Forums  /  The Site  /  Password Resets (April 3, 2019)
  BanksBanks
(edited: )

@NoTeefy

> You would also annoy a LOT of users who are living in countries with dynamic IP allocations like Germany (you automatically receive a new IP address every 24 hours).

I was trying to specifically avoid that problem by indicating that it would only apply when a new session was created from a new IP, not when an existing session changed IPs. If you are repeatedly logging out and back in, then yes, but that applies to all such options.

> You'll end up with the same insecure scenario regarding bruteforced/leaked email accounts as it already was without it.

Possible in some cases, but that's far from a given. Email is the most valuable account that almost any users has, and is one of the most likely to be secure. Most major email providers provide some amount of additional security these days, particularly when they detect uncommon login patterns. Ratcheting up to the level of users' email security would be a solid improvement.

We don't need to let perfect be the enemy of the good, but it looks like the admins already have a good plan so I'll stop spamming this thread.

ImaproshamanImaproshaman likes this. 
  debiangamer256debiangamer256

If 2fa is implemented let everyone use email verification and not just texting phone verification because I don't have a texting phone number.

 
  YuriBaconYuriBacon

I agree with someone else in this thread, using Google Authenticator OTPs for 2FA would be best, and I'd require it for mods so this can't happen.

 
  junkyard_davejunkyard_dave
(edited: )

2FA is a good idea (forced specifically on anyone that moderates a board) because the problem with the userbase is it'll always have fluctuating interest. There are people I know that haven't used this site in the last year or only check it when they want to post runs themselves, which sometimes includes moderators. People grow out of speedrunning as a hobby, but what they contributed here or the powers they had remain. Obviously if an old password becomes compromised and people don't even login to this website anymore, they're just asking to be used as cannon fodder if someone decides to abuse everything. This would basically immediately solve problems, and I agree with whoever posted make it an email thing. Everyone has an email and that's relatively hassle free. Phone numbers are more annoying for 2FA EVERY time.

April fools: please, read only the site or get rid of moderators who abuse their powers thinking they're funny stuff on that specific day to change a bunch of stuff around. There's a billion different and more funnier ways to have fun on that day. In the entire time I've existed on this website there was never anything "funny" that was changed and back that was actually... funny.

It's just annoying especially on quasi live-feeds (like @NESruns) on Twitter which mirror time changes here.

ImaproshamanImaproshaman likes this. 
  VolvagiaVolvagia

A lot of user customisation to boards will be obsoleted when @Pac is done with his redesign, besides a heading image and cover art, I think... which granted, seeing some themes, is probably for the best and I've been a big advocate for it for some time.

I've not had the time to read this entire thread, but, some levels of further security implementations for mods or higher, needs to be in place. The reason I enforced the inability to use a previous password is because of people being ignorant to their own security, and the repercussions that may have on others, should they continue to be ignorant and also be a game moderator.

To add a little bit of note to this, no staff member has been compromised in either situations which tells me the user only has a small ballpark of names and previous passwords to play with, and, those users compromised have been careless with their security on the internet. Administrator accounts, and even full moderators, have a lot more power than what the average super mod does on boards. Even then, the last time this happened, the user accessed Super Mods to delete accounts and boards. This time it just seems to be regular moderators.

There's a lot I have planned for future functionality and features on the site. I think a lot of things need improved, reduced or removed as well as useful features people would actually use on a daily basis being added.

On a final note and a bit of a TLDR: The site itself was never hacked. The users were. To enforce tighter security, we're looking into 2FA for users for your own safety as this is the second time in two months where several people have been compromised over using the same password on multiple different services.

ImaproshamanImaproshaman, ShikenNuggetsShikenNuggets and 4 others like this. 
  PresJPolkPresJPolk

"For your own safety" -> "We'd rather lock out legitimate users because we've given up."

AlayanAlayan and PASRCPASRC like this. 
  KrayzarKrayzar
(edited: )

Quote

On a final note and a bit of a TLDR: The site itself was never hacked. The users were. To enforce tighter security, we're looking into 2FA for users for your own safety as this is the second time in two months where several people have been compromised over using the same password on multiple different services.

While I'll go to bat for anyone involved in the maintenance of this site, I find this a bit disingenuous. Users were hacked because there wasn't anything stopping them from using old passwords that are known to be insecure again and again. 2FA is needed, but more than anything else, enforcement of password changes needs to be a thing (as I think you are saying it is now after a re-read). If that was in place before, we wouldn't have had this happen again to some of the same folks it sounds like.

You can't trust users to follow good security practice. Everyone knows this. The responsibility for enforcing good security practice is always on the designers.

Patrick_Patrick_, ImaproshamanImaproshaman and 6oliath6oliath like this. 
  LivLiv
(edited: )

I don't think 2FA should be wiped off the plate simply because you can still find ways through it.

