Two-Factor Authentication

Hi there,

I wonder why there is no two-factor authentication for accessing the XOJO forum and your XOJO site account? Maybe there is, and I’ve missed a step. Wouldn’t it be better to enhance the security of our access data?

N.B: it’s just a question that “I” ask myself and without necessarily giving orders to anyone or denigrating xojo. Just a simple question

2FA on a discussion forum would be overkill. On the shop / account information pages, sure that’s reasonable. But a forum? This forum?

I’d probably stop visiting.

Well, for me it would be something that helps to ensure greater security. Maybe not for you, but for me it is. You never know in life dear Tim

2FA is a pain at the best of times. I am tired of trying to access my Bank using macbook and being FORCED to get out my phone to do so.
If I wanted to log into the bank app on my phone, I wouldn’t have fired up the Mac.

Total overkill for using a forum. It would kill it stone dead.

Ok, thanks for your opinion Jeff. I use stuff like that too and it’s boring and you’re right. I was just wondering if there was such a 2-factor feature and that’s it. I didn’t mean to annoy anyone with this post, but just take the opportunity to express my opinion without giving orders to XOJO

I’m on both sides of this argument. It annoys me when I have to enter my 2FA every time I visit a website, but I do appreciate the extra level of security.

Thinking back, I honestly don’t remember the last time I had to login on my primary machine, so it wouldn’t negatively impact my day. That said, I need to check the expiration date on these cookies.

You have to weigh in what you’re securing. My banking or medical information I am more than happy to 2FA for. Especially anything that integrates TOTP with 1Password.

But this forum doesn’t have highly personal information that I would put in the effort to secondary authenticate for.

Here is an answer I was hoping for that is similar to my thinking. Thanks as always Anthony

True, but if someone has your password they could write for you without your knowledge or delete some of your answers. Back to the point I made, it’s a matter of personal opinions and thoughts

I agree, but the frequency also matters to me. If I have to authenticate once every day, week, or year determines my mood. My concern with this forum being 2FA is that I wouldn’t want someone to gain access to my Xojo licenses or spam these forums with questionable stuff that would look bad on me or result in (even a temporary) ban and diminished standing.

I totally agree

Just to clarify, I don’t really think it’s necessary to have 2FA for forum access, but if I don’t have to re-login and deal with it more than once per week then I’d be fine with it. That’s not to say that I want Xojo to exert any energy adding it.

I am writing this from my bed in an hospital.

They have free wifi. Don’t get me wrong: free in this case means gratis: no payment, no free access to everything.

1. You Tube: disabled recently
2. FaceBook: disabled
3. MediaFire (file sharing): unable to register, but I can download if I have link(s)
4. Opera VPN: does not works
5. Amule (Emule for Mac: disabled
6. Library Genesis: disabled
7. Anna’s Archive: disabled
8. firefox inside update: disabled
9. MacOS Update: disabled
10. Entering the connect codes each time you cmose the MacBook lid / after a rebout even if it is still valid (they give codes for x days).

And I may forget some.

I may understand they protect themselves.

I hope you’ll be out soon and in good health.

I don’t know if I would like to have 2FA on Xojo. I’m on both side too.

If this was a stand-alone forum, I think it will be easy to activate 2FA (not required please).
But as there is some connection between Xojo site, forum and issues, I don’t know if Xojo can only activate those features (for the forum).

This is a screenshot of other forum that uses the same software (under Preferences - Security):

image561×418 32.2 KB

Looks like Issues allow activating 2FA:

image571×191 12.2 KB

Waste of time.

Thanks.

To buy from a distant vendor, in France, of course, you can use your VISA card, but not only you have to type the code you will receive by phone, but you have to give another code your bank sent you (after you requested it)… That makes 3FA and no commands from me; all in the city shops. or it depends on circumtences and pov.

2FA protects your account if you share passwords with other services. If you actually care about security, you’d simply stop doing that, and 2FA adds nothing but inconvenience. If your password is truly unique, the only place an attacker can get it is from the target database itself, which will have your 2FA info as well. So it adds no protection in that case.

Don’t get me wrong, 2FA is a great addition to our security toolbox because the reality is lots of users do reuse passwords. So 2FA is essentially a second unique password that is created by a machine. But if your intention is to protect your Xojo account, just use a truly unique random password.

What if the site itself has had its usernames and passwords compromised? It seems to me that 2FA protects the users in that case. (But I am not advocating 2FA for this forum… I only use 2FA for my bankging and other sensitive sites.)