New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Thanks. Now we're talking something that might work for me.
I'm assuming the client is any old phone that has a screen. Would probably be cheap. Never seen service at $1.5 per month, but makes sense for message service only or something.
TOTP doesn't need any type of service plan. The app runs purely on the phone and doesn't use the network. So if you can scrounge an old phone from somewhere, you can run it with no plan.
delete mistake
Now I'm really interested. I'll go looking for an old phone. Thanks.
One thing: you want one with a not too crappy camera. 2MP with autofocus is probably enough, but one of those really old non-AF phones from the Android 2.1 era might not be.
When you activate 2FA on an account, the server shows you a QR code (2-d bar code) and you snap a picture of it with the 2FA phone app. That's how you get the TOTP shared secret into the app. The camera doesn't have to be great (especially by today's standards) but some old ones are really terrible and might not suffice. Anything running Android 4 or later is probably fine. Or on the IOS side, an iphone 4 is definitely good enough but I can't be sure about earlier ones.
Note that even with no mobile data plan, you can usually get online with those phones if you have wifi available.
Just a follow-up on this post: since I open this post, ZERO providers that I use here from LET that where not using 2FA, have implemented 2FA.
I cannot think on any valid or login reason for at least on WHMCS (that is what almost everyone is using) to pay more $1.5/month to have 2FA for unlimited users.
I just don't see security has a priority for many providers here. I will not say names.. that is not the point of this post. The point is that we as users/clients to fight against this.
So for all here that have security as a priority/concern, if your provider does not yet has 2FA, open a ticket asking for it! That seems to be the only way to get things to change.
Join the 2FA revolution!
1.50USD that seem to make a difference for many providers.
Its a cheap price to pay for additional security, for both clients and admins.
Maybe they never read this thread lul.
Well, I am interested in security and very much so, but I'm not in the least interested in your "uprising of the customers" - nor are most other customers; and even less so if that costs money.
You see, this market is driven by some forces with the customers being a major one. The very name of this forum provides a strong hint: there are many (potential) customers desiring a small and cheap VPS, hence LET and plenty providers here offering what many customers want.
Your observation (0 providers added 2FA) is probably correct. Your premise, however, is not. Obviously most customers don't care or don't see 2FA as an important and strong security enhancement. If they did the providers would act, just like they act on many other real and major customer wishes.
And, in fact, if whcms (and data handled by it) are vulnerable (which I guess is almost certainly the case) then for quite different reasons (e.g. php) and 2FA will not make that situation better.
Frankly, I feel that your fight is similar to someone demanding condoms for aids protection in a war zone. It just doesn't address the real and major problem.
Low End Condoms for when you don't care.