1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Implemented Option to force 2Factor authentication on staff

Discussion in 'Closed Suggestions' started by Alfa1, Jun 18, 2015.

  1. Alfa1

    Alfa1 Well-Known Member

    I would like to make 2FA mandatory for staff. Yet, I would not like to lock out staff members who have not set it up yet.
    I would like new staff members to only have moderating functionality and admin access available after 2FA is setup. A notice to explain this would help guide users. However that can also be setup by the admin.
    dethfire, rugk, ncbetz and 39 others like this.
  2. empire

    empire Well-Known Member

    I would also be ok with this only applying to the ACP.
    Floyd R Turbo likes this.
  3. Floyd R Turbo

    Floyd R Turbo Well-Known Member

    Or allowing the option to enforce it on just ACP or on both ends.
    rugk likes this.
  4. Alfa1

    Alfa1 Well-Known Member

    The danger with unauthorized access to staff accounts is in:
    1. merging all threads in a forum
    2. hard deletion(if allowed)
    3. ACP access
    4. and to a lesser degree: staff forum access & report center access
    The first 3 can lead to data loss.
    Xon and Floyd R Turbo like this.
  5. Andros

    Andros Member

    absolutely agree
  6. zappaDPJ

    zappaDPJ Well-Known Member

    I would also like to see an option added that would allow me to make it mandatory for those with access to the ACP.
  7. The Dark Wizard

    The Dark Wizard Well-Known Member

    While I'm not normally alright with forcing your users to do anything they don't want, I have no problems with enforcing this for staff accounts. A staff member's comp can be compromised, or just using their password somewhere else which gets compromised.

    This usually leads to data loss no matter or what or some sort of damage.
  8. md_5

    md_5 Well-Known Member

    I agree.

    Best solution would be a permission node "require 2fa auth".
  9. Nuno

    Nuno Active Member

  10. Alfa1

    Alfa1 Well-Known Member

    If you want to make your vote count then like the first post. Replying to this thread has no weight if you do not 'like' the first post.
    Nuno likes this.
  11. Nuno

    Nuno Active Member

    Liked :)
  12. rafass

    rafass Well-Known Member

    Why not friendly recommend your staff to use 2FA instead obligate them?
    I loathe mandatory things.
    If this is optional I love the idea.
  13. Fred.

    Fred. Well-Known Member

    Yes please!
    I already require 2Factor authentication for staff members, if it was possible to force them it would be perfect!
  14. Shiro

    Shiro Well-Known Member

    I support this.
  15. Biker

    Biker Well-Known Member

    And what do you do about staff members who are unable to set up the two factor authentication due to incompatible devices? If you make that a requirement, are you also going to purchase a compatible device and pay for their data plans?

    I see a lot of talk about forcing this on staff members, yet not one single individual has stopped to consider what would happen if some of those staff members don't have the ability to use the feature.
  16. RhysR

    RhysR Member

    You don't have to force it on staff members. The suggestion is for the option to force it. You also do not need a data plan to use any of the RFC 6238 (Think Google Authenticator) applications or even need a phone (see WinAuth for example).
    rugk likes this.
  17. Biker

    Biker Well-Known Member

    Again.. What do you do about those individuals who are unable to run something like that?

    For example, I have a Firefox phone. Are you going to write an app that covers all of the bases for your staff members?

    While most will be able to use two factor authentication, site owners should bear in mind that they may have long time staff members who are unable to use it effectively, if at all, depending on the implementation.
  18. RhysR

    RhysR Member

    As I said before, you do not need a phone. It is an open standard and there are many applications already available, such as WinAuth (Windows), JAuth (Windows, Mac, and Linux) and even a chrome extension (Everything that can install Chrome). If you cannot be bothered to install something as simple as a browser extension to keep the security of your account and the board in check, then I'd rather you not be a moderator at all.
    Floyd R Turbo likes this.
  19. Fred.

    Fred. Well-Known Member

    That's why we have the Yubikey's. Even my grandma can use it! :LOL:
    You don't need a phone, just a usb port. Just push the button and done!
    I bought them for my staff members so they can login safe.
    rugk likes this.
  20. Andros

    Andros Member

    maybe will be the best option implement yubikey and sms and also will be perfect.

    In fact any user can select his favorite option:

    email (otp).
    G. authenticator.

    More of my users of xenforo reclaim sms method.

Share This Page