Solved Two Factor Authentication Scheme for Vivaldi.net Account
-
@earldaniels said in Two Factor Authentication Scheme for Vivaldi.net Account:
This needs to happen. Soon. I am questioning the chance I am taking having any of my passwords sync'ed with no 2FA. I won't use Vivaldi for banking or my primary email due to this.
Sync is actually the only thing that has two factor authentication already. There's vivaldi.net's password to access the account and then the decryption password to decrypt the information sent by sync.
Unless you configure Vivaldi to memorize both and not ask for them, of course, then all anyone else needs is access to your browser(just like when you configure 2fa for your GMail acount but then set your phone or browser never to ask you for your password again - your back to 1fa: needing access to your device).
-
@pauloaguia said in Two Factor Authentication Scheme for Vivaldi.net Account:
Sync is actually the only thing that has two factor authentication already. There's vivaldi.net's password to access the account and then the decryption password to decrypt the information sent by sync.
You misunderstand.
Vivaldi Sync does not have 2FA (Two Factor Authentication).The Vivaldi Sync server does not sent a decryption password to you. It sends encrypted sync data to your PC and uses the Sync encryption password (which is always stored local on your PC) to decrypt data locally.
-
@doctorg said in Two Factor Authentication Scheme for Vivaldi.net Account:
The Vivaldi Sync server does not sent a decryption password to you. It sends encrypted sync data to your PC and uses the Sync encryption password (which is always stored local on your PC) to decrypt data locally.
You described my understanding perfectly
I never said Vivaldi sends you either of those passwords. I still think that this is 2FA - in this case, 2 "something you know"'s. But I'm always open to arguments otherwise
It's actually more 2FA than GMail, for instance, which uses "something you know" and then "something they send you"Maybe this article helps clarify 2 step validation vs 2 factor authentication? https://www.techradar.com/news/two-factor-authentication-vs-two-step-verification-youve-probably-missed-this-tiny-difference
-
@pesala Merge the two, it is just you that work on Vivaldi that needs them to be separate, and you can get this with "groups" in Linux. The rest of the world is subject to Microsoft insecurity.
Give us UID with capabilities & roles, automount scripts for cloud services so we can contest the big ones, everyone can host their own cloud server, and with "tunnelling" this can be accessed from anywhere. Then, host our own security service. -
I really hope you guys implement multi factor authentication as soon as possible.
For a browser that has managed to be so popular among privacy enthusiasts, this feature is a must!
-
Replying just to state that this should be a mandatory security feature nowadays, please consider implementing it asap.
-
Agreeing with everyone above who have commented. This is a necessary feature
-
https://2fa.directory/de/#other
told me to post here
-
For me to start using Vivaldi services like mail or calendar 2FA is a must. Now it is a huge roadblock and seeing this not moving forward is a pain in my ass since I really really want to use it.
-
I strikes me that Vivaldi is not very secure. Given the sync feature, if someone knows both the Vivaldi password and the encryption password, they would have access to ALL saved passwords via the sync feature. 2FA must be implemented to prevent this kind of breach. Until then I struggle to use Vivaldi fully.
-
@kunjan Two Factor Authentication Scheme for Vivaldi.net Account is on the to do list at Vivaldi Team, that's why the title says Pipline. But it is not yet certain when Vivaldi Team will release this feature.
-
@stardepp Ty for the correction...I missed the pipeline tag. Coffee time..!
-
Once more my main email account got attacked and I went to check my vivaldi account for a 2factor auth...
It is disturbing that my synced passwords is stored without a 2factor protecting it..
Also the lack of an overview for signed in devices for the same security reasons.. This should be a nessasary security feature.... -
So this is it? NO 2FA for the webmail.vivaldi.net ?
This is year #2001_thinking (#oldfashioned), when there is no 2FA, than I am out of here -
@fvdhorst 2FA/FIDO2 is in pipeline, no progress for a release.
-
thanks, keep my fingers crosssed
greetings -
Wow...now in Progress
-
I do not know why this should be "In Progress", i do not see progress in bug tracker on 2FA/FIDO for vivaldinet.I was wrong. See post https://forum.vivaldi.net/post/561672
-
@doctorg
perhaps some magic behind thescenesbugs -
I asked a web backend dev now, and he said: It is really In Progress
That is all i am allowed to tell.
And yes, i am curious too, what will come, and sorry, i can not test internally the 2FA of vivaldinet.