rugk Posted September 8, 2018 Share Posted September 8, 2018 IMHO Synergy v2 should offer two-factor-authentication (2FA), as all the authentication seems to be done via the account you use to login online. That must thus be sufficiently protected.What is 2FA? Basically it's just that it requires you a second factor for logging in – in addition to the one, we already know and use – the password. The password is something you know, so it is recommend to have a second factor of a diffeent kind, i.e. something you have, such as your mobile phone, a hardware token (USB or so). https://www.turnon2fa.com/ https://en.wikipedia.org/wiki/Two-factor_authentication https://twofactorauth.org/ What method are there? TOTP is a method, which verifies you by having your phone as a second factor. It can be used with different mobile apps, most famous the Google Authenticator, but free/libre open-source implementations like FreeOTP also exist. It's advantage is that it is easy to use and increases security very much. Via SMS one can also send an one-time code for logging in. However, that is expensive for the company providing it, not really secure (as SMS' can be intercepted) and requires you to provide a phone number. As such, I personally would not suggest/recommend it. Another new way is using hardware tokens/dongles. Most famously YubiKey. YubiKey provides their own method you can implement, but I would rather suggest you to use standards like U2F or the newer WebAuthn, which can be used with much more vendors/hardware tokens. Link to comment Share on other sites More sharing options...
Kelvin Tran Posted September 8, 2018 Share Posted September 8, 2018 6 hours ago, rugk said: IMHO Synergy v2 should offer two-factor-authentication (2FA), as all the authentication seems to be done via the account you use to login online. That must thus be sufficiently protected.What is 2FA? Basically it's just that it requires you a second factor for logging in – in addition to the one, we already know and use – the password. The password is something you know, so it is recommend to have a second factor of a diffeent kind, i.e. something you have, such as your mobile phone, a hardware token (USB or so). https://www.turnon2fa.com/ https://en.wikipedia.org/wiki/Two-factor_authentication https://twofactorauth.org/ What method are there? TOTP is a method, which verifies you by having your phone as a second factor. It can be used with different mobile apps, most famous the Google Authenticator, but free/libre open-source implementations like FreeOTP also exist. It's advantage is that it is easy to use and increases security very much. Via SMS one can also send an one-time code for logging in. However, that is expensive for the company providing it, not really secure (as SMS' can be intercepted) and requires you to provide a phone number. As such, I personally would not suggest/recommend it. Another new way is using hardware tokens/dongles. Most famously YubiKey. YubiKey provides their own method you can implement, but I would rather suggest you to use standards like U2F or the newer WebAuthn, which can be used with much more vendors/hardware tokens. I'm pretty sure Symless is aware of what two-factor authentication is. Yes, they should implement a feature addition for it. Yes, there are open-source libraries available for TOTP/HOTP-based authentication. No, it is not an urgent matter. I'm sure Symless'll get around to implementing it though in the coming months though! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.