NewsBlur
NewsBlur copied to clipboard
samuelclay
Backend: Two-factor authentication (2FA)
Newsblur isn't just a Newsreader. From our read articles, likes (intelligence trainer), notification preferences it can reveal everything from a person’s political and religious beliefs to sexual orientation and medical conditions etc...
I'd suggest to add 2FA extra security for Newsblur accounts as 2FA very common these days & easy to setup.
- Enable/disable 2FA feature according to user choice.
- (if enabled) To login you need both password & authentication code from your authenticator app
- (if enabled) To disable two-factor authentication, you need your password and an authentication code from your authenticator app. If you lost access to your authentication codes, you can also do a password reset via email.
- Show a message on your account ACTIVITY each time you enable/disable 2FA.
Oh man, you're hitting all the long-time goals with this series of tickets. Do you work as a Product Manager by any chance?
I'm working on #1576 and the premium pro tier could use 2FA.
Do you work as a Product Manager by any chance?
😅 Nah, I'm not a dev or project manager. I post my suggestions what I feel is missing & as user of opensource projects our job is to convince the developer with all the details we can gather. There are no deadlines in OSS development. So feature priority totally upto you :)
+1 for this, my only comment here:
If you lost access to your authentication codes, you can also do a password reset via email.
That would sort of defeat the purpose of two factor authentication in a way, since an attacker could hijack your account by having access to one of your authentication factors. A better way in my opinion would be to generate recovery codes upon setup, similarly to what many platforms provide. Biggest issue here would be the level of support required in case someone loses access to their device, but since @samuelclay is thinking about offering this feature to a premium tier this could be a valid concession.
