<![CDATA[[Implemented] Two Factor Authentication (2FA)]]>I actually wanted to answer this topic: https://vulndetect.org/topic/344/data-processing-policy, but wasn't able to. Probably because this thread is somehow in Announcements!?

Anyway, my answer: I really don't like this architecture. From a security point of view, it is extremely valuable data to have a list of security vulnerabilities of a (or better said: of MANY) concrete targets. It would be way more secure to have all the data stay on the clients.

Anyway, since I don't know a good alternative, I'll stay with VulnDetect for now. In order to protect my account as good as possible, I would like to see two factor authentication being implemented to the website. Shouldn't be a big issue since libraries for HOTP/TOTP are publicly available.

Thanks!

]]>https://vulndetect.org/topic/501/implemented-two-factor-authentication-2faRSS for NodeFri, 15 May 2026 23:44:28 GMTWed, 12 Dec 2018 19:48:47 GMT60<![CDATA[Reply to [Implemented] Two Factor Authentication (2FA) on Mon, 14 Sep 2020 16:13:38 GMT]]>@OLLI_S Yes, this is implemented

]]>https://vulndetect.org/post/3841https://vulndetect.org/post/3841Mon, 14 Sep 2020 16:13:38 GMT<![CDATA[Reply to [Implemented] Two Factor Authentication (2FA) on Sun, 13 Sep 2020 16:24:09 GMT]]>In the business UI 2FA (Two Factor Authentication) is working:

abdf087d-f5bb-4956-ab2a-cc4d153829ac-image.png

The icon in the 2FA field is from KeePassXC.

@Tom Should I mark the issue as Implemented?

]]>https://vulndetect.org/post/3840https://vulndetect.org/post/3840Sun, 13 Sep 2020 16:24:09 GMT<![CDATA[Reply to [Implemented] Two Factor Authentication (2FA) on Sun, 12 Jul 2020 17:32:45 GMT]]>It is a very small change:
One programmer of KeePassCX suggests:

Yes, adding name="2fa" would be enough. However, I'd suggest using autocomplete="one-time-code"

]]>https://vulndetect.org/post/3719https://vulndetect.org/post/3719Sun, 12 Jul 2020 17:32:45 GMT<![CDATA[Reply to [Implemented] Two Factor Authentication (2FA) on Sun, 12 Jul 2020 17:20:45 GMT]]>@OLLI_S I'm not much into the details of the two factor authentication. But I will push for a review of it.

However, during the rest of July and the first half of August we have a development freeze, which means that we will only fix critical bugs, due to vacations. The earliest this will be handled is in late August.

]]>https://vulndetect.org/post/3716https://vulndetect.org/post/3716Sun, 12 Jul 2020 17:20:45 GMT<![CDATA[Reply to [Implemented] Two Factor Authentication (2FA) on Sun, 12 Jul 2020 17:16:49 GMT]]>@Tom When will this little issue be fixed?
It is very annoying, because I delete the browser cache very often and then I have to manually search the entry in KeePassXC and manually copy and paste the 2FA code.
And I reported this issue 4 months ago!

]]>https://vulndetect.org/post/3715https://vulndetect.org/post/3715Sun, 12 Jul 2020 17:16:49 GMT<![CDATA[Reply to [Implemented] Two Factor Authentication (2FA) on Thu, 26 Mar 2020 11:07:26 GMT]]>I found a small issue in the 2FA login:
The field where I enter the 2FA code is not named properly, so password managers can not fill this fields.

I am using KeePassXC and this password manager does not only fill the username and password into login fields (if the URL matches), it also fills the 2FA code in the login form.
KeePassXC can generate the 2FA codes.

Normally I see in the field where I have to enter the 2FA code a green icon on the right:

add613f8-f643-4560-a16a-a69546666fc1-image.png

I just click this icon and KeePassXC fills the 2FA code.

At VulnDetect this icon is missing:

fdd59d57-0314-4f0e-92c4-36522592e596-image.png

So here I have to switch to KeePassXC, search for the entry "VulnDetect", select the entry in the search results, manually copy the 2FA code and paste it in the field.

The fix is very easy and described here:
https://github.com/keepassxreboot/keepassxc-browser/issues/826

So please fix this, all users using password managers will benefit from it.

]]>https://vulndetect.org/post/3242https://vulndetect.org/post/3242Thu, 26 Mar 2020 11:07:26 GMT<![CDATA[Reply to [Implemented] Two Factor Authentication (2FA) on Tue, 24 Mar 2020 22:03:22 GMT]]>One very important annotation to this feature:

Besides to the QR-Code many services offer the Two-Factor-Token also as plain text (the part behind secret=) that can be copied to the clipboard and then inserted in any Two Factor App on the Desktop.

I am using KeePassXC and this client can also generate 2FA keys for the two-factor-authentication.
I am lucky that many services like GitHub, Google and Paypal (just some examples) offer the Two-Factor-Token as plain text.

Otherwise I have to use a QR-Code scanner on my phone, scan this code, send me the code from my phone to myself, open the mail app, copy the code (the part behind secret=) and paste it in KeePassXC.
Showing the Two-Factor-Token makes it much easier for me (and also other users).

]]>https://vulndetect.org/post/3240https://vulndetect.org/post/3240Tue, 24 Mar 2020 22:03:22 GMT<![CDATA[Reply to [Implemented] Two Factor Authentication (2FA) on Sun, 11 Aug 2019 19:53:06 GMT]]>@Tom
You store very sensitive data (the complete list of application that a user has installed).
Families will have the option to store multiple computers in one account.
And business users also have multiple computers and here a leak of information could be critical.

So please implement Two Factor Authentication (2FA) by allowing users to log on with a Temporal One Time Password (TOTP).

And please don't forget to add 2FA Recovery Codes (codes that users get when they set up 2FA and that can be used instead of 2FA).

]]>https://vulndetect.org/post/3144https://vulndetect.org/post/3144Sun, 11 Aug 2019 19:53:06 GMT<![CDATA[Reply to [Implemented] Two Factor Authentication (2FA) on Sun, 11 Aug 2019 19:49:28 GMT]]>A Two Factor Authentication is really a cool idea, thank you for suggesting this!
I linked it in the Overview of Feature and Functionality Requests.

]]>https://vulndetect.org/post/1974https://vulndetect.org/post/1974Sun, 11 Aug 2019 19:49:28 GMT