• I want to thank all the members that have upgraded your accounts. I truly appreciate your support of the site monetarily. Supporting the site keeps this site up and running as a lot of work daily goes on behind the scenes. Click to Support Signs101 ...

News Two-step verification

Signs101Admin

Owner
Staff member
I have decided to require a Two-step verification in order to log into the site. It's possible that some members have had their credentials exposed outside of signs101. The sign101 server is safe and has not suffered any successful hacking. So I'm taking this step to ensure only the member can log in to their account. 2FA seams this is the norm today because hacking is so prevalent.
 

Fred Weiss

Merchant Member
I disagree. I will end up going through the ten one time use codes every day. It is an inconvenience on all members to prevent the bad behavior of the occasional bad actor. The net result, IMHO, will be a reduction of good members and site activity. Is there not some way to impose this for a limited time on new members only?
 
Last edited:

Adam Vreeke

Knows just enough to get in a lot of trouble..
I use Google Authenticator for just about anything that will allow me to use. Codes change like every 1 minute, very easy to use and gives you peace of mind
 

Signs101Admin

Owner
Staff member
I disagree. I will end up going through the ten one time use codes every day. It is an inconvenience on all members to prevent the bad behavior of the occasional bad actor. The net result, IMHO, will be a reduction of good members and site activity. Is there not some way to impose this for a limited time on new members only?


I use 2FA for everything, it should be standage practice for people today. I had a password manager software hacked years ago, and that would not have happened had I used 2FA.

I will see how the membership feels and I can reverse it if need be, but I banned jbutton because of spam, I have restored his account and forced a change password request as it seams his password was gotten somehow.
 

B.jurton

New Member
I'd imagined that's what happened to me. I'll hop on and change the password to something else. I know I've had that password compromised, but legit felt pretty safe in such a niche forum. Like really, who would bother those lowly sign folk? This was before I knew how much printheads go for...
 

Texas_Signmaker

Very Active Signmaker
I disagree. I will end up going through the ten one time use codes every day. It is an inconvenience on all members to prevent the bad behavior of the occasional bad actor. The net result, IMHO, will be a reduction of good members and site activity. Is there not some way to impose this for a limited time on new members only?
How would you go though 10 codes a day? Usually once you log in somewhere.. you're in. Unless your using some proxy/ in private browser because you think the government will see those secrete pictures you have on your spare hard drive.
 

Fred Weiss

Merchant Member
How would you go though 10 codes a day? Usually once you log in somewhere.. you're in. Unless your using some proxy/ in private browser because you think the government will see those secrete pictures you have on your spare hard drive.
Because logins are good for a limited amount of time and one gets logged out if they are away from the site for long enough. I tend to stop by S101 all day and evening at two to three hour intervals. If I have to do a two step log in every time, it won't take long before I need another set of codes.
 

Texas_Signmaker

Very Active Signmaker
Because logins are good for a limited amount of time and one gets logged out if they are away from the site for long enough. I tend to stop by S101 all day and evening at two to three hour intervals. If I have to do a two step log in every time, it won't take long before I need another set of codes.
There is a check box right on the login page that says to remember this device for 30 days... You're as bad as Gino on the computer.
 

Boudica

I'm here for Educational Purposes
Because logins are good for a limited amount of time and one gets logged out if they are away from the site for long enough. I tend to stop by S101 all day and evening at two to three hour intervals. If I have to do a two step log in every time, it won't take long before I need another set of codes.
I pop in and out all day as well. during the day I'm on my work computer, and in the evening I'm usually on my phone. So far I've only had to do the two step once here at work.

A little while ago I tried my phone, and had to get emailed a new code. Good thing I tried it while I was still at work, because it goes to my work email.
 

Notarealsignguy

Arial - it's almost helvetica
You're as bad as Gino on the computer.
That is going to be the problem, Gino is not alone. I'm not real into the tech stuff either, it has never interested me which makes it hard to learn.
It logged me out on my phone, I dunno what my password is and if I change it, then it throws off my computers. Plus, it's pretty normal to delete history, cookies and cache which puts you back to square one. I also bury my cash in the backyard so don't really care if any of my accounts get hacked. If the worms eat it, I can use them for bait so I can still eat.
 

Adam Vreeke

Knows just enough to get in a lot of trouble..
Goddang it, I just realized all my internet points are gone, and my post count restarted today. You know how long it'll take to run through and like all of my posts a bjurton? Maybe myront has a macro for this...

Hey I see your new here! Welcome to s101!!


/s
 

balstestrat

Problem Solver
Because logins are good for a limited amount of time and one gets logged out if they are away from the site for long enough. I tend to stop by S101 all day and evening at two to three hour intervals. If I have to do a two step log in every time, it won't take long before I need another set of codes.
You login on incognito every time or what??? 2FA 30 day login seems to work just fine.
 

ikarasu

Active Member
Late to the party!

But 2FA is the best. I enable it everywhere - Everyone at work needs it to login to E-mails.

It only triggers if you log out - So people at work get hit by it once a month, during a forced log out.


one of our sales reps put her password into a phising site... which she uses for everything. They used that password to mass e-mail invoices to everyone of our customers (We're talking hundreds) Imagine the embarrassment having to contact them all and tell them not to pay. 2FA on everything that can use it!

Is it needed on a sign forum? Not really - but the more stuff that uses it, the better. 2FA should be the norm - It doesnt have to even be enabled every login, googles approach is nice where if you login from a different device / IP address, it'll trigger 2FA. but I'd still rather 2FA Be enabled and have to inconveniently type a 6 digit code in, than it not being an option at all.

I must have missed the mandatory time it was turned on... going to enable it at work tomorrow
 
Top