Jump to content

neil

Admin
  • Content count

    2,166
  • Joined

  • Last visited

  • Days Won

    42

Everything posted by neil

  1. neil

    Forum Security

    As @Hemmers mentioned, Authy is an alternative to Google Authenticator, and it also supports multiple devices including iOS, Android and any desktop which runs Google Chrome web browser. I currently use Google Authenticator but the point is, there are many options out there for you to choose from.
  2. neil

    Forum Security

    Hi all, We've enabled what is called Two Factor Authentication (2FA). Some of you will have seen this in your online banking and other similar systems where by a username and password are 'complimented' with a One Time Password (OTP). Some systems will call you, some will send you an SMS to your mobile and you then enter a code into the website to complete the login. We've opted for Google Authenticator (you can use alternative similar Authenticator tools also) which is free for you to install on your mobile/tablet and there apps for your PC too. Why are we doing this? Sadly in the world we live in today, more and more crime is done online and these unscrupulous individuals are always looking for data on their victims which they can use against them. We want to ensure you continue to enjoy a safe environment on our forum, and make sure your account is as difficult as possible for someone to compromise. How do I enable 2FA on my stirton.com account? Go to your Settings and re-authenticate with your password Download Google Authenticator from the Android or Apple store on to your mobile device (preferred route, alternatively you can Google how to get it on to your PC/Mac/Linux device) When in Google Authenticator, the easiest way is to click on the + symbol and let your mobile device's camera take a picture of the square QR code on screen. This will automatically set up forum.stirton.com within the app, and will give you a 6 digit code. Enter the 6-digit code you see within Authenticator into the dialog box on the forum and "Verify Code" You should now have protected your account. Are we making this mandatory? At present, no. This is an optional security measure for those of you who wish to benefit from it. That's not to say that we won't make it compulsory in the future, depending on if we see any attempts on security from said aforementioned unscrupulous parties. Many thanks Neil
  3. neil

    Forum Security

    If you're wanting to have the 2FA setup on multiple devices, don't use the QR code on screen. Instead, you'll need to take a note of the number (seed) which the server generates and manually setup a new 'account' within the Auth app on each device. Been a while since I coded in COBOL too
  4. neil

    Forum Security

    OK, so if you're formerly from the IT industry, then I can talk technical. A server, in this case my server, will give you seed data which you enter into the mobile app on your phone's Authentication app. There are two common algorightms used for then generating a unique code. Both your device and my server have to use the same algorithm (HOTP or TOTP - both open standards) so that the server will be able to take the seed data, apply the alogorith at the time you submit your data and check if what you've supplied matches what it has calculated. i.e. your device can be offline, as the generation of your code is done purely by a mathematical alogrithm, and only your device + server know the 'seed' Many sense? Some reading for you - https://pthree.org/2014/04/15/time-based-one-time-passwords-how-it-works/
  5. neil

    Forum Security

    Hi Peter Regarding your question of accessing the forum when on holiday, if you use your phone as the "One Time Password" generator using Google Authenticator, Authy, LastPass Authenticator (the list of options goes on....) then you would: Go to the local library Browse to https://forum.stirton.com Login with your normal username and password Using your mobile, open the authenticator app and when asked by the forum, enter the 6 digit number that shows on your screen. You're logged in
  6. neil

    Forum Security

    Probably not even that long, especially when you live in Authenticator apps all day, every day, for connecting to your various clients to support their environments Doing work for the banks has some of the strictest controls in place with needing to be on a VPN which uses 2FA to connect, requires device certificates on approved hardware only and then complex passwords to boot.... Data ex-filtration is their worst nightmare, and you only have to look at the Spanish company who bought TSB and the 'joys' they've been experiencing the past couple of weeks post migration work gone wrong!
  7. neil

    Forum Security

    Hi Peter, I have to chuckle slightly in the irony in the other thread whereby there's all this discussion about GDPR and here you are saying " Making it even more difficult and you will continue to have sub forums that have not been posted in for many years." One of the key objectives behind GDPR is security of PII, and that includes but is not limited to "encryption in transit", "encryption at rest" and the security mechanisms in place for users accessing said information. The whole point of offering 2FA is to safeguard our users because let's face it, we all know someone who uses weak passwords and never changes them and therefore they are a prime target to have their account compromised. By enforcing 2FA, even if a member has a weak password then it is fairly useless to a hacker how obtains said password unless they also physically manage to get hold of the members' mobile/authentication device. I'm afraid that I need to protect the overall membership data, and myself, with the looming GDPR regulations coming into effect in 2 weeks on Friday, even if that means some unhappy campers ... you can thank the EU for these additional security measures which some may see as headaches
  8. neil

