Discussion Forum: Thread 351365 |
|
|
| | Author: | cosmicray | Posted: | Dec 10, 2023 07:30 | Subject: | Emergency Brake | Viewed: | 176 times | Topic: | Suggestions | Status: | Open | Vote: | [Yes|No] | |
|
| This is a suggestion to give sellers a mechanism to do a hard shutdown of their
store, at any time day or night, week or weekend, if they have lost control for
unexpected reasons.
The emergency break would be a one time, BL generated sequence, that is very
long and random (similar to a MD5 hash). Once generated and verified, the seller
would store it offline in case ever needed if an emergency should arise.
Usage of the emergency brake feature would not require the seller to have password
access, because the password access could have been compromised. The length of
the emergency token would allow BL to relate to a specific store without any
chance of ambiguity.
Once the emergency brake has been pulled, the seller's store is locked, password
is no longer active, and seller must converse / authenticate with the help desk
to begin the process of resetting the password and remediating the cause. It
is a mechanism to prevent further damage (to the store, to unsuspecting buyers,
and to BL's reputation).
Nita Rae
|
|
|
| | | | | |
| | | | Author: | Gaston.La.Brick | Posted: | Dec 10, 2023 09:14 | Subject: | Re: Emergency Brake | Viewed: | 63 times | Topic: | Suggestions | |
|
| I see the potential (so I voted yes).
However, I think there are better, more standardized improvements on the security
topic to prevent having accounts hacked.
Example: 2 factor authentication, where your password alone is not sufficient,
but you need to duplicate a code sent to your mobile phone (or via an authenticator
app).
It will drastically avoid your account being hacked in the first place, so the
need for an emergency brake would be less needed.
|
|
| | | | | | | | | |
| | | | | | Author: | jonwil | Posted: | Dec 11, 2023 04:11 | Subject: | Re: Emergency Brake | Viewed: | 50 times | Topic: | Suggestions | |
|
| BL should support 2FA via both TOTP authenticator apps (Google Authenticator
and similar) and hardware keys (U2F/WebAuthn or whatever its called these days)
Both are far more secure as a 2FA solution than either email based one-time codes
or SMS based one-time-codes.
|
|
| | | | | | | | | | | | | |
| | | | | | | | Author: | yorbrick | Posted: | Dec 11, 2023 04:49 | Subject: | Re: Emergency Brake | Viewed: | 35 times | Topic: | Suggestions | |
|
| In Suggestions, jonwil writes:
| BL should support 2FA via both TOTP authenticator apps (Google Authenticator
and similar) and hardware keys (U2F/WebAuthn or whatever its called these days)
Both are far more secure as a 2FA solution than either email based one-time codes
or SMS based one-time-codes.
|
2FA for what though?
There are plenty of aspects of selling (and buying) that do not need 2FA. If
a seller is changing payment methods or their contact details, I can understand
protecting that. But logging on to access an order, for example, it is an unnecessary
waste of time.
|
|
|
|
|
|