Thoughts about replacing vBullettin with another forum solution?

[Pyromania]

Browsing the web is not one of the strengths of AmigaOS. Why not just used your smart phone or tablet instead of wasting an Amiga to do something it’s not good at.

[TCD]

Quote:

Originally Posted by malko

Before 2FA, mobile phone number was the most difficult data to gather as almost nobody was willing to provide it (privacy reason).

I'm not sure you understand how 2FA works.

[malko]

Take my post as a side effect then

[dreadnought]

PSA: 2FA works with emails too.

I don't mind everything else but these upgrades always come with a new look, and the new look is always inferior. New HoL is indeed a good case study.

[meynaf]

Quote:

Originally Posted by malko

2FA is an "attrape-nigaud" (sucker's game?) as well as a nightmare when for any reason you don't have access to your mobile phone or the phone network is not available...

And if for whatever reason you don't have a mobile phone at all (or an ancient model), you're stuck.
The only effects of 2FA is to block legitimate actions and collect personal data with the excuse of security.
If EAB starts doing that too, I will leave permanently.

[jman]

Quote:

Originally Posted by meynaf

And if for whatever reason you don't have a mobile phone at all (or an ancient model), you're stuck.

A mobile device is not strictly necessary for 2FA authentication. Most people use a mobile App for that but it not necessary (example: I generate OTP tokens on my desktop).

Quote:

Originally Posted by meynaf

The only effects of 2FA is to block legitimate actions and collect personal data with the excuse of security.

I'm not sure we are on the same page when talking about Two-Factor authentication, but I strongly advice against spreading false claims. 2FA has nothing to do with personal data collection. In fact, it does not collect any personal data at all: the server stores a secret that is used to verify a One-Time Password (OTP) generated by the user. The OTP generation happens completely offline.

Two-Factor authentication (2FA) is a nice addition to security logins and it is not mandatory (users can choose to enable that or not).

EDIT: Documentation for 2FA of the xenForo Forum

Speaking about security, I feel it's less secure using an unsupported version of vBullettin (3.8.x has reached End Of Life in 2017, see announcement) and the obsolete and unsupported PHP stack that it has to use.

[TCD]

Quote:

Originally Posted by jman

Two-Factor authentication (2FA) is a nice addition to security logins and it is not mandatory (users can choose to enable that or not).

I think it is best to let it go I think I can't stand another round of HOL v3 bashing

[meynaf]

Quote:

Originally Posted by jman

A mobile device is not strictly necessary for 2FA authentication. Most people use a mobile App for that but it not necessary (example: I generate OTP tokens on my desktop).

One-time password has little to do with 2FA. It is only one of the two factors. The problem lies with the other.

Quote:

Originally Posted by jman

I'm not sure we are on the same page when talking about Two-Factor authentication, but I strongly advice against spreading false claims.

You may start by showing the example. 2FA and OTP are two different things.

Quote:

Originally Posted by jman

2FA has nothing to do with personal data collection. In fact, it does not collect any personal data at all: the server stores a secret that is used to verify a One-Time Password (OTP) generated by the user. The OTP generation happens completely offline.

Again, 2FA doesn't equal OTP.
2FA really means what it is : two factors. So one is perhaps OTP, but the other is something on the cell phone, usually some SMS to be sent - and guess what, your phone number is required for that.

Quote:

Originally Posted by jman

Two-Factor authentication (2FA) is a nice addition to security logins and it is not mandatory (users can choose to enable that or not).

EDIT: Documentation for 2FA of the xenForo Forum

Apparently it's not the user who chooses to enable that or not, but site admins...

Quote:

Originally Posted by jman

Speaking about security, I feel it's less secure using an unsupported version of vBullettin (3.8.x has reached End Of Life in 2017, see announcement) and the obsolete and unsupported PHP stack that it has to use.

Don't have me started on security of old things...

[TCD]

Quote:

Originally Posted by meynaf

2FA really means what it is : two factors. So one is perhaps OTP, but the other is something on the cell phone, usually some SMS to be sent - and guess what, your phone number is required for that.

I know it doesn't bother you to talk about things you might want to read up first, but maybe do it in this case: https://auth0.com/learn/two-factor-authentication

[meynaf]

Quote:

Originally Posted by TCD

I know it doesn't bother you to talk about things you might want to read up first, but maybe do it in this case: https://auth0.com/learn/two-factor-authentication

That just confirms what i said.

