Two-Factor Authentication for OzBargain?

cmdwedge on 22/03/2017 - 09:43

Hi OzBargain!

Has any consideration been given for adding two-factor authentication as an option for logging into the site? I use 2FA on absolutely every site that I can - I'm up to about 15 sites now.

2FA is free through apps like Google Authenticator, Authy (which I recommend!), etc. TOTP is a standard method of 2FA and is common as muck.

I can imagine that there would be some additional website coding, but it would improve security and peace-of-mind for security conscious nerds like me.

Thanks! wedge

Site Discussion

Comments

  • bejahi on 22/03/2017 - 09:47
    +20

    Excellent idea - imagine if someone exploited a weakness in single-factor auth to log in as you and post a deal!

    2FA would really reduce that risk.

    • cmdwedge on 22/03/2017 - 10:47

      I would argue that 2FA would reduce the workload for the site owners in case of a single factor breach.

      • scotty on 22/03/2017 - 11:56
        +2

        I agree that 2FA is a good idea security wise, however it would probably not reduce the workload of resolving account breach.

        We might have it implemented, but won't be of high priority.

  • Looking4Bargians on 22/03/2017 - 09:54

    Why would you do for the site which helps Public/Community to save some money ?

  • ChillBro on 22/03/2017 - 09:54
    +6

    Do people really value their ozbargain account that much? Then again, if I had Jv's account, I could sell it for enough dough to retire the next day.

    • iridiumstem on 22/03/2017 - 09:57
      +6

      I bet his password starts and ends with **.

      • retiredfeline on 22/03/2017 - 12:10
        +4

        That's rather bold of him.

  • Slippery Fish on 22/03/2017 - 10:01
    +4

    No…. Dont inconvenience us, go build a bunker in the cone of silence running a closed network with a old version of the site localy hosted and be happy. Us norms dont need that for a deal site.

    • cmdwedge on 22/03/2017 - 10:46
      +3

      Optional 2FA is an inconvenience?

      • [Deactivated] on 22/03/2017 - 11:05
        +1

        Generally if you are internet smart you will have different passwords for websites.
        A website like OZB will have a much less secure password, while your email and bank will have 2 different high secure passwords.
        This is due to the privacy concern I have with OZB is low, I dont have my complete real name on here, nor my DOB, nor an email I use for my daily communications (ebay/paypal etc).

        EG:
        My password for ozbargain is Pa55w0rd and no one has hacked me yet, while my email password is 7uz!!isB3st, and my bank is TuZ11B35tp4ssW0Rd!~

        • cmdwedge on 22/03/2017 - 11:10
          +1

          Haha. Still, I use Lastpass for all my 400-odd passwords. All are incredibly complex. 2FA on every damn site that allows me to.

          I used to have 4 tiers of passwords - low (Ozbargain), medium (sites I care about more), high (bank, email). But then the Adobe hack happened, then Yahoo, etc etc and I spent a few weeks changing every password that I could find to as complex and long as each site would allow.

        • Scrooge McDuck on 22/03/2017 - 20:28

          @cmdwedge:

          Do you have bars on your windows?

  • [Deactivated] on 22/03/2017 - 10:25
    +1

    2FA isnt that needed for a site like OZB, however can we have an option where we can use a VPN while logged in, I use IPVanish at home 90% of the time and I need to disconnect every time I comment as I get the IP Blocked message.

    EG:
    VPN access permitted once a member has 1000 posts and been a member for a year.

    • Moderatorneil on 22/03/2017 - 10:31

      You just need to contact us and we can bypass it.

      EDIT: Bypassed.

      • [Deactivated] on 22/03/2017 - 10:42
        +1

        damn youre a legend!
        was gonna doing to PM you once i got home :)
        Thanks!!

  • Godric on 22/03/2017 - 10:58

    Bypass mine to please so i can use my VPN? XD

  • Diji1 on 22/03/2017 - 11:32

    Seems like a waste of time for a site like this. I'd never use it because convenience.

  • Baghern on 22/03/2017 - 11:52

    Not really comfortable with giving sites my mobile number

    • hashtagbargain on 22/03/2017 - 12:27

      Using a mobile number to sms you a code is only one way of implementing 2FA (many banks do this, also apple).

      However, the more ideal/generic scenario would involve having a 3rd party authenticator app like OP has mentioned (Authy is my fav too). Most companies serious about security have implemented this(FB, Amazon, google, most bitcoin trade sites)

      Having an option of 2FA sounds great to me. OZB's strategy has never been to play catch up, but be at the forefront of usability and security.

  • bobbified on 22/03/2017 - 13:35

    Have I missed out on all the threads and complaints about users accounts being hacked or taken over or something?

    I can't see any real value or benefit in hacking the OzBargain site or it's associated accounts - there's no personal information that's of any value to anyone.

    So what's the point of having 2FA? We're not The Ozbargain Bank of Australia or anything.

    • cmdwedge on 22/03/2017 - 14:12

      I guess partially because people use the same password on multiple sites. Let's say, pombargain.co.uk gets hacked. All of their passwords spilled onto the net. People will try those passwords on other sites and they WILL work on some. 2FA breaks that. If OzB had 2FA, even with the correct password (haxx0red from the UK site), without the second factor of authentication, it's useless.

      It's not all about Ozbargain being hacked, but other sites that do get hacked and people re-use passwords.

  • Ryanek on 22/03/2017 - 14:35

    I use a password convention so all my passwords are different for each site ie. <Prefix related to site><common phrase><suffix>.
    For example for OzBargain it may be OBletmein00!

  • [Deactivated] on 22/03/2017 - 17:02

    Why do you use two-factor authentication for a bargain site? There must be something confidential in it… then you should create strong enough password that seems to be unbreakable. You are really a privacy-oriented nerd…

    • brisdaz on 26/03/2021 - 11:12

      There's lots of trading transactions.

  • straphlinger on 23/03/2017 - 08:43

    Sure, set up 2FA for OzBargain. Just supply, your Full Name, Mobile Number, DOB, Mothers maiden name, Kids Name, Favourite food, Favourite Dining Experience, eye colour, pets name, Address, postal address, car you drive ETC. Ahh, the sweet smell of personal data collection.
    My recommendation, manage your own security and level of risk. If you want to use the same credentials across multiple sites, go ahead. If you want to have a separate credential for every site feel free. If you want to reset them every month, more power to you. And if your not happy with the security on a site, don't use it.

  • terrys on 23/03/2017 - 08:47

    Are the critics serious or unmarried? I can think of two reasons you'd need high security, a present for the partner, and protection from the partner finding out what you are buying…

    • scotty on 23/03/2017 - 15:19
      +1

      Remember that your partner is most likely the one who has physical access to your mobile phone & 2FA app to log into your OzBargain account…

  • scupper on 25/03/2017 - 02:03

    With Ozbargain apps allowing you to log in, I have no confidence that they are not divulging your login details to another party or at least storing it securely inside your phone. To prevent access by a third party, would 2FA be the solution or OAuth?

    • scotty on 25/03/2017 - 09:20

      We have already implemented something similar to OAuth with Google or Facebook login. With 2FA it would certainly break all the "OzBargain apps" out there that store your login credential. We don't recommend those apps anyway especially those asking for your username/password.

  • Moderatormoocher on 10/04/2019 - 17:31

    Users who have opted in for beta features can now set up two factor authentication.

Login or Join to leave a comment
Login Join