We’ve rolled out Two-Factor Authentication for Vivaldi accounts and a new reputation system for Vivaldi Webmail access.
-
@tzic said in We’ve rolled out Two-Factor Authentication for Vivaldi accounts and a new reputation system for Vivaldi Webmail access.:
I am sorry to say, however after the newest webmail update, I have lost the calendar and contacts data.
It works with external Card/CalDAV clients, but it's not shown in web-based calendar/contacts pages.
Does anyone else have the similar/same issue? Tnx.
Thanks for reporting this. This does indeed seem to be broken right now - sorry about that. We'll try to get it fixed as soon as we can.
-
I have been using the WWW since 1994. I have been using Vivaldi and loving it for more than four years. I am not a techie, so I find your explanation and implementation of two-factor authentication totally baffling. At least you are not requiring that one use face scans or fingerprints. Like many others, your moves to make things more secure... puts nearly all the responsibility on the user. Having to gain points via an unknown or secret system seems really strange. User name, password, and an SMS seems as though it should have been enough.
I do not want to be come a more technical user. I am a writer and editor and just want to find information and pass it on to others. I think you and others need to rethink how to make the web safe to use.
-
@nedhamson said in We’ve rolled out Two-Factor Authentication for Vivaldi accounts and a new reputation system for Vivaldi Webmail access.:
I have been using the WWW since 1994. I have been using Vivaldi and loving it for more than four years. I am not a techie, so I find your explanation and implementation of two-factor authentication totally baffling. At least you are not requiring that one use face scans or fingerprints. Like many others, your moves to make things more secure... puts nearly all the responsibility on the user. Having to gain points via an unknown or secret system seems really strange. User name, password, and an SMS seems as though it should have been enough.
I do not want to be come a more technical user. I am a writer and editor and just want to find information and pass it on to others. I think you and others need to rethink how to make the web safe to use.
Perhaps part of your confusion stems from the fact that the 2-factor authentication, and the new requirements for new users to use webmail are in fact 2 completely separate and unrelated concepts, we just happen to be launching both of them at the same time, and announcing them both in the same blog post.
The 2-factor authentication is an optional security feature that we offer to allow users to make their accounts more secure. You do not need to use it if you don't want to, though it's certainly something we recommend.
The new requirements for new users to get access to webmail are a response to the large number of attempts we see daily to sign up to our webmail service purely for the purpose of abusing our free service for spamming and scamming, to the detriment of our genuine users. It won't directly affect you if you are already using our webmail service, except that fewer spammers on our servers means a better level of service for everyone else. The SMS verification that we previously had was easily bypassed by using throwaway phone number services that are abundant these days. Trying to block all of those was an exercise in futility. Also, every SMS we sent out to verify a user in this way cost us money, an amount that varied per country, and was definitely not an insignificant amount in total. (edit: also we really didn't like collecting everyone's phone numbers!)
System Administrator / Backend Developer
-
@nedhamson You aren’t forced to use it, it’s optional. Just ignore it.
edit: @thomasp u 🥷d me
-
@nedhamson some data must inherently be in the sole domain of the user to allow for secure authentication.
Nothing can protect against a person sharing a password on social media.
A (hardware) security key or authenticator app is the result of rethinking user security, most other bright ideas (including biometrics) survived less than a month in the wild for that use case.
-
@kargi said in We’ve rolled out Two-Factor Authentication for Vivaldi accounts and a new reputation system for Vivaldi Webmail access.:
Anyone can get into my account
how?
-
@thomasp Thanks, I guess I will look at a physical key that I can use for laptop and cell.
-
the blog start says
New updates to key Vivaldi Community services bring a new level of security to your Vivaldi accounts, will help us keep a lid on some very determined spammers
can i just get clarification, to ensure i understand this initiative? the anti-spamming aspect of this initiative is only wrt misuse of webmail, is it? not also somehow the forum? i ask coz everyone who has been in the forum for any non-trivial length of time, unfortunately knows that now & then, posts appear that are overtly or covertly spam. i was struggling to see how this initiative assists to prevent that. however, it now seems that's not the intention, but instead it's to protect webmail integrity. or, am i still missing the point? [i don't even pretend to understand spammers & scammers, so i might have this all wrong].
Look, you've got it all wrong! You don't need to follow me. You don't need to follow anybody! You've got to think for yourselves! You're all individuals!
-
Submitted update to https://2fa.directory/ - https://github.com/2factorauth/twofactorauth/pull/7568, merged already.
-
@ybjrepnfr Only webmail. There is no prerequisite to joining the forum. The phone number sign up apparently didn’t stop the influx of bad actors.
-
@tzic should be fixed now, sorry about that.
-
I expect Passkeys as it is was added to Chrome working here for Vivaldi services in near future!?
-
That's a good thing. But I am alarmed by the poor quality of automatically generated passwords for applications. There are 3-4 pairs of the same ones per 25 characters. There are even three identical ones. Please, this needs to be improved!
And I hardly should have used obsolete sha1 in the code generator! Even my app pointed out that this is a weak security method. Why don't you opt for reliability right away?And one more suggestion. Vivaldi mail supports pgp encryption. I think that receiving encrypted notifications about account security events would improve the quality of service. At the same time, you can create another layer of protection when changing user's pre-selected data (passwords, 2fa, account deletion) requires an encrypted email with a verification code inside.
-
@far4 said in We’ve rolled out Two-Factor Authentication for Vivaldi accounts and a new reputation system for Vivaldi Webmail access.:
Vivaldi mail supports pgp encryption
Comes next
-
@rseiler Same here. My session expires too soon. I haven't tested the exact time, but it does seem like it only last a week at the most.
-
Can I generate new batch of Recovery Codes, once I used all 3?
-
@Melvidor As long as you have access you should be able to generate new ones.
-
Several questions after activating 2FA with security key and TOTP. I had to login again on another computer and it did not have the option to use TOTP but only security key. Does this mean I have to use security key all the time? Will I lose access to my account if I lose the security key?
Does the security key or TOTP work with webmail?
Thanks
-
@jane-n I'm having the same issue. I have a nitrokey 3A. I tried adding it to my account. I get to enter my pin, I need to touch it. After that, nothing. I've waited a while to get the pop-up to name it, I've tried on a Linux device, on a Windows machine, on Vivaldi browser and on Firefox (both on Linux and windows). Never saw the pop-up to name my key. When going to my account, it isn't added (I don't see it listed).
-
@Team_Vivaldi Is this 2FA actually needed?
I use a personal private computer do I really need this for this Platform? I use the 2FA on other platforms because of past security issues.Sharon Connor
