| Blockbuster sites, amazing reunions

Share Tips

New Topic Subscription Options  

2 Factor Authentication

Forums: Suggestions and Feedback
Created on: 11/07/16 01:53 PM Views: 1393 Replies: 4
Monday, November 7, 2016 at 1:53 PM

I recently had my email hacked and the hacker was in control for about 1 hour. Long story but it was through Cox and their password reset process. Cox, like so many ISP's, do not have 2 Factor Authentication (2Fa).

After this incident I immediately went to all my other websites I use that offer 2Fa; like Facebook, Google, Twitter etc and set up 2Fa.

Now I began to wonder, wow, our Class website has a treasure trove of classmate information that a hacker may use for social engineering hacking use. What if someone hacked my email again, focused on the classmate website somehow knowing I am administrator and grabbed all the classmate personal information.

So my question, is ClassCreator considering an advanced security like 2fa for at least Administrator logins?

Monday, November 7, 2016 at 2:43 PM - Response #1

Are you speaking of a security question to answer when you log in? This is not something that we are currently considering, but that does not mean it wouldn't be considered for the future.

Monday, November 7, 2016 at 3:16 PM - Response #2

I am suggesting a SMS text code sent to a cell phone to verify the user on login or ID/password resets. There are also apps like Google Authenticator, Microsoft Authenticator, Authy and an interesting one called Clef. I use them all for several websites I use.

Adding a security question maybe something that would be better than what we have. If you are resetting a password, a security question would have to be answered to complete the task. However like most people they will answer the security questions correctly and social engineering hackers can sometimes guess the answers. I always answer these question wrong.

Anyway just wondering if you are considering enhanced security for administrators.

Monday, November 7, 2016 at 5:20 PM - Response #3

I'll forward your suggestion to the team. Thanks.

Monday, November 7, 2016 at 9:27 PM - Response #4

2Fa as an option would be nice.

Most sites with 2Fa offer that as an option because Not everyone has SMS service. I've reset FB PW more than once and (as I recall - I delete those messages) it was sent to my email address. Only my Bank asks me the security questions again, but no SMS. (I answered one wrong and had to make a call to get back in.)

Did someone hack the email here? (It wasn't clear to me). First suggestion is to make email PW follow the rule of at least one number, minimum length of 8. Pretty much all the sites have that now. I'd suggest TWO numbers, and then minimum length of 8.

Some go to extremes like one upper case, one number, one special character and other things so bad not even I can remember it Mad The worst one is where they force you to change it every three months. Grrrrr. It's a government site of course Very Happy

New Topic  
Subscription Options: Have all new forum posts sent directly to your email.
Subscription options are available after you log in.