Skip to main content

Social media, all websites with members have a constant threat of user accounts being hacked by bots and the ugly out there.
Our forum has 2 factor authentication installed but I haven't been enforcing it. See "Require two-step verification" in your control panel.
https://recording.org/account/two-step

I doubt many of us even know its there. I feel like I should enforce this upon all member to prevent your account from ever being hacked. What do you think?

It's a bit of a PITA to add to your login info but once its done, the maintenance is simple. We will get used to this. It's the only real secure solution to securing your account.

The question is, do you use it now?
If I enforce it, how do you think you will react?
:):mad:(n)o_O(y)

Thoughts?

Comments

audiokid Mon, 01/30/2017 - 20:28

Thanks for your response, Kurt.

The server (which is being monitored 24/7) and our global presence is widening. We get approx 20 brute attacks a day on the server it self. These attacks are coming from all over the world. Each morning I spend an hour looking over the entire system, security is top on my list.
We have never been destructively hacked (touch wood) but vbulletin members were not long ago, and many other forums have been hacked over the last few years.
The threat is very real. The sick minded want our identities and although it seems unlikely they will never get it from here, if they do... its to get whatever your name relates too, for other things like banking etc.
I make it a habit, never use a global password for logins. Meaning, the password I use for vbulletin, GS, my bank etc are all unique to that website login.
My password here is just for the forums. But, I am now doing two-step verification. Mind you, my security is very serious because I am managing it all.

KurtFoster Mon, 01/30/2017 - 20:35

everyone already knows my name. lol. my password is unique to RO. it's the one you assigned me when i registered. i also don't bank on line or do anything other than surf. no critical info of mine ever sees the internet. plus i use Linux. i think as long as everyone uses the id / password assigned by RO when they registered they will be fine. i don't need another layer of stuff to sort through. i also refuse to live a scared frightened person.

any security measure can be hacked if they want in bad enough. the past 12 months is proof plenty.

dvdhawk Mon, 01/30/2017 - 23:01

Are you worried about someone breaching the RO server, or the users' security?

If someone ever uses my RO identity to advise people to solder the hot to pin #1, and to buy a $50 condenser mic that should be a dead giveaway it's not me.

I agree with Kurt (if that in fact is his name). A second step wouldn't keep out anybody that really wanted to do damage, and I'm not sure what (if anything) they would gain from it.

Whatever you decide.

audiokid Mon, 01/30/2017 - 23:25

Thanks for chiming and sharing your comments, Dave.

dvdhawk, post: 447118, member: 36047 wrote: users' security?

Yes, users' security.

This notice is an extra security measure available to all registered members.
I am suggesting / recommending, if anyone is at all worried about their account information, we have Two-Step Verification available in our control panel. I am told it is the best security available for us now.

If I get a majority consensus to enforce the Verification, it is possible. As of now, the Two-Step Verification is up to each user.

Brother Junk Tue, 01/31/2017 - 06:36

Kurt Foster, post: 447112, member: 7836 wrote: i don't see why anyone would hack an RO account. too many people are scared of everything. i vote no.

I can't believe I'm saying this, but I agree with Kurt. I wouldn't have phrased it the way he did, but the underlying answer, I agree.

As for why someone would want to hack an RO account, it has little to do with the RO account. It has to do with gaining information to hack other accounts that matter, bank accounts, eBay, Paypal, CC's, etc.

Or, they will bring down a site just to show they can. Meaning the objective sometimes is just to cause chaos. Either way, it's probably not to hijack your RO identity, the purpose is usually much larger.

But, I'll do it whichever way you decide is best Chris.

pcrecord Tue, 01/31/2017 - 06:50

It goes without saying, it's not a good Idea to use the same password everywhere. I have a few levels of self imposed complexity passwords depending on the type of site I'm registering to.
If someone hacks my account on RO, I'd know right away since I login most everyday.
Thing is, someone with bad mental health and lots of free time can waste a lot of time and energy from RO members.

So, I'm in for anything you feel necessary Chris ..