Solved Two Factor Authentication Scheme for Vivaldi.net Account
-
For me to start using Vivaldi services like mail or calendar 2FA is a must. Now it is a huge roadblock and seeing this not moving forward is a pain in my ass since I really really want to use it.
-
I strikes me that Vivaldi is not very secure. Given the sync feature, if someone knows both the Vivaldi password and the encryption password, they would have access to ALL saved passwords via the sync feature. 2FA must be implemented to prevent this kind of breach. Until then I struggle to use Vivaldi fully.
-
@kunjan Two Factor Authentication Scheme for Vivaldi.net Account is on the to do list at Vivaldi Team, that's why the title says Pipline. But it is not yet certain when Vivaldi Team will release this feature.
-
@stardepp Ty for the correction...I missed the pipeline tag. Coffee time..!
-
Once more my main email account got attacked and I went to check my vivaldi account for a 2factor auth...
It is disturbing that my synced passwords is stored without a 2factor protecting it..
Also the lack of an overview for signed in devices for the same security reasons.. This should be a nessasary security feature.... -
So this is it? NO 2FA for the webmail.vivaldi.net ?
This is year #2001_thinking (#oldfashioned), when there is no 2FA, than I am out of here -
@fvdhorst 2FA/FIDO2 is in pipeline, no progress for a release.
-
thanks, keep my fingers crosssed
greetings -
Wow...now in Progress
-
I do not know why this should be "In Progress", i do not see progress in bug tracker on 2FA/FIDO for vivaldinet.I was wrong. See post https://forum.vivaldi.net/post/561672
-
@doctorg
perhaps some magic behind thescenesbugs -
I asked a web backend dev now, and he said: It is really In Progress
That is all i am allowed to tell.
And yes, i am curious too, what will come, and sorry, i can not test internally the 2FA of vivaldinet. -
Absolutely a must and a priority. Given the forward-thinking/cutting-edge nature of Vivaldi, its userbase, and the fact that Vivaldi services include e-mail I can hardly believe this was not implemented from the very beginning.
Two-factor verification should allow for the use of TOTP codes, registering two U2F hardware keys (one for backup), and optional switch-on secondary 2FV Vivaldi mobile app integration
(In other words, after using TOTP/U2F to login to Vivaldi services on your mobile app any subsequent logins can be confirmed by a mobile app sending you an "is this you?" pop-up; this could also be a six digit code as well--see Telegram implementation of additional logins to understand what I mean.)
As NFC becomes more ubiquitous it could be equally easy to simply tap your hardware key rather than press OK on your mobile device (depending on where either happens to be at any one point in time) so all options should available.
-
Vivaldi Mail 1.0 has been officially launched and still no 2FA?
Probably a joke.
No Vivaldi mail for me and it also means that security is clearly not a priority for the Vivaldi team. -
We're actively working on it, but as you can log in to many different services with a Vivaldi account (Sync, Webmail, Forum, etc.), we need to make sure 2FA works with all of them on both desktop and mobile. In addition, we want to support 2FA both with TOTP and hardware keys, so that takes some time as well.
-
@jane-n said in Two Factor Authentication Scheme for Vivaldi.net Account:
2FA both with TOTP and hardware key
Then you will get a happy Nitrokey user, me. ️
-
2FA is urgently needed. I don't like to change my password every week. This is discussed for over 2 years now, and I think it's time for a release..
-
@thomasbeling Hello, a just a bit further up in the topic is a comment by one of our team members saying this is something we're actively working on and explaining a bit about the process. If you've not read it yet, it might help you tide yourself over until we're able to release.
-
@thomasbeling said in Two Factor Authentication Scheme for Vivaldi.net Account:
I don't like to change my password every week.
2FA or not, you shouldn't be doing that anyways. Changing a password so regularly is counterproductive and a complete waste of your time.
Sources:
- Frequent password changes are the enemy of security, FTC technologist says - Ars Technica
- Microsoft says mandatory password changing is “ancient and obsolete” - Ars Technica
- Stop Changing Your (Strong, Unique) Passwords So Much - PCMag
- Should You Change Your Passwords Regularly? - How-ToGeek
And a relevant XKCD comic.
-
@jane-n More important to get some 2FA rolled out, say TOTP, then add support for hardware keys later.