avatar
Edge100x
Founder
Founder
Posts: 12945
Joined: Thu Apr 18, 2002 11:04 pm
Location: Seattle
Contact:

Re: 2-step verification support

Post by Edge100x »

Yes, looks like FB just requires a login for proxies/VPNs. I don't use a VPN most of the time and didn't know they did this. Presumably it's so they can track and monetize users more thoroughly. I do not appreciate it.
Post Reply