New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Providers and 2FA
In another thread, there were conflicting, anecdotal reports about how widely 2FA has been deployed by providers. So as not to derail that thread into a tangent,here is a new one.
2FA (aka two-factor authentication) can mean different things. Here I'm referring to TOTP-based 2FA (i.e., Google Authenticator, Authy) unless otherwise noted. Furthermore, there may be differences between a client portal and a "control panel" authentication. I'm considering what most people see first, the client portal (e.g., billing, contact, support). Corrections and additions to this thread welcome.
Providers without 2FA:
Comments
many more providers don't have 2FA for SolusVM control panel
SolusVM 1 does not has 2FA feature?
There are many providers without 2FA on their client area. This is bad especially nowadays, when we have paid hackers due to worldwide conflicts, as well as leaked information of customers. Maybe we should create a list of shame.
We accept and encourage it on your billing portal (WHMCS) and VPS control panel (Virtualizor).
If your provider uses these pieces of software and doesn't have 2FA enabled, they hate you. (It's a click of a button to enable)
BuyVM has it for both billing & Stallion.
Francisco
Incog & BuyVM premium
1GServers supports TOPT-based 2FA for all clients.
Racknerd - TOTP - Secures Billing PII / No 2FA for VPS Management
Should probably add a praise list of providers who do offer it as well (and the differences between them)
Praise List:
AlphaVPS - TOTP - Secures billing PII/VPS management (VPS Management Only Accessible via Client Area)
EasyVM - TOTP - Secures billing PII/VPS management (VPS Management Only Accessible via Client Area)
SecureDragon - TOTP - Secures billing PII/VPS management (VPS Management Only Accessible via Client Area)
ExtraVM - TOTP - Secures billing PII/VPS management (VPS Management Only Accessible via Client Area) - 2 OTP Tokens (client area/vps management)
Crunchbits - TOTP - Secures billing PII/VPS management (VPS Management Only Accessible via Client Area) - 2 OTP Tokens (client area/vps management)
BuyVM - TOTP - Secures billing PII/VPS management - 2 OTP Tokens (client area/vps management)
Providers from LET that I noticed without 2FA so far:
Please correct me if I am wrong or if I am blind and could not see the option on a provider.
We carry 2fa for both our billing and vps panel.
Racknerd provides 2FA for the client/billing panel, but not for the vps management panel.
Hosthatch and Terrahost both run custom panels which fully support 2FA, well done.
Anyone who uses VirtFusion is also covered 💯👌🏼
Usually providers adopt the time-based one-time password mechanism. It would also be great if more providers could add YubiKey too, if possible (I know this might be too much to ask).
@jbiloh @trewq @raindog308
In a modern era of security, I kindly request a rule for all providers of LET to have the option of 2FA when applying for their provider tag. This would make customers feel safer against hackers and abusers, especially when selling things like hosting data, email, or servers.
in this day & age would expect all providers / companies you deal with to offer 2FA options , does not have to be forced but giving the customers the option when they 1st sign up then forcing after a short while of being a customer to save any annoyance on sign up.
we offer 2FA on our Clients Panel (WHMCS) & our Virtfusion
we currently do Time based , but will soon offer Yubikey too!
2fa is very important, agreed.
Will think on this suggestion.
I second this notion. YubiKey should be an advertised feature. OVH have it by default but (the way I understand it) they used an old api call which Chrome does not accept anymore.
@hosthatch Have 2FA but no Yubikey yet.
We have it enabled on WHMCS, it took me sometime to find it on the new theme though
And we use VirtFusion for control panel, so already covered there
Update:
Myw.pt @MikePT seems to have a 2FA page working, but it's somewhat hidden (not in menus).
https://myw.pt/manager/index.php?rp=/user/security
A question for the providers offering 2FA, do you use the implementation of your billing system/control panel or an external service such as AWS Cognito, Azure AD B2C, Okta, etc.?
Seems to happen a lot (the lack of 2FA) with providers using Clientexec, at least on the client area.
Two that use and do not have 2FA available on the client area (at least I did not saw the option):
@NetDynamics24
@jonesolutions
I wonder how many providers will happily disable the 2FA if they see a support request and a photoshopped ID.
similar to ansible, try using saltstack
https://docs.saltproject.io/en/getstarted/index.html
Sounds like no IPv6 no fun, and now no 2FA no fun? Folks prefer lock yourself into troubles.
Will sort ASAP mate.