Three features you would like to see in 3.3.

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Get Involved
Wes of StarArmy
Registered User
Posts: 291
Joined: Fri Mar 04, 2005 2:59 am
Location: StarArmy.com
Contact:

Re: Three features you would like to see in 3.3.

Post by Wes of StarArmy »

Lumpy Burgertushie wrote: Mon Jun 11, 2018 1:58 pm If phpbb were having security issues I would say maybe this was something to worry about. however, as far as I know there are none so why worry
Lack of 2FA -is- a security issue. It is industry standard these days just like TLS is.
User avatar
Toxyy
Registered User
Posts: 942
Joined: Mon Oct 24, 2016 3:22 pm
Location: Namek
Contact:

Re: Three features you would like to see in 3.3.

Post by Toxyy »

Ger wrote: Mon Jun 11, 2018 2:32 pm Well, 2FA isn't really about security of the current phpBB login system itself, that's actually fine as it is. AFAIK it's never been hacked.

2FA is securing the bypasses, e.g. when your email account is hacked, somebody resetting your phpBB account linked to that email etc. Or simply somebody guessing your password or when it's retrieved through a MITM attack, a keylogger or just watching over your shoulder while you type it. 2FA is simply extending the "something you know" (password) with a "something you have" (your phone). The combination of those two required to login makes it way more difficult to breach it.
It's saved me a few times on other forums, actually.
I am a web developer/administrator, specializing in forums. If you have work you need done or are too lazy to do, pm me!

Some of my extensions:
[3.3][BETA] Post Form Templates || [3.3][BETA] Anonymous Posts || [3.2][3.3][BETA] ACP Merge Child Forums || [3.2][BETA] Sticky Ad || [3.2][DEV] User Delete Topics || [3.3][DEV] Moderate While Searching || [3.3][RC] Short Number Twig Extension
User avatar
david63
Registered User
Posts: 20646
Joined: Thu Dec 19, 2002 8:08 am

Re: Three features you would like to see in 3.3.

Post by david63 »

Why is there a presumption these days that everybody has a mobile/cell phone permanently attached to their body?
David
Remember: You only know what you know and - you don't know what you don't know!

I now no longer support any of my extensions but they will start to become available here
User avatar
Lumpy Burgertushie
Registered User
Posts: 69223
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: Three features you would like to see in 3.3.

Post by Lumpy Burgertushie »

I think we should start a movement to at least have the cable that goes from the cell phone to the user's foot removed.

I finally figured out that must be why when they pick up the phone, their foot raised off of the gas pedal in the car.

If you can sit in your car and talk to your passenger without slowing down, why can't you talk on the phone without slowing down?


robert
Premium phpBB 3.3 Styles by PlanetStyles.net

I am pleased to announce that I have completed the first item on my bucket list. I have the bucket.
User avatar
Ger
Registered User
Posts: 2108
Joined: Wed Jan 02, 2008 7:35 pm
Location: 192.168.1.100
Contact:

Re: Three features you would like to see in 3.3.

Post by Ger »

People just shouldn't use their phone while driving, but that's another topic.
My extensions:
Simple CMS, Feed post bot, Avatar Resize, Modbreak, Magic OGP, Live topic update, Modern Quote, Quoted Where (GDPR) and Autoresponder.
Newest: FAQ manager for 3.2

Like my work? Buy me a coffee to keep it coming. :ugeek:

-Don't PM me for support-
User avatar
Lumpy Burgertushie
Registered User
Posts: 69223
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: Three features you would like to see in 3.3.

Post by Lumpy Burgertushie »

people who can not figure out how to talk and drive should not use their phone while driving.
remember that the ability to use the phone while driving was one of the main reasons /benefits of the invention of the cell phone.


and you are right, I pulled this off topic so I am done.

robert
Premium phpBB 3.3 Styles by PlanetStyles.net

I am pleased to announce that I have completed the first item on my bucket list. I have the bucket.
User avatar
tojag
Registered User
Posts: 422
Joined: Thu Aug 07, 2014 8:00 am
Location: Warsaw, Poland, EU
Name: Gregory

Re: Three features you would like to see in 3.3.

Post by tojag »

Ger wrote: Mon Jun 11, 2018 2:32 pm 2FA is securing the bypasses, e.g. when your email account is hacked, somebody resetting your phpBB account linked to that email etc. Or simply somebody guessing your password or when it's retrieved through a MITM attack, a keylogger or just watching over your shoulder while you type it. 2FA is simply extending the "something you know" (password) with a "something you have" (your phone). The combination of those two required to login makes it way more difficult to breach it.
Nothing more to add. I do not need anything else. Nowadays, you should protect the system from attack because you never know if the hacker no longer steals my password. Double authentication by SMS, key generator or software authenticator is a very good method of securing access recognized by IT systems, banks and others. Only phpBB is immune to changes :)
If I remember correctly, a few years ago the phpBB site was hacked, what was the reason?
User avatar
2600
I've Been Banned!
Posts: 2567
Joined: Fri Nov 14, 2014 5:14 pm
Location: Area-51

Re: Three features you would like to see in 3.3.

