We’ve rolled out Two-Factor Authentication for Vivaldi accounts and a new reputation system for Vivaldi Webmail access.
-
@felagund For forum 2FA, it is helpful for at-risk accounts like moderators and admins to have additional security like this. And if adding it for us lets others get 2FA for free, then that's a win. You don't have to use it if you don't want to.
If you only use the forum, then that's fine, but if for users who use webmail, then they may also want additional protections for that too.
-
I fully support the introduction of Two-Factor Authentication, and I have reported ad posts many times.
However, given some well-known network constraints in my current location, I'm afraid to enable it. -
@LonM yes, as long as it is voluntary, I am fine with that. I am just allergic to security being forced down my throat, which is not yet happening here. Similar to onerous password-strength requirements.
-
@thomasp: THANK YOU! That solved the problem!
I'm happy again -
I am sorry to say, however after the newest webmail update, I have lost the calendar and contacts data.
It works with external Card/CalDAV clients, but it's not shown in web-based calendar/contacts pages.
Does anyone else have the similar/same issue? Tnx.
-
@Team_Vivaldi I wonder if we can get "Remember me on this device" to last more than about a week here, which if it ever has, hasn't worked beyond about a week for a long time (not clearing cookies, either)? If that's a security measure, I don't think it makes sense.
-
@tzic said in We’ve rolled out Two-Factor Authentication for Vivaldi accounts and a new reputation system for Vivaldi Webmail access.:
I am sorry to say, however after the newest webmail update, I have lost the calendar and contacts data.
It works with external Card/CalDAV clients, but it's not shown in web-based calendar/contacts pages.
Does anyone else have the similar/same issue? Tnx.
Thanks for reporting this. This does indeed seem to be broken right now - sorry about that. We'll try to get it fixed as soon as we can.
-
I have been using the WWW since 1994. I have been using Vivaldi and loving it for more than four years. I am not a techie, so I find your explanation and implementation of two-factor authentication totally baffling. At least you are not requiring that one use face scans or fingerprints. Like many others, your moves to make things more secure... puts nearly all the responsibility on the user. Having to gain points via an unknown or secret system seems really strange. User name, password, and an SMS seems as though it should have been enough.
I do not want to be come a more technical user. I am a writer and editor and just want to find information and pass it on to others. I think you and others need to rethink how to make the web safe to use.
-
@nedhamson said in We’ve rolled out Two-Factor Authentication for Vivaldi accounts and a new reputation system for Vivaldi Webmail access.:
I have been using the WWW since 1994. I have been using Vivaldi and loving it for more than four years. I am not a techie, so I find your explanation and implementation of two-factor authentication totally baffling. At least you are not requiring that one use face scans or fingerprints. Like many others, your moves to make things more secure... puts nearly all the responsibility on the user. Having to gain points via an unknown or secret system seems really strange. User name, password, and an SMS seems as though it should have been enough.
I do not want to be come a more technical user. I am a writer and editor and just want to find information and pass it on to others. I think you and others need to rethink how to make the web safe to use.
Perhaps part of your confusion stems from the fact that the 2-factor authentication, and the new requirements for new users to use webmail are in fact 2 completely separate and unrelated concepts, we just happen to be launching both of them at the same time, and announcing them both in the same blog post.
The 2-factor authentication is an optional security feature that we offer to allow users to make their accounts more secure. You do not need to use it if you don't want to, though it's certainly something we recommend.
The new requirements for new users to get access to webmail are a response to the large number of attempts we see daily to sign up to our webmail service purely for the purpose of abusing our free service for spamming and scamming, to the detriment of our genuine users. It won't directly affect you if you are already using our webmail service, except that fewer spammers on our servers means a better level of service for everyone else. The SMS verification that we previously had was easily bypassed by using throwaway phone number services that are abundant these days. Trying to block all of those was an exercise in futility. Also, every SMS we sent out to verify a user in this way cost us money, an amount that varied per country, and was definitely not an insignificant amount in total. (edit: also we really didn't like collecting everyone's phone numbers!)
-
@nedhamson You aren’t forced to use it, it’s optional. Just ignore it.
edit: @thomasp u 🥷d me
-
@nedhamson some data must inherently be in the sole domain of the user to allow for secure authentication.
Nothing can protect against a person sharing a password on social media.
A (hardware) security key or authenticator app is the result of rethinking user security, most other bright ideas (including biometrics) survived less than a month in the wild for that use case.
-
@kargi said in We’ve rolled out Two-Factor Authentication for Vivaldi accounts and a new reputation system for Vivaldi Webmail access.:
Anyone can get into my account
how?
-
@thomasp Thanks, I guess I will look at a physical key that I can use for laptop and cell.
-
the blog start says
New updates to key Vivaldi Community services bring a new level of security to your Vivaldi accounts, will help us keep a lid on some very determined spammers
can i just get clarification, to ensure i understand this initiative? the anti-spamming aspect of this initiative is only wrt misuse of webmail, is it? not also somehow the forum? i ask coz everyone who has been in the forum for any non-trivial length of time, unfortunately knows that now & then, posts appear that are overtly or covertly spam. i was struggling to see how this initiative assists to prevent that. however, it now seems that's not the intention, but instead it's to protect webmail integrity. or, am i still missing the point? [i don't even pretend to understand spammers & scammers, so i might have this all wrong].
-
Submitted update to https://2fa.directory/ - https://github.com/2factorauth/twofactorauth/pull/7568, merged already.
-
@ybjrepnfr Only webmail. There is no prerequisite to joining the forum. The phone number sign up apparently didn’t stop the influx of bad actors.
-
@tzic should be fixed now, sorry about that.
-
I expect Passkeys as it is was added to Chrome working here for Vivaldi services in near future!?
-
That's a good thing. But I am alarmed by the poor quality of automatically generated passwords for applications. There are 3-4 pairs of the same ones per 25 characters. There are even three identical ones. Please, this needs to be improved!
And I hardly should have used obsolete sha1 in the code generator! Even my app pointed out that this is a weak security method. Why don't you opt for reliability right away?And one more suggestion. Vivaldi mail supports pgp encryption. I think that receiving encrypted notifications about account security events would improve the quality of service. At the same time, you can create another layer of protection when changing user's pre-selected data (passwords, 2fa, account deletion) requires an encrypted email with a verification code inside.
-
@far4 said in We’ve rolled out Two-Factor Authentication for Vivaldi accounts and a new reputation system for Vivaldi Webmail access.:
Vivaldi mail supports pgp encryption
Comes next