It's not as if the attacker in particular did anything except look up a few pw dumps from past compromises on other platforms. Extending that to "2FA isn't foolproof either" is kind of a jump, when there is an almost non-existent chance this user would've gotten into these accounts if 2FA was an option at least and was indeed enabled for them.

Patrick_Patrick_, ImaproshamanImaproshaman and 5 others like this. 
  KrayzarKrayzar

^ THIS.

Security is like onions and ogres. The more layers, the less likely an attacker is going to want to defeat it. It's a deterrent. Just because something CAN be defeated doesn't mean you don't bother to implement it. If that made sense then why bother to lock doors?

ImaproshamanImaproshaman, Bogdan_mkBogdan_mk and 2 others like this. 
  HowDenKingHowDenKing

Originally posted by Krayzarand ogres

I see, you're a man of culture as well.

CDRomatronCDRomatron, ImaproshamanImaproshaman and 2 others like this. 
  ShikenNuggetsShikenNuggets
(edited: )

Originally posted by PresJPolk "For your own safety" -> "We'd rather lock out legitimate users because we've given up."

Do you have an alternative in mind here or are you just complaining because you don't like 2FA

What you suggested earlier regarding better backups would be super helpful... for cleanup, once the damage has already been done. It does nothing to improve the security of the site, and it does nothing to prevent these problems from happening in the first place. Mandatory 2FA for game moderators would have completely prevented these situations, and would be a significant improvement on our current situation for security. The only reason it wasn't brought up sooner is because of the time/resource investment it takes to implement.

And sure, 2FA isn't a perfect solution. Sure, it can be beaten (like any security system), and sure, in certain (relatively rare) circumstances it can indeed cause problems for legitimate users. Still a hell of a lot better than having moderator accounts compromised and various leaderboards vandalized frequently (and the obvious vandalism is just what we know about). So unless you have a better idea, this is the way to go.

KrayzarKrayzar likes this. 
  FaschzFaschz

Don't listen to PresJPolk, i'd find it hard to believe anything that comes out of his mouth since the initial leaderboard discussions a long way back.

 
  BenInSwedenBenInSweden

Originally posted by PresJPolk
"For your own safety" -> "We'd rather lock out legitimate users because we've given up."

What legitimate users would be locked out? with TOTP (Google Authenticator, etc), if someone is on mobile then they have apps available on mobile for TOTP, if they're on a desktop they can use their mobile device, or there are desktop applications like WinAuth for Windows, or browser extensions that can be used to provider the TOTP codes.
This is less secure for an individual if their actual computer gets compromised, but that isn't the case here. So would go a long way to prevent the same thing from happening in future.

Yes better backups and partitioning of data would help with the recovery and localise only those boards affected, but as the old adage goes, prevention is better than the cure.

NoTeefyNoTeefy likes this. 
  KomradeKomrade

Quote

Don't listen to PresJPolk, i'd find it hard to believe anything that comes out of his mouth since the initial leaderboard discussions a long way back.

Whaaa I don't agree with someone on the internet!

It's kind of an opinion thread to gauge community interest in 2FA my dude

KrayzarKrayzar, ShikenNuggetsShikenNuggets and Bogdan_mkBogdan_mk like this. 
  VolvagiaVolvagia
(edited: )

After the redesign revision is complete there's talks of a mobile application, but, very early stages at this point in time as there's a few dozen areas for improvement, even in the redesign, before I look at this more. I sort of wish this was around to see a user count of those that don't have mobile phones or wouldn't opt to providing secondary verification to their accounts.

In regards to 2auth, security implementations won't be up for discussion at user level going forward that aren't articulate... also, if you engage in petty behaviour with either staff, or other users, in an immature fashion your opinion will be entirely discredited unless you're absolutuely on point with something grossly overlooked. Not trying to be mean here, but it's just how we're going to be treating things.

There's points of discussion when the community is very welcome to contribute, but this is slowly becoming a situation in this thread where the public opinion will be pushed away should the discussion keep going down this path.

KrayzarKrayzar and Tron_JavoltaTron_Javolta like this. 
  SanjihimuraSanjihimura

Again, I stress that 2FA shouldn't even be up for discussion here. It should be required for everyone, even if it is just Google Authentication.

However, since some of you have stressed on how easily 2FA can be defeated, I should add to the conversation that the only well-known case of 2FA being defeated is when Boogie2988 (a popular YouTuber) had his phone number spoofed by a hacker and the rest of his internet presence erased as a result. So while 2FA can be defeated, it is EXTREMELY rare and people who attempt to circumvent 2FA are themselves committing a crime (a few US crimes come to mind).

Anyways, I think that I am done in this thread. I made my point, and it would be beating a dead horse to proceed further in this thread.

 
  6oliath6oliath
(edited: )

Couple hypothetical questions...

1. Is it possible to check authentication not on every login but just when a user tries to save database data?

2. If 2fa ends up being at least a bit inconvenient to use and is only enforced for game mods, is there a plan to deal with game mods who create alternate non-mod accounts for day-to-day use like forum posts and browsing?

