Request for feedback: Security log

Forum for alternative clients, mods & discussions on the same.

Re: Request for feedback: Security log

Postby noindyfikator » Fri Aug 19, 2022 10:56 am

shubla wrote:
displaced wrote:cool, but why not just implement 2FA? (if there is a concern for safety)

Why not indeed.
Only disadvantage I see is when people lose their 2FA tokens and didn't take up the recovery codes.


This disadvantage is like when you lose key to your house, you won't get in.. xD It's how it works, it's not disadvantage
W3 - W10 - Hermit / small plots with spruces
W11 - The Friend Zone
W12 - KoA aka Kingdom of Ashes
W13 - Monke
W14 - Alpaca Farm aka Animal Planet
W15 - Whatever Bay - The Greatest Siege Defense Victory in Haven History - https://www.youtube.com/watch?v=KhyUveSeZ0Q
User avatar
noindyfikator
 
Posts: 827
Joined: Fri Jul 15, 2011 11:10 am

Re: Request for feedback: Security log

Postby shubla » Fri Aug 19, 2022 11:56 am

noindyfikator wrote:
This disadvantage is like when you lose key to your house, you won't get in.. xD It's how it works, it's not disadvantage

Well yes but no.
Image
I'm not sure that I have a strong argument against sketch colors - Jorb, November 2019
http://i.imgur.com/CRrirds.png?1
Join the moderated unofficial discord for the game! https://discord.gg/2TAbGj2
Purus Pasta, The Best Client
User avatar
shubla
 
Posts: 13043
Joined: Sun Nov 03, 2013 11:26 am
Location: Finland

Re: Request for feedback: Security log

Postby loftar » Fri Aug 19, 2022 1:02 pm

The reasons I'm holding off with 2FA is mostly because I'm weighing my options in terms of the several different ways it can be implemented, and what standard to use. I'm leaning towards WebAuthn and/or TOTP, but the WebAuthn spec is a bit of a mess and TOTP is is some ways less secure than using a good password manager. I'm not saying they're worse than nothing, only that they both give me a bit of pause and don't make me want to rush away to implementing them. Coming sooner or later, though.

noindyfikator wrote:This disadvantage is like when you lose key to your house, you won't get in.. xD It's how it works, it's not disadvantage

When you lose the keys to your house, your house is generally not forfeit, though; there's always the option of going to a locksmith. I actually don't know what steps locksmiths take to verify that their customer really is the owner of the house, but I imagine there are quite reliable ways to do so with real property. Verifying that some person in a PM is the real owner of a Haven account, however, can often be quite tricky, to say the least, and account recovery certainly is a real problem with 2FA.

Anyway, since there were no security of privacy complaints against the log implementation, I've now added it to the site.
"Object-oriented design is the roman numerals of computing." -- Rob Pike
User avatar
loftar
 
Posts: 8926
Joined: Fri Apr 03, 2009 7:05 am

Previous

Return to The Wizards' Tower

Who is online

Users browsing this forum: Naylok, Yandex [Bot] and 14 guests