CHANGE THE CS SECURITY SYSTEM

[skylark]

@CHINARIZING I’d also like to know stuff like this as well.

I’m curious, did staff consider e-mail 2fa instead of third party? I feel like adding that as an optional (not forced!) thing shouldn’t be much harder than implementing the passcode change e-mail notifications, but correct me if I’m wrong!! /gen

I feel like that could potentially be a good way to compromise with the users wanting 2fa if it hasn’t been considered already.

[Lex.]

@CHINARIZING I’d also like to know stuff like this as well.

I’m curious, did staff consider e-mail 2fa instead of third party? I feel like adding that as an optional (not forced!) thing shouldn’t be much harder than implementing the passcode change e-mail notifications, but correct me if I’m wrong!! /gen

I feel like that could potentially be a good way to compromise with the users wanting 2fa if it hasn’t been considered already.

This!!
Also very curious as to the things CHINARIZING asked as well.

[002]

Thank you for the thoughtful suggestion. We have discussed this and came the the conclusion that we have to decline this suggestion for the following reasons:

-Implementing a third-party sign-on solution comes with a big technical cost for a security benefit that isn't any better than using a unique password on every website

-Many users would get locked from their accounts if they lose their phones or something similar, which will create a lot of administrative problems for our staff

Since the thread for 2FA is locked now, I'd like to discuss what this means for CS security. I would really love to hear more elaboration on each reason listed.

- Can a staff member explain why 2FA is as good as a unique password? What about the combined strength of both methods? Why isn't the large technical cost worth it?

- What about backup codes? Every site with 2FA generates 5-10 random strings of characters to save and use if one loses access to whatever authenticator they use. This implies that the security of the users is less of a priority than the potential workload of administrators.

I strongly agree with that last point there. The message sent out about why we can't have 2fa comes across as lazy.
"Many users would get locked from their accounts if they lose their phones or something similar, which will create a lot of administrative problems for our staff." I'm sorry but is that not what you signed up for?? What's the next step if we won't have 2fa, am I missing something?

[☼ morgana]

hi, I'm a cybersecurity major so I can at least answer some questions about 2FA, if any, to the best of my knowledge.

I'm not CS staff, so please keep in mind that my information is based purely on college classes and I will also share my opinion.

Like many of you, I feel that not adding 2FA and admin reasoning comes off as lazy and that they just don't care for the user base.

From a factual stand point, 2FA is significantly better than just "having unique passwords for each website". Put those two hand in hand, and any website with both becomes a secure powerhouse. Having a unique password for each website you use is a great start, and will help reduce the chances of account information being stolen.

What 2FA does is it generates a one time use key - which you enter in addition to your password in order to access your account, and is especially used in spaces such as if I wanted to change my CS password, 2FA would ensure it was *me* trying to change my password as I would be the *only* person with that unique, one time use key. To add, these keys usually expire within 20 - 30 seconds depending on the 2FA service you use.

To explain the unique password thing further, it is significantly better than making a variant of one or two passwords. Think of it this way. A hacker knows your base line password. All they have to do is keep trying variations until they get it right. While that can still take a while, there are also scripts that can be run to just keep trying variations until something works. It's the main reason why a unique password for each site is beneficial. It makes is significantly harder for a hacker to access any accounts. If each password is unique, they have nothing to go off of, and thus, extremely limited access to your account.

Unique passwords are a good security measure, but that's up to the user, not the site. Unique passwords + 2FA could greatly increase sitewide security, regardless of how the user accounts were breached here on CS initially.

Here's another thing about 2FA. Most 2FA services require an account to use their service, so the loss of a phone or etc, should not be a problem. At least from my experience, and having multiple 2FA services on my own phone, I have had no trouble at all moving to new devices regarding my 2FA stuff.

Hopefully this answers 2FA questions.


All that said, I think CS should require specific things in passwords during account creation. ie, some websites require that passwords are 8 characters long, contain symbols (!, @, etc), and contain Capital letters. This would force the incoming userbase to create a stronger password that's harder to crack.

[Darni]

hi, I'm a cybersecurity major so I can at least answer some questions about 2FA, if any, to the best of my knowledge.

I'm not CS staff, so please keep in mind that my information is based purely on college classes and I will also share my opinion.

Like many of you, I feel that not adding 2FA and admin reasoning comes off as lazy and that they just don't care for the user base.

