twofactorauth icon indicating copy to clipboard operation
twofactorauth copied to clipboard

Published 20 hours ago verified publisher icon 2factorauth

Email newsletter

Open tommorris opened this issue 9 years ago • 9 comments

Every couple of months I check this site to see if any services I use have enabled 2FA. Have you considered an email newsletter so that security-conscious web users could subscribe and get (say) a weekly or monthly email with new services that have added 2FA? They don't then have to mentally diff the list.

Just an idea. Great site and fantastic work in promoting 2FA and better security.

tommorris avatar Oct 24 '16 00:10 tommorris

thanks for the idea @tommorris!

i was going to look into being able to track which yaml entry is affected by a git diff by using the git diff to get the line number and then going up until a yaml tag is found. with a ruby tool like that, you could find the name entry associated with any diff. could be used for a weekly or monthly diff. yamldiff might also be a big help (https://github.com/wallace/yamldiff)

anything you're interested in helping with?

stephengroat avatar Oct 24 '16 01:10 stephengroat

It would be great if I could click a button on an entry that said "notify me" and I get an email or tweet or whatever when that entry changes. Big ask, but very useful.

gingerbeardman avatar Dec 15 '16 12:12 gingerbeardman

Hello Matt, feel free to create such a button then. I'll happily accept a finished Pull Request with that.

On 15 Dec 2016, at 13:32, Matt Sephton [email protected] wrote:

It would be great if I could click a button on an entry that said "notify me" and I get an email or tweet or whatever when that entry changes. Big ask, but very useful.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

Carlgo11 avatar Dec 15 '16 18:12 Carlgo11

Hey guys thanks for creating this list and website

I wrote a Windows app that can scan through your Chrome/Firefox history for sites that match the list provided here. You can download the compiled copy here: http://bit.ly/leakycloud or get the source here: https://github.com/Eonasdan/LeakyCloudChecker

Every time you enter the 2FA section of the app it checks the github api for recent commits compare to the last time the app downloaded the list and prompts to update the list.

Eonasdan avatar Mar 07 '17 03:03 Eonasdan

@Eonasdan nice work!

gingerbeardman avatar Mar 07 '17 11:03 gingerbeardman

I think I've finally figure out how to actually do this:

Mailchimp has a hosted mail list sign form since we don't have to host it because we can't on the static jekyll site

Using ruby's hashdiff and rugged git library, we could diff the yaml from each week to figure out which entries changed and use travis's cron to send out an update

anyone want to work on this with me?

@psgs any ideas on how to integrate a Mailchimp style form?

stephengroat avatar Jul 13 '17 00:07 stephengroat

here's a block that i'm working on when i'm bored.

It's is triggered by travis cron once a week and does the necessary backend work

  • gets a 7 day git diff
  • gets the specific yaml-level differences on the files changes
  puts "<------------ No errors. You\'re good to go! ------------>\n"
  if true
#  if ENV['TRAVIS_EVENT_TYPE'] == 'cron' && \
#     ENV['TRAVIS_SECURE_ENV'] == 'true' && Date.today.monday?
    puts 'Sending weekly diff email'
    # Find commits 1 week old
    repo = Rugged::Repository.new('.')
    walker = Rugged::Walker.new(repo)
    walker.push(repo.head.target)
    commit_to_diff = nil
    walker.each do |commit|
      if Date.today - 7 < Date.parse(commit.time.inspect)
        commit_to_diff = commit
      else
        break
      end
    end
    ymls = repo.head.target.diff(commit_to_diff).deltas.map { |d| d.new_file[:path] }
    ymls.map! { |y| Pathname.new(y).each_filename.to_a }
    ymls.select! { |y| y[0] == '_data' && y[1] != 'sections.yml' }
    ymls.map! { |y| y[1] }
    ymls.each do |y|
      yml_oid = repo.lookup(commit_to_diff.tree['_data'][:oid])[y][:oid]
      old_content = YAML.safe_load(repo.lookup(yml_oid).content)
      curr_content = YAML.load_file("_data/#{y}")
      HashDiff.diff(old_content, curr_content).each do |d|
        if d[0] == '+' && d[1] =~ /(?<=websites\[).*(?=\])/
          puts curr_content['websites'][(/(?<=websites\[).*(?=\])/.match(d[1]).to_s.to_i)]
        end
      end
    end
  end

stephengroat avatar Jul 14 '17 06:07 stephengroat

@tommorris, @gingerbeardman my friend Ray and I created a web extension that uses the data in this project to notify you anytime you visit a site that supports 2FA. It should be a great way to avoid the need to visit the site periodically to determine which sites you use might have been added. If a new site gets added, then you'll get a notification the next time you go to that site without having to do anything. It'll just happen. Check out the site 2fanotifier.org and the issue I posted in this project if you're curious.

conorgil avatar Jul 13 '18 03:07 conorgil

Why not just watch this repo to get notifications and then you see new added sites as issues or pull requests

beerisgood avatar Jul 13 '18 10:07 beerisgood