2 Factor Authentication on 0x00sec

(Not a N00b, but still learning) #1

Hi Guys,

I’ve been lurking around here for some time now, and I have only now realized that there is no 2FA Implementation on 0x00sec! Either I’m totally stupid :grin: and can’t find the setting, or this feature has to be implemented. Maybe some OTP that I can add to my Google Authenticator?

Do we need 2 Factor Authentication?

  • Of course! I am paranoid and can’t live without it :slight_smile:
  • I don’t care about my security! YOLO :stuck_out_tongue_winking_eye:

0 voters

Looking forward to your thoughts,


(oaktree) #2

Hi. This is another great suggestion. We’ll have to look into what our forum platform provides for us first… Thank you.

1 Like

(Leader & Offsec Engineer & Forum Daddy) #3

I would love 2FA! One issue though… Discourse. I will look around, but I’m not sure we’ll be able to get this working on Discourse. We can all request it from the Discourse devs though.

Nice suggestion though!

1 Like

(Not a N00b, but still learning) #4

Yes, that could indeed be a problem. It would generally be nice to look at getting the authentication to a (self hosted) SSO server, because then we could even integrate gitlab with it! :slight_smile: https://meta.discourse.org/t/official-single-sign-on-for-discourse/13045

1 Like

(Leader & Offsec Engineer & Forum Daddy) #5

This is a very good idea. @oaktree thoughts?


(Not a N00b, but still learning) #6

Of course it would mean a bit of work, but it would be a long-lasting clean solution :smile:


(Leader & Offsec Engineer & Forum Daddy) #7

Or this https://github.com/discourse/discourse-oauth2-basic

1 Like

(Not a N00b, but still learning) #8

Looks decent! Does this mean we would need a own oauth server or rely on a third party?


(Leader & Offsec Engineer & Forum Daddy) #9

I think a 3rd party would be better for stability, where as I think a self-hosted solution would be better for the privacy of the users - my only worry is that I don’t think we have the processing power.


(Not a N00b, but still learning) #10

Valid points! I’m looking to donate 50€ as a Christmas present :slight_smile: Just have to figure out how to get the money to you anonymously. How much do you actually need per year to keep the site running(at a normal performance level)?


(oaktree) #11

If you want 2FA now, you can register on this site with OAuth with GitHub.


(Leader & Offsec Engineer & Forum Daddy) #12

Wow! That’s very kind! We have Bitcoin payments at the present, and will need to re-organise PayPal as well as I’ve caught word it isn’t working.

I pay personally for the VPS which is $20 per month. 20x12 = $240. Donations are pretty slim although we’ve had some very kind people donate! The current donation tally is about £10, ever. There are £30 worth of referral credit, however we can only use that once we’ve reached £100 worth of referrals.

The intention of 0x00sec was never to make money, I spend money and time on this because I care about the community and it would kill me to see it go. Donations really do help though! So thank you anybody who decides to donate!