Discussion Forum: Thread 227024

 Author: bb465020 View Messages Posted By bb465020
 Posted: Oct 19, 2017 13:29
 Subject: Two-Factor Authentication -2FA
 Viewed: 123 times
 Topic: Suggestions
 Status:Open
 Vote:[Yes|No]
Cancel Message
Cancel		Reply to Message
Reply
BrickLink
ID Card

bb465020 (415)

Location:  USA, Massachusetts
Member Since Contact Type Status
Feb 27, 2014 Contact Member Seller
No Longer RegisteredNo Longer Registered
Store Closed Store: Mercht Bricks
No Longer Registered
Correct me if I am wrong, but I have never noticed an option for two-factor authentication
on BrickLink and I think that in this day and age most websites and services
should include it.

So...

I propose the addition of two factor authentication (via SMS code).

- Mercht
 Author: jonwil View Messages Posted By jonwil
 Posted: Oct 22, 2017 23:48
 Subject: Re: Two-Factor Authentication -2FA
 Viewed: 49 times
 Topic: Suggestions
Cancel Message
Cancel		Reply to Message
Reply
BrickLink
ID Card

jonwil (82)

Location:  Australia, Queensland
Member Since Contact Type Status
Jul 9, 2002 Member Does Not Allow Contact Buyer
Buying Privileges - OK
2FA via SMS code is a stupid idea and all kinds of security experts are recommending
against the practice (including NIST in the USA). If they are going to implement
2FA they should use something like U2F https://en.wikipedia.org/wiki/Universal_2nd_Factor
which has none of the problems of other 2FA solutions. Such a solution would
(if implemented properly) completly stop the hacking attacks that have plagued
Bricklink in the past.