We’ve rolled out Two-Factor Authentication for Vivaldi accounts and a new reputation system for Vivaldi Webmail access.
-
@pangolin said in We’ve rolled out Two-Factor Authentication for Vivaldi accounts and a new reputation system for Vivaldi Webmail access.:
@luetage are you sure about that?
If you have an older account, but for one reason or another didn’t verify your phone number, you will be able to create a blog but will need to start building a reputation to use Vivaldi Webmail like all new users.
This seems to indicate otherwise.
Ah yes, that might be a bit confusing. To be clear, if you already had access to webmail (whether through verifying your phone number, or through having registered your account before we implemented the phone verification requirement), that will not change.
-
@YamiryuuZero hopefully you should have the old theme again now. If not, you may need to go in to Settings > Preferences > User Interface and change to the Larry theme. Sorry for that.
System Administrator / Backend Developer
-
I really hope 2FA never becomes mandatory. I like Vivaldi, but i really do not care much if my forum account here gets hacked. Talking about security is unfortunate PR speak. I understand you need to keep spammers out, but the only practical effect it would have on me would be increased probability of being locked out. Why would I need security for a forum account?
Vivaldi sync has a separate password anyway.
-
@felagund For forum 2FA, it is helpful for at-risk accounts like moderators and admins to have additional security like this. And if adding it for us lets others get 2FA for free, then that's a win. You don't have to use it if you don't want to.
If you only use the forum, then that's fine, but if for users who use webmail, then they may also want additional protections for that too.
-
I fully support the introduction of Two-Factor Authentication, and I have reported ad posts many times.
However, given some well-known network constraints in my current location, I'm afraid to enable it. -
@LonM yes, as long as it is voluntary, I am fine with that. I am just allergic to security being forced down my throat, which is not yet happening here. Similar to onerous password-strength requirements.
-
@thomasp: THANK YOU! That solved the problem!
I'm happy again
-
I am sorry to say, however after the newest webmail update, I have lost the calendar and contacts data.
It works with external Card/CalDAV clients, but it's not shown in web-based calendar/contacts pages.
Does anyone else have the similar/same issue? Tnx.
-
@Team_Vivaldi I wonder if we can get "Remember me on this device" to last more than about a week here, which if it ever has, hasn't worked beyond about a week for a long time (not clearing cookies, either)? If that's a security measure, I don't think it makes sense.
-
@tzic said in We’ve rolled out Two-Factor Authentication for Vivaldi accounts and a new reputation system for Vivaldi Webmail access.:
I am sorry to say, however after the newest webmail update, I have lost the calendar and contacts data.
It works with external Card/CalDAV clients, but it's not shown in web-based calendar/contacts pages.
Does anyone else have the similar/same issue? Tnx.
Thanks for reporting this. This does indeed seem to be broken right now - sorry about that. We'll try to get it fixed as soon as we can.
-
I have been using the WWW since 1994. I have been using Vivaldi and loving it for more than four years. I am not a techie, so I find your explanation and implementation of two-factor authentication totally baffling. At least you are not requiring that one use face scans or fingerprints. Like many others, your moves to make things more secure... puts nearly all the responsibility on the user. Having to gain points via an unknown or secret system seems really strange. User name, password, and an SMS seems as though it should have been enough.
I do not want to be come a more technical user. I am a writer and editor and just want to find information and pass it on to others. I think you and others need to rethink how to make the web safe to use.
-
@nedhamson said in We’ve rolled out Two-Factor Authentication for Vivaldi accounts and a new reputation system for Vivaldi Webmail access.:
I have been using the WWW since 1994. I have been using Vivaldi and loving it for more than four years. I am not a techie, so I find your explanation and implementation of two-factor authentication totally baffling. At least you are not requiring that one use face scans or fingerprints. Like many others, your moves to make things more secure... puts nearly all the responsibility on the user. Having to gain points via an unknown or secret system seems really strange. User name, password, and an SMS seems as though it should have been enough.
I do not want to be come a more technical user. I am a writer and editor and just want to find information and pass it on to others. I think you and others need to rethink how to make the web safe to use.
Perhaps part of your confusion stems from the fact that the 2-factor authentication, and the new requirements for new users to use webmail are in fact 2 completely separate and unrelated concepts, we just happen to be launching both of them at the same time, and announcing them both in the same blog post.
The 2-factor authentication is an optional security feature that we offer to allow users to make their accounts more secure. You do not need to use it if you don't want to, though it's certainly something we recommend.
The new requirements for new users to get access to webmail are a response to the large number of attempts we see daily to sign up to our webmail service purely for the purpose of abusing our free service for spamming and scamming, to the detriment of our genuine users. It won't directly affect you if you are already using our webmail service, except that fewer spammers on our servers means a better level of service for everyone else. The SMS verification that we previously had was easily bypassed by using throwaway phone number services that are abundant these days. Trying to block all of those was an exercise in futility. Also, every SMS we sent out to verify a user in this way cost us money, an amount that varied per country, and was definitely not an insignificant amount in total. (edit: also we really didn't like collecting everyone's phone numbers!)
System Administrator / Backend Developer
-
@nedhamson You aren’t forced to use it, it’s optional. Just ignore it.
edit: @thomasp u 🥷d me
-
@nedhamson some data must inherently be in the sole domain of the user to allow for secure authentication.
Nothing can protect against a person sharing a password on social media.
A (hardware) security key or authenticator app is the result of rethinking user security, most other bright ideas (including biometrics) survived less than a month in the wild for that use case.
-
@kargi said in We’ve rolled out Two-Factor Authentication for Vivaldi accounts and a new reputation system for Vivaldi Webmail access.:
Anyone can get into my account
how?
-
@thomasp Thanks, I guess I will look at a physical key that I can use for laptop and cell.
-
the blog start says
New updates to key Vivaldi Community services bring a new level of security to your Vivaldi accounts, will help us keep a lid on some very determined spammers
can i just get clarification, to ensure i understand this initiative? the anti-spamming aspect of this initiative is only wrt misuse of webmail, is it? not also somehow the forum? i ask coz everyone who has been in the forum for any non-trivial length of time, unfortunately knows that now & then, posts appear that are overtly or covertly spam. i was struggling to see how this initiative assists to prevent that. however, it now seems that's not the intention, but instead it's to protect webmail integrity. or, am i still missing the point? [i don't even pretend to understand spammers & scammers, so i might have this all wrong].
Look, you've got it all wrong! You don't need to follow me. You don't need to follow anybody! You've got to think for yourselves! You're all individuals!
-
Submitted update to https://2fa.directory/ - https://github.com/2factorauth/twofactorauth/pull/7568, merged already.
-
@ybjrepnfr Only webmail. There is no prerequisite to joining the forum. The phone number sign up apparently didn’t stop the influx of bad actors.
-
@tzic should be fixed now, sorry about that.
