security

You may be aware of services like Amazon Mechanical Turk or Microworkers. These are crowdsourcing services that allow vendors to pay small amounts of money for the completion of tasks. These tasks often range from things like helping Google and Bing rank search results (human experience), and...

I think having to re-authenticate every 30 days is a bit of a hassle, personally. Large services like Google and Facebook don't make me re-authenticate every 30 days, they permanently remember the browser unless cookies are cleared. Having the option to adjust the 30 day period to be longer...

Let's take the following scenario: An attacker has gained access to the users password and one of these requirements: he has access to the device where the user selected 'remember this device for 30 days' or he can somehow bypass the login 2FA, because the user has selected 'remember this...

Hello, I am currently working on developing a security and risk assessment service called Trust+, and I intend to release an add-on for Xenforo which utilizes the service. Trust+ will be launched with the following features; The ability to intelligently detect and block disposable email...

This resource has been replaced by the Trust+ Risk Analysis system.

Google Authenticator accounts only exist on your phone. There is no back up. I reset my phone and lost access to all sites using Google Authenticator. I'm using Authy now which can sync with multiple mobile devices. Authy also backs up your accounts. Also, "Regenerate secret for a new...

Info here: OpenSSL to Patch Undisclosed High Severity Vulnerability this Thursday I wonder if LibreSSL will be vulnerable to this issue.

With services like Facebook now offering the feature to display your public PGP key on your profile, and to have all emails sent to you by Facebook encrypted with this key (source), and with Xenforo being a forum built on security, and especially with the recent addition of two factor...

This is a suggestion for the new 2FA in XenForo v 1.5. Suggestion It would be great if you either... could disallow specific kinds of 2FA for user groups. or... adjust Implemented - Option to force 2Factor authentication on staff, so that you can force specific kinds of two factor...

As XenForo was built with "security in mind" I assume you want to secure or make it possible for server admins to secure their website. A great way to do this is Content Security Policy. However XenForo has some issues which make it difficult to use this in a strong way. Basic facts All test...

Login at friend's home, cafe, etc. then login at another PC or home, the second login will override and kick the first login. Either that or the ability to view account history and kick sessions.