From a factual stand point, 2FA is significantly better than just "having unique passwords for each website". Put those two hand in hand, and any website with both becomes a secure powerhouse. Having a unique password for each website you use is a great start, and will help reduce the chances of account information being stolen.

What 2FA does is it generates a one time use key - which you enter in addition to your password in order to access your account, and is especially used in spaces such as if I wanted to change my CS password, 2FA would ensure it was *me* trying to change my password as I would be the *only* person with that unique, one time use key. To add, these keys usually expire within 20 - 30 seconds depending on the 2FA service you use.

To explain the unique password thing further, it is significantly better than making a variant of one or two passwords. Think of it this way. A hacker knows your base line password. All they have to do is keep trying variations until they get it right. While that can still take a while, there are also scripts that can be run to just keep trying variations until something works. It's the main reason why a unique password for each site is beneficial. It makes is significantly harder for a hacker to access any accounts. If each password is unique, they have nothing to go off of, and thus, extremely limited access to your account.

Unique passwords are a good security measure, but that's up to the user, not the site. Unique passwords + 2FA could greatly increase sitewide security, regardless of how the user accounts were breached here on CS initially.

Here's another thing about 2FA. Most 2FA services require an account to use their service, so the loss of a phone or etc, should not be a problem. At least from my experience, and having multiple 2FA services on my own phone, I have had no trouble at all moving to new devices regarding my 2FA stuff.

Hopefully this answers 2FA questions.


All that said, I think CS should require specific things in passwords during account creation. ie, some websites require that passwords are 8 characters long, contain symbols (!, @, etc), and contain Capital letters. This would force the incoming userbase to create a stronger password that's harder to crack.

You're genuinely awesome for explaining this all and talking about it. Thank-you so so so much!

[CHINARIZING]

Thank you so much cheetahss for shedding some insight. That is helpful and really helps to reinforce how 2FA doesn't necessarily have to be inconvenient!

I truly don't know why Simon stated that the team doesn't think 2FA is equal to unique passwords. I would really love to hear some of the decision-making and most preferably, sources of that information (that 2FA is not better than having a strong and unique password.)

[Lex.]

Thank you so much cheetahss for shedding some insight. That is helpful and really helps to reinforce how 2FA doesn't necessarily have to be inconvenient!

I truly don't know why Simon stated that the team doesn't think 2FA is equal to unique passwords. I would really love to hear some of the decision-making and most preferably, sources of that information (that 2FA is not better than having a strong and unique password.)

Yes, cheetahss, that was a wonderful explanation!
And as CHINARIZING said, I would also like to know how the admins came to the conclusion that 2FA is not better than just having a unique/strong password.

[-Starchild.Keith-]

I am also confused on how 2fa is the same level as a good password.

It really isn't.

I know this isn't a super info-heavy site, but if it was th same level, then why do banks and hospitals and stuff require 2fa? It works, that's why. It keeps info safe.

The site might not be very personal data or anything, but the kids on here maybe don't know password safety. It's also somtimes linked to Paypal for users that buy C$ and that DOES have personal information. Meaning, if someone hacked my account, they could buy any amount of C$ and I would be charged REAL money for it.

I'd appreciate that not happening, and a strong password is NOT the same as 2fa- nowhere close.

[pandaa]

yeah, regardless of whether a password’s strong, there’s a possibility of being hacked. 2fa would definitely cut down on the chance, so i don’t really get how they’re apparently equal??

[CHINARIZING]

Thank you for the thoughtful suggestion. We have discussed this and came the the conclusion that we have to decline this suggestion for the following reasons:

[list]-Implementing a third-party sign-on solution comes with a big technical cost for a security benefit that isn't any better than using a unique password on every website

-Many users would get locked from their accounts if they lose their phones or something similar, which will create a lot of administrative problems for our staff. The recovery pathway for lost 2-factor on websites is based on reconfirming ownership of your email account, and we will be using that same reverification of email account in our own login security features instead, without causing drama when trading in for a new phone.

Since the thread for 2FA is locked now, I'd like to discuss what this means for CS security. I would really love to hear more elaboration on each reason listed.

- Can a staff member explain why 2FA is as good as a unique password? What about the combined strength of both methods? Why isn't the large technical cost worth it?

- What about backup codes? Every site with 2FA generates 5-10 random strings of characters to save and use if one loses access to whatever authenticator they use. This implies that the security of the users is less of a priority than the potential workload of administrators.

Bumping to hopefully have this answered