学院 › PT风向标 › 【Fux*】Two-Factor Authentication

scorpin 发表于 2013-5-11 13:01:12

【Fux*】Two-Factor Authentication

本帖最后由 scorpin 于 2013-5-11 13:02 编辑

Staff have become increasingly aware of accounts getting compromised either because users are using the same password across multiple sites, or they are not using a secure enough password. On a regular basis we see failed login attempts from people using proxies trying to bruteforce their way into accounts. We have decided that the best solution for the problem is to open up our two-factor authentication system to all users. This feature has been limited to staff for a while to ensure all staff accounts were safe from such attacks.

What do you need? A smartphone and a supported two-factor authentication app. The Google Authenticator app can be used for Android, iPhone and BlackBerry smartphones and Authenticator for anyone brave enough to use a Windows Phone. In a nutshell, the authentication works based on a value unique to you. The system does not use SMS to authenticate, so you can be rest assured your phone number is not linked to us in any way.

To enable this feature, simply go to your edit profile page and click on the 'Enable' checkbox beside 'Two-Factor Authentication'. You will then be presented with a QR code that you scan using your app. Your app will then display a verification code that you must enter into the input box below the QR code. Finally, save your profile to complete the verification process. If you receive any verification failures, make sure your phone time is sync'd (use network time in your phone settings for better accuracy). You also only have a 30 second window before the code expires. Try it a few times before posting any issues on the forums.
双重认证

管理员发现最近账户被盗的用户的共同点是在曾在多个站点使用相同的密码或者密码的强度不足，恶意用户可以通过代理暴力穷举盗号。为了解决安全问题，我们不得不使用撒手锏，现决定向所有用户开放双重认证系统，这个系统曾只限于管理层使用，防止管理员账户被盗。

你只需要一部智能手机和一个支持双重认证的应用。Android, iPhone and BlackBerry用Google Authenticator，Windows Phone用Authenticator。系统不会发短信进行验证，不必担心手机号码泄露。

进profile开启这个功能，然后用手机扫描屏幕上的QR码，再输入验证码保存即可。
这是可选功能，但鼓励所有用户开启。

Geass-CC 发表于 2013-5-11 13:02:52

{:7_718:}难道哈迪斯影响到国外去了

欢腾的小螃蟹 发表于 2013-5-11 13:03:07

来看看

scorpin 发表于 2013-5-11 13:03:34

Geass-CC 发表于 2013-5-11 13:02 static/image/common/back.gif
难道哈迪斯影响到国外去了

国外的恶意用户太多了。

hplhy 发表于 2013-5-11 13:04:43

果然是蝴蝶效应啊。。。。。

Geass-CC 发表于 2013-5-11 13:05:36

scorpin 发表于 2013-5-11 13:03 static/image/common/back.gif
国外的恶意用户太多了。

{:7_716:}自己进不去就盗号进啊

天草薰 发表于 2013-5-11 13:06:11

先把密码改了再说{:7_716:}

solknight 发表于 2013-5-11 13:24:07

我去这个好厉害....双重....{:7_710:}

大眼夹 发表于 2013-5-11 13:25:30

果然被我说中了好些站都开始弄这个了

scorpin 发表于 2013-5-11 13:25:35

solknight 发表于 2013-5-11 13:24 static/image/common/back.gif
我去这个好厉害....双重....

被逼无奈，只能出撒手锏了，{:7_703:}

scorpin 发表于 2013-5-11 13:26:22

大眼夹 发表于 2013-5-11 13:25 static/image/common/back.gif
果然被我说中了好些站都开始弄这个了

预言帝。

查看完整版本: 【Fux*】Two-Factor Authentication