Post by 2600 »

tojag wrote: Mon Jun 11, 2018 7:11 pm
If I remember correctly, a few years ago the phpBB site was hacked, what was the reason?
Lack of mod_security from what I read on the hacker's blog. :lol:
Morpheus: Unfortunately, no one can be told what The Matrix is. You'll have to see it for yourself.
Hack me.
Consider a canary token.
The nature of my chosen username
:ugeek:
User avatar
2600
I've Been Banned!
Posts: 2567
Joined: Fri Nov 14, 2014 5:14 pm
Location: Area-51

Re: Three features you would like to see in 3.3.

Post by 2600 »

I use 2FA for everything I can use it with. PayPal, my domain, bank, E-mail provider host, Amazon AWS, CloudFlare, you name it. Then save the backup codes in Keepass, encrypt that database yet again with a 7z AES archive and store that in a cloud provider, my local FTP and on CD.
Morpheus: Unfortunately, no one can be told what The Matrix is. You'll have to see it for yourself.
Hack me.
Consider a canary token.
The nature of my chosen username
:ugeek:
User avatar
Lumpy Burgertushie
Registered User
Posts: 69223
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: Three features you would like to see in 3.3.

Post by Lumpy Burgertushie »

John connor wrote: Mon Jun 11, 2018 9:09 pm I use 2FA for everything I can use it with. PayPal, my domain, bank, E-mail provider host, Amazon AWS, CloudFlare, you name it. Then save the backup codes in Keepass, encrypt that database yet again with a 7z AES archive and store that in a cloud provider, my local FTP and on CD.
yes , but not everyone is as paranoid as you are. ;) :D

robert
Premium phpBB 3.3 Styles by PlanetStyles.net

I am pleased to announce that I have completed the first item on my bucket list. I have the bucket.
User avatar
2600
I've Been Banned!
Posts: 2567
Joined: Fri Nov 14, 2014 5:14 pm
Location: Area-51

Re: Three features you would like to see in 3.3.

Post by 2600 »

I guess you don't watch or read the news.

" Hacker group steals 15 million user accounts."

" A vulnerability has allowed a hacker to gain access to such and such database."


or the future post of: "HELP! I've had my database stolen!"
Morpheus: Unfortunately, no one can be told what The Matrix is. You'll have to see it for yourself.
Hack me.
Consider a canary token.
The nature of my chosen username
:ugeek:
User avatar
Toxyy
Registered User
Posts: 942
Joined: Mon Oct 24, 2016 3:22 pm
Location: Namek
Contact:

Re: Three features you would like to see in 3.3.

Post by Toxyy »

I already posted this reply... oops

But really though, just because more experienced users might not find it necessary for their smaller forum doesn't mean the inexperienced web admin with a very large forum wouldn't benefit from it, or his users.
I am a web developer/administrator, specializing in forums. If you have work you need done or are too lazy to do, pm me!

Some of my extensions:
[3.3][BETA] Post Form Templates || [3.3][BETA] Anonymous Posts || [3.2][3.3][BETA] ACP Merge Child Forums || [3.2][BETA] Sticky Ad || [3.2][DEV] User Delete Topics || [3.3][DEV] Moderate While Searching || [3.3][RC] Short Number Twig Extension
User avatar
Lumpy Burgertushie
Registered User
Posts: 69223
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: Three features you would like to see in 3.3.

Post by Lumpy Burgertushie »

John connor wrote: Mon Jun 11, 2018 9:42 pm I guess you don't watch or read the news.

" Hacker group steals 15 million user accounts."

" A vulnerability has allowed a hacker to gain access to such and such database."


or the future post of: "HELP! I've had my database stolen!"
and how many of those issues were related to phpbb? none? that is my point.

I was just picking at you about paranoid. no offense meant.
just because you are paranoid doesn't mean they are not out to get ya.
robert
Premium phpBB 3.3 Styles by PlanetStyles.net

I am pleased to announce that I have completed the first item on my bucket list. I have the bucket.
User avatar
stevemaury
Support Team Member
Support Team Member
Posts: 52768
Joined: Thu Nov 02, 2006 12:21 am
Location: The U.P.
Name: Steve
Contact:

Re: Three features you would like to see in 3.3.

Post by stevemaury »

John connor wrote: Mon Jun 11, 2018 9:07 pm
tojag wrote: Mon Jun 11, 2018 7:11 pm
If I remember correctly, a few years ago the phpBB site was hacked, what was the reason?
Lack of mod_security from what I read on the hacker's blog. :lol:
This is incorrect. It is true that access was obtained to the database. However, it had nothing to do with any security vulnerability in phpBB.
I can stop all your spam. I can upgrade or update your Board. PM or email me. (Paid support)
User avatar
JimA
Former Team Member
Posts: 7833
Joined: Thu Jul 31, 2008 5:54 am
Location: The Netherlands
Name: Jim Mossing Holsteyn
Contact:

Re: Three features you would like to see in 3.3.

Post by JimA »

John connor wrote: Mon Jun 11, 2018 9:07 pm
tojag wrote: Mon Jun 11, 2018 7:11 pm
If I remember correctly, a few years ago the phpBB site was hacked, what was the reason?
Lack of mod_security from what I read on the hacker's blog. :lol:
It's quite a bit more complex than that. ;)

However, let's all go back to the topic this was originally about. This is about potential 3.3 features. If we want to discuss the advantages and disadvantages of 2FA, that can get its own topic.
Jim Mossing Holsteyn - Former Community Team Leader
Knowledge Base | Documentation | Board rules

If you're having any questions about the rules/customs of this website, feel free to drop me a PM.
Post Reply

Return to “phpBB Discussion”