Multifactor Authentication


#1

Has anyone had experience with this? Do you like it? Does it really help?

One specific question I have is about the effect of this on FTP access. Most hacking attacks I have seen are file system attacks. Will this help to prevent FTP attacks?

THanks
AP


#2

It will not change your ftp login, just the panel. I use it and it works very nicely. I had an employer previously that also used it, and we never had problems at all.

For ftp/shell login I set up passwordless login and then changed all my shell/ftp passwords to very long random strings. If I ever actually need to use them again I can just use the panel to change them back to something known.


#3

Same, I’ve never actually had an issue, but it doesn’t hurt to keep yourself protected.
I quite like the google authenticator thing and I might try and find a use for it in one of my net projects,
but the first thought that crossed my mind when I saw MultiFactor Authentication was the World Of Warcraft authenticator… I was like “I dont have to buy an authenticator do i…” but nah… a free app on my well used iphone does the trick nicely :slight_smile:

I don’t bother with super long strings for passwords… just inconvenient when I need to get access.
My passwords generally are something meaningful written in another language xD


#4

MFA is great, but the best way to securely access your files and such is to cut the cord with ftp. Use sftp instead, and for even more security, set up ssh keys and put a password on your private key. You’re then securely authenticating to the server, never sending a password (encrypted or not) over