Pages 1 | | |
Author
|
Topic: Account security (Read 1224 times)
|
«Avenger»
Operator

Posts: 8
|
Account security 14 Aug 2015, 09:16AM
|
|
As a matter of policy Frontier does not disclose details of how it protects sensitive information as the dissemination of such details can itself be a security risk. (Emphasis added) Security through obscurity is no security at all; a cryptosystem is just as secure if you know its details. In that vein, we are happy to share the details of our security.
The account database uses stretched and salted, cryptographically hashed passwords: Additional security considerations: Needless to say, we can't tell you your password if you forget it. But you can change it yourself.
Avenger's Tremulous stuff site Tremulous map site (or a list of Tremulous maps and mods)
|
« Last edit: 30 Mar 2020, 07:24PM by «Avenger» »
|
Address logged
|
«Avenger»
Operator

Posts: 8
|
How this site measures against NIST's rules 21 Aug 2016, 02:42AM
|
|
Stop making users jump through hoops that don't improve security There are very few specific rules about what characters are allowed or required, or length, just that you cannot use "common" passwords
Require passwords to be at least 8 characters long It is impossible for this site to determine how many characters were used. It does nevertheless try to encourage you to use at least 4 characters
Accept passwords with maximum length of at least 64 characters If Javascript is enabled in your browser, your password can be arbitrarily long. If Javascript is disabled, your password can still be at least a few thousand characters long.
Check passwords against a list of known-bad passwords This website prevents the use of about 5 million known-bad passwords. That can be expanded arbitrarily (importantly, without noticeably impacting performance).
No composition rules (e.g., "must include special characters") This site never had and never will have composition rules
No password hints Ditto
No "knowledge-based authentication" (e.g., "your pet's first name") Ditto
No expiration without a reason Ditto
Recommendations HMAC-SHA family As described above, passwords are hashed using SHA-2, but not HMAC compliant
PBKDF2 with at least 10,000 iterations As described above, passwords are stretched with the equivalent of 32,768 iterations of PBKDF2 (because each PBKDF2 iteration actually does two hashes), but key derivation is not PBKDF2 compliant. Previously, the equivalent of 8,192 iterations of PBKDF2 were performed
Do not use SMS as a second factor for two-factor authentication SMS has been disabled as a second factor
Avenger's Tremulous stuff site Tremulous map site (or a list of Tremulous maps and mods)
|
« Last edit: 13 May 2019, 11:53AM by «Avenger» »
|
Address logged
|
«Avenger»
Operator

Posts: 8
|
Two-factor authentication 30 Nov 2017, 09:24AM
|
|
Two new methods have been added for two-factor authentication- Authenticator app
This works with Google Authenticator or compatible programs - Email
Codes will be emailed to you
Avenger's Tremulous stuff site Tremulous map site (or a list of Tremulous maps and mods)
|
« Last edit: 30 Mar 2020, 07:29PM by «Avenger» »
|
Address logged
|
Pages 1 | | |