[Retro1234]

Im worried someone will steel my eab ID - we need biometric authentication.

Someone might hack my account and say I love the Atari ST

[jman]

Quote:

Originally Posted by meynaf

2FA really means what it is : two factors. So one is perhaps OTP, but the other is something on the cell phone, usually some SMS to be sent - and guess what, your phone number is required for that.

Allow me to state again that xenForo does NOT require a phone number for 2FA (again, link to the documentation).

So, it's true that many providers implement 2FA using phone numbers (which I agree is far from ideal) but in this specific case, we are talking about xenForo and xenForo does not do that.

I hope this helps.

[Don_Adan]

Sorry, but everything was changed from a few years, when I'm active on the net.
For everything you need to give your cell number as 2FA verification.
A few months ago I bought my 4th Samsung tablet, and it was 1st tablet which needs 2FA verification.
Which I dont like.
Then even if you dont need it give your cell number now, you will be MUST give your cell number soon.
Meynaf is right.
For me current EAB is ok.

Then you can wrote "does NOT require a phone number for 2FA" NOW.
But it will be "required a phone number for 2FA" SOON.
Many services dont needs phone number a few years ago to activate.
Now everything needs phone (cell) number to activate.

[meynaf]

Quote:

Originally Posted by jman

Allow me to state again that xenForo does NOT require a phone number for 2FA (again, link to the documentation).

So, it's true that many providers implement 2FA using phone numbers (which I agree is far from ideal) but in this specific case, we are talking about xenForo and xenForo does not do that.

I hope this helps.

The documentation you linked is vague and seems to allow any method to be used...

[jman]

Quote:

Originally Posted by meynaf

The documentation you linked is vague and seems to allow any method to be used...

Maybe a screenshot from a demo xenForo instance I have created on the spot can help? The screenshot shows the providers xenForo supports for 2FA.

To be clear, I'm not trying to win an argument at all costs. I honestly only care getting the facts straight. Spreading false claims or handwaving uninformed opinions is not helpful and is a disservice to those reading this thread. So, please folks: get the facts to support your claims.

In any case 2FA authentication is just one item in the checklist I posted a few days ago when I evaluated the alternate solution suggested by RCK. 2FA authentication is not even the most important point in that list, I think.

I hope this helps

[meynaf]

Quote:

Originally Posted by jman

Maybe a screenshot from a demo xenForo instance I have created on the spot can help? The screenshot shows the providers xenForo supports for 2FA.

To be clear, I'm not trying to win an argument at all costs. I honestly only care getting the facts straight. Spreading false claims or handwaving uninformed opinions is not helpful and is a disservice to those reading this thread. So, please folks: get the facts to support your claims.

In any case 2FA authentication is just one item in the checklist I posted a few days ago when I evaluated the alternate solution suggested by RCK. 2FA authentication is not even the most important point in that list, I think.

I hope this helps

I'm afraid this doesn't help.
First, your original claim (post #66) was generic about 2FA and not specific to xenForo.
Second, as Don Adan said, this can change any time.

[malko]

Quote:

Originally Posted by Don_Adan

Sorry, but everything was changed from a few years, when I'm active on the net.
For everything you need to give your cell number as 2FA verification.
[...]
Then you can wrote "does NOT require a phone number for 2FA" NOW.
But it will be "required a phone number for 2FA" SOON.
Many services dont needs phone number a few years ago to activate.
Now everything needs phone (cell) number to activate.

This is what happened with some of the applications used at work....
To the extend that every employee has a professional cell phone (monthly fees) even if it is never used professionally and is used only to confirm windows login from time to time or log to an application from a fixed PC at work .

[TCD]

Soon every website will require a blood and urine sample along with signed permission slip by your parents Don't worry, we here at EAB incorporated will provide you with free tin foil

[deluxe1260]

Quote:

Originally Posted by Predseda

Current forum engine in its mobile skin works perfectly with AmigaOS3 Workbench in 8 colours using IBrowse on A1230. I wont change it.

Wow, I didn’t know that.
I have to try this mobile skin on my Amiga later. Thanks

[Predseda]

My only thoughs: whatever you do with this forum, no likes and thumbsups / downs please!