3. If you force game mods to use 2fa, will that extend to verifiers?

KrayzarKrayzar likes this. 
  AlayanAlayan

I'm a SuperMod for the board of the game I run the most. My account will never ever be compromised because of a bad password issue, I'm not a dummy, I can use a password manager and long secure passwords (with some cursing towards forced password changes thrown in for extra entropy).

There are talks here of forcing 2FA on everybody, or at least on all mods, because some careless users got their accounts compromised and boards were vandalized. 2FA is a big inconvenience and I'd really prefer to avoid it. I can connect to my github account with push access on a 1K star repository without 2FA. I can connect to my gmail account without 2FA. If those don't think they should enforce 2FA on me I don't think SR should either.

However, SR.com should have much more robust recoveries mechanism. It should not need a site-wide database rollback when the vast majority of boards are unaffected. At the november rollback I had to search for the videos of users who had submitted runs the rollback removed, in order to resubmit the runs for them. Effectively, the compromise didn't hurt our board but the rollback did.

Even outside of an account being compromised, what if a mod goes rogue and damages the leaderboard ? This is thankfully rare, as runners invested in a community don't want to forsake it, but it's not unheard of either. Currently, fixing the damages is a very difficult task. It should not be.

With proper per-board restore mechanisms, the site's staff having to do a lot of extra work after a compromise wouldn't be the concern it is now.

6oliath6oliath likes this. 
  ShikenNuggetsShikenNuggets
(edited: )

Originally posted by AlayanMy account will never ever be compromised because of a bad password issue

Famous last words.

Originally posted by Alayan2FA is a big inconvenience and I'd really prefer to avoid it

Too bad. Being a mod isn't convenient. Not wanting to be inconvenienced is a completely idiotic reason to not improve the site's security.

Originally posted by AlayanIf those don't think they should enforce 2FA on me

This is a logical fallacy. Just because a lot of other websites don't force you to use 2FA doesn't mean we shouldn't (honestly, a lot more websites should force 2FA but never will because all the lazy people would get mad at them).

Originally posted by AlayanSR.com should have much more robust recoveries mechanism

While I absolutely agree that better recovery methods (as well as vandalism prevention measures) would go a long way, it's important to note that leaderboard vandalism is merely a symptom of the real issue. Sure, we can make it easier to clean up when it happens so it's not as big of a deal, and we can limit the amount of damage that can be done, and we should definitely do those things, but ultimately the real problem is that moderator accounts are being maliciously accessed. That should not be happening. If we don't solve the problem at its source, this kind of thing is going to keep happening and keep being incredibly annoying and concerning to everyone who has to deal with it.

Regardless of how you feel about 2FA, mandating it for all game moderators would completely prevent these situations, and as they say, prevention is better than the cure.

blueYOSHIblueYOSHI, BenInSwedenBenInSweden and LonneLonne like this. 
  TimmiluvsTimmiluvs
(edited: )

Quote

2FA is a big inconvenience and I'd really prefer to avoid it. I can connect to my github account with push access on a 1K star repository without 2FA. I can connect to my gmail account without 2FA. If those don't think they should enforce 2FA on me I don't think SR should either.

Using Github and Gmail as examples of why 2FA is unnecessary kinda misses the point of 2FA. It also misses a key difference between the sites you mentioned and this one.

Rolling with your examples, a lot of major companies do require 2FA at an organizational level within Github because they want to protect their product’s code, but for singular, public repos outside an org, Github can’t mandate anything because it’s YOUR code. That’s the key part here - it’s your code, your data. Just like Gmail is your email and only your email. Getting either account compromised could be annoying for a lot of people, but neither of those sites can force you to protect YOUR data; it’s a personal choice. If it gets messed up, it’s your responsibility to clean it up or deal with the fallout.

This website is completely different. As a moderator, you’re touch OTHER people’s data. In other words, if your account get compromised it impacts data maintained by other people, not just you and that’s the key difference. If your Github account gets compromised and bad code is pushed or the repo is deleted, Github might help, but at the end of the day it’s on you to fix it. Github isn’t required to have robust ways to restore your stuff as a result of your own error, you take a personal responsibility for your own stuff. They just act as a place to hold it.

By saying that this site needs to get better backup procedures instead of making itself more secure is shifting the blame and the responsibility to the site rather than you as a user. You’re saying that you’d rather the site clean up your mess instead of forcing you to protect your account. Yes, better backup methods are needed to address one off cases like mod vandalism, but that is different than a large amount of super mods being hijacked. When your user account has the ability to touch and modify data that is not just your own, that’s when 2FA should be required. Your Gmail is your email, but this site, when you have moderator access, is much more than just your runs. That’s the key difference.

blueYOSHIblueYOSHI, ShikenNuggetsShikenNuggets and BenInSwedenBenInSweden like this.