Two factor authentication



  • I actually wanted to answer this topic: https://vulndetect.org/topic/344/data-processing-policy, but wasn't able to. Probably because this thread is somehow in Announcements!?

    Anyway, my answer: I really don't like this architecture. From a security point of view, it is extremely valuable data to have a list of security vulnerabilities of a (or better said: of MANY) concrete targets. It would be way more secure to have all the data stay on the clients.

    Anyway, since I don't know a good alternative, I'll stay with VulnDetect for now. In order to protect my account as good as possible, I would like to see two factor authentication being implemented to the website. Shouldn't be a big issue since libraries for HOTP/TOTP are publicly available.

    Thanks!


  • Community Moderator

    @Tom
    You store very sensitive data (the complete list of application that a user has installed).
    Families will have the option to store multiple computers in one account.
    And business users also have multiple computers and here a leak of information could be critical.

    So please implement Two Factor Authentication (2FA) by allowing users to log on with a Temporal One Time Password (TOTP).

    And please don't forget to add 2FA Recovery Codes (codes that users get when they set up 2FA and that can be used instead of 2FA).


  • Community Moderator

    A Two Factor Authentication is really a cool idea, thank you for suggesting this!
    I linked it in the Overview of Feature and Functionality Requests.


Log in to reply