    Forum Blocked

    I tried contacting Talk Talk but they said that each customer would need to contact them and request to have the Home "Security" feature disabled to get around it .. they did not seem interested in listening about reclassification.
  9. neil

    Forum Security

    @tmiklas - thank you https and 2FA, both of which I should have done a long time ago but a few shooting competitions got in the way
  10. neil

    Forum Security

    Peter, the forum has been running for 16yrs, and when it was first started there were a number of people trying to join and advertise rubbish which was nothing to do with shooting. So yes, I put in the sign-up phase to try keep it to genuine shooting enthusiasts.
  11. neil

    Forum Security

    John, No mobile phone? You don't need to view the forum on your phone, it simple acts as a password generator and gives you a code - far easier on your mobile. Otherwise, there are a few options but you'd really need to Google "Google Authenticator Windows" and see which fits your needs best. At present, it's an optional security measure to prevent anyone logging in pretending to be you. Thanks Neil
  12. neil

    Forum Security

    In this case, 2FA isn't something which they're storing anything on you. It's a free tool which generates a code valid for 30/60s Sorry you feel like that but security of personal information is paramount to us.
  13. neil

    Tabular vs Grid Layout

    Which do you prefer in terms of layout?
  14. neil

    Login Insecure

    Hi @iRommel Apologies, I missed this post last year 😳 We've enabled https now which should address this. Thanks Neil
  15. neil

    Tabular vs Grid Layout

    That's the Tabular format (i.e. the previous format) ... thanks for confirming. @David Levene - When you get a chance, can you please confirm if you're seeing the old tabular or grid layout? Thanks both
  16. neil

    Tabular vs Grid Layout

    Looks good to me Plus that's the actual thread, what about when you go up a level to where the topics are listed? Thanks
  17. neil

    Tabular vs Grid Layout

    @David Levene Could you try clearing your browser cache? Open a new Incognito Window (Firefox for example, Ctrl-Shift-P) and do you go back to the tabular view? @TenMetrePeter Can you upload a screenshot for me please?
  18. neil

    Upgrading The Forum

    Forum upgraded to latest release.
  19. neil

    Upgrading The Forum

    Well folks, I'm always keeping an eye out for security patches etc for the forum but it appears that a couple of days ago, Invision, the developers of this forum have finally revoked support/downloads for the free version of this forum. There are quite a few options as I see it and would like some feedback from you, the user. The three most popular boards/forums should you care to have a look: www.invisionboard.com - IPB (current) www.vbulletin.com - VB www.phpbb.com - phpBB (used to run that for this forum) Obviously, taking the current users and posts to a new forum is a major consideration (there are however normally scripted means for doing this) and exactly how much time and effort this is going to take, and what it's going to cost! Version 3.1.0 of VBulletin (still to come) is looking good but Invision's new version 2 of the forum is packed with features also... and an additional photo gallery can be purchased and bolted on to the forum direct. There will most likely be a cost associated with licencing the new forum (if one of the above options are chosen). The options I see for covering this cost would be to: - Allow some small adverts from shooting related companies/individuals to help cover the costs. - Get sponsorship from one or two shooting companies for the whole forum. - Ask for small donations from the members - Ask for a sign up fee (don't really like that idea - the forum is supposed to be free). I'm looking for constructive feedback and ideas from you guys in order to keep improving the forum and attract many more members from the shooting world! Thanks Neil
  20. neil

    Forum Blocked

    Hi Phil Did you complain to them? Did they even reply? Thanks Neil
  21. neil

    Tabular vs Grid Layout

    David, it was done back in Feb
  22. Hi, Got a friend's .22 Crossman air rifle for sale ... needs some TLC as currently firing with low power (I've not had a chance to look at it) £60 ono.
  23. Hi all, A friend of mine has a .22 BSA air rifle for sale. There are a few scratches on the woodwork but otherwise in good nick. It was £320 2yrs ago, and he's looking for £160.
  24. neil

    Meyton target for sale

    Hi Mary Drop me a note via PM of when you'll be in Edinburgh. I am unlikely to be there of a weekend but working down there Tue-Thu at present. Sure we can arrange something.
  25. neil

    Tabular vs Grid Layout

    Back to the old layout we go
×