Menu

#475 Enable FIDO U2F strong-authentication on SF

unread
nobody
FIDO (1) Security (1) Strong-Authentication (1)
None
2023-11-06
2015-11-07
Arshad Noor
No

Its great that you're doing your best to eliminate spam from SF, but have you also considered enabling FIDO-based strong-authentication to your site? Github has been supporting it since October 1st 2015.

Given that we host our open-source FIDO Certified server on your site (sourceforge.net/projects/skce), it would be cool to see SF use our FOSS to enable strong-authentication for everyone. It also allows project administrators like myself to feel better about the security of SF when interacting with your site.

Let me know if I can help in any way. Thanks.

Discussion

  • John Barrett

    John Barrett - 2015-11-09

    Hi,
    This really is more of a feature request rather than a support issue. I've move this to feature request area.
    Thanks
    SourceForge Support

     

  • iwrconsultancy

    iwrconsultancy - 2015-12-14

    Correct me if I'm wrong, but this would seem to require the installation of the Sun/Oracle Java (JRE) plugin on browsers used to upload files to SF.

    If so I would definitely not feel better about the security of the situation. JRE has been implicated in numerous drive-by download scenarios. Trading a security degradation for a security enhancement, lacks any net gain.

    Sorry if this is a negative comment, but I think it's fair to raise this point

     

  • Anonymous

    Anonymous - 2018-02-26

    I would like to use U2F, too, instead of using Google Authenticator, since I do not have a mobile phone, so I create the GA totp token just on my computer with a linux program where I also login to SF, which is not so secure.

     

  • Onkobu

    Onkobu - 2019-01-26

    Competitors already provide this. Two factor with an app on an insecure device is as good as 1 factor.

     

Log in to post a comment.

MongoDB Logo MongoDB