From: | "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | Magnus Hagander <magnus(at)hagander(dot)net>, PostgreSQL WWW Mailing List <pgsql-www(at)postgresql(dot)org> |
Subject: | Re: Wiki 2FA |
Date: | 2016-01-23 23:44:12 |
Message-ID: | 56A4104C.9090306@commandprompt.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-www |
On 01/23/2016 03:35 PM, Tom Lane wrote:
> "Joshua D. Drake" <jd(at)commandprompt(dot)com> writes:
>> On 01/23/2016 12:41 PM, Magnus Hagander wrote:
>>> It does not protect against people signing up for multiple accounts.
>>> Unless you were actually planning to send out hardware 2FA tokens to
>>> each actual contributor, but I'm pretty sure you didn't mean that?
>
>> No. I meant the idea of having Google Authenticator required (which is
>> open source). It works on any Android device as well as others
>> (windows). I believe it would help with the autoscripting edits?
>
> I doubt it would help much unless we required a 2FA auth cycle for
> every single edit, which I for one wouldn't stand for. Reasonably
> user-friendly policies like one auth a day would still be plenty
> easy for spammers too. (They've got phones too ya know.) In fact,
> considering it is trivial to have as many GA instances as you want
> all sharing the same key, I'm pretty sure that even a 2FA-check-per-edit
> policy could be scripted against. The bots would just need to have
> a local token generator running the same key that the mechanical
> turks had signed up with.
Bummer, o.k. Although it seems that spammers only go after easy targets.
It was an idea.
Thanks :)
Sincerely,
JD
>
> regards, tom lane
>
--
Command Prompt, Inc. http://the.postgres.company/
+1-503-667-4564
PostgreSQL Centered full stack support, consulting and development.
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2016-01-23 23:49:13 | Re: Wiki 2FA |
Previous Message | Tom Lane | 2016-01-23 23:35:41 | Re: Wiki 2FA |