Two Factor Authentication

karit · June 10, 2013, 8:42pm

Are there any plans for Two Factor Authentication? Preferably based on something compatible with the Google Authenticator App? https://en.wikipedia.org/wiki/Google_…

Jared_S · August 8, 2013, 12:09pm

I am also interested in Two Factor Authentication, at least as a premium feature because it is a non-trivial task to implement. I don’t know of any web based RSS readers that offer this feature, so it would a unique selling point for NewsBlur.

ksatirli · August 8, 2013, 2:34pm

I’m interested: what do you see as the added advantage of having MFA in Newsblur?

The fact that you suggest it, to me, suggests that you are not the kind of user that would use the same password on multiple sites, meaning if your Newsblur account were to be compromised, you would not have to fear for your complete online persona.

Given the social aspect of Newsblur, some people are already able to see what you read (and yes, I know: some people are not EVERYONE) and of course: I do understand why you would want to protect your reading list with a single factor, but I’d love to learn why you would want two, other than that it is a USP *

keeping in mind that the dev team of Newsblur is in the single digits and has a sizable backlog of other features to work on

samuelclay · August 8, 2013, 4:46pm

Hey, if features didn’t cost me anything to build, I’d have 2FA in as an option. But it’s not compelling enough to go before my other feature priorities (offline is shipping soon, saved story tagging and the batch organizer are next).

bitsculptor · August 8, 2013, 11:48pm

I feel pretty strongly about the need for 2FA on any account that holds private information or retains digital content for me. (It drives me nuts that Amazon doesn’t have it for their cloud-based consumer offerings.) Even so, I’m not even sure I’d bother enabling it on NewsBlur, even if you had it. There really isn’t much damage to be done if someone did get my password.

My personal take aside, I read an article on VentureBeat recently about a company that offers free 2FA service on a couple of platforms. I doubt those apply here, but in the article it mentioned a couple of open source projects dedicated to the feature: dynalogin and wikid.

Here is the article: http://venturebeat.com/2013/07/18/swi…

denubisx · August 9, 2015, 7:30am

I’d like to ping this again, just to make sure it doesn’t drop off the bottom of the feature list. 2 years in here are some resources (just in case it suggests changes in time investment priority):

* https://www.twilio.com/blog/2013/04/add-two-factor-authentication-to-your-website-with-google-authen…
* https://github.com/pyotp/pyotp
FIDO Server libraries

On the other hand, I can imagine the cust-service fun that this generates, so… hopefully these resources are grist for the mill.

Technicalleigh · June 11, 2016, 6:39pm

I would absolutely enable 2FA if it were a premium feature for Newsblur. I consider my full list of subscriptions and saved stories to be private and very revealing (even considering how much I share on the platform). And while the social community here isn’t enormous, I’d still be plenty upset if someone were to use my account for saying nefarious things.

(Plus I suspect Newsblur has a much more tech-savvy audience than a typical website/app, full of people who appreciate better security.)

David_Ross · December 7, 2017, 12:59am

Is there any chance this could be revisited? I just noticed that the homepage doesn’t automatically redirect over to HTTPS, which could be an issue with new/upcoming versions of Chrome & Firefox.

Josh2 · December 8, 2017, 5:19pm

David, if you want it to use HTTPS you can enable that in the Preferences, General tab, SSL section.