![[HSX] HeadShot Xtreme is officially recognized by the Central Outpost as a genuine gaming organization.](https://www.headshotdomain.net/files/coRpSE/cnopseal_X74-MEW1.png "[HSX] HeadShot Xtreme is officially recognized by the Central Outpost as a genuine gaming organization.")
Should we put this in and which version?
( 1 ) ( 50% ) Yes, put it in.
( 0 ) ( 0% ) No, its not needed.
( 1 ) ( 50% ) Use the Google Authentication version.
( 0 ) ( 0% ) Use the SMS version.
This is a new security system we are thinking of putting in so be sure to read and vote please.
For those of you that don't know what 2FA is, well, it stands for 2 Factor Authentication. Two Factor Authentication, also known as 2FA, two step verification or TFA (as an acronym), is an extra layer of security that is known as "multi factor authentication" that requires not only a password and username but also something that only, and only, that user has on them, i.e. a piece of information only they should know or have immediately to hand - such as a physical token.
Using a username and password together with a piece of information that only the user knows makes it harder for potential intruders to gain access and steal that person's data or identity.
What I have been talking to Lonestar about the past two days is about maybe implementing some sort of 2FA into the CMS, but the question is, which one. There are a couple of free ways that this can be done for the CMS.
The Google version would require you to have the app on your cellphone to be able to use it. The problem with that is if your phone is lost of damage, recovering is a bit harder to fix. The SMS text, if your phone gets lost or stolen, more and likely, you would just have to buy a new phone and you would still have the same number. The down fall to this method is that data rates may apply.
If we did go for the SMS way, there would be a field to fill in with your phone number and another option to select your carrier, (more and likely). The number will only be visible to you and no one else within the editing of your account information.
Both systems would only initiate if your connecting to the site from a unknown IP address, so if your connecting from a IP you used before, you wont need to authenticate. Do you think this is something we defiantly need to develop and put in, and if so, also vote on which one you think you would prefer that was built into the CMS.
I am posting this on Evo Xtremes site, and Lonestars site as well and will take a look at each sites results to determine what we should do.
For those of you that don't know what 2FA is, well, it stands for 2 Factor Authentication. Two Factor Authentication, also known as 2FA, two step verification or TFA (as an acronym), is an extra layer of security that is known as "multi factor authentication" that requires not only a password and username but also something that only, and only, that user has on them, i.e. a piece of information only they should know or have immediately to hand - such as a physical token.
Using a username and password together with a piece of information that only the user knows makes it harder for potential intruders to gain access and steal that person's data or identity.
What I have been talking to Lonestar about the past two days is about maybe implementing some sort of 2FA into the CMS, but the question is, which one. There are a couple of free ways that this can be done for the CMS.
- Google Authentication App
- SMS Text Message
The Google version would require you to have the app on your cellphone to be able to use it. The problem with that is if your phone is lost of damage, recovering is a bit harder to fix. The SMS text, if your phone gets lost or stolen, more and likely, you would just have to buy a new phone and you would still have the same number. The down fall to this method is that data rates may apply.
If we did go for the SMS way, there would be a field to fill in with your phone number and another option to select your carrier, (more and likely). The number will only be visible to you and no one else within the editing of your account information.
Both systems would only initiate if your connecting to the site from a unknown IP address, so if your connecting from a IP you used before, you wont need to authenticate. Do you think this is something we defiantly need to develop and put in, and if so, also vote on which one you think you would prefer that was built into the CMS.
I am posting this on Evo Xtremes site, and Lonestars site as well and will take a look at each sites results to determine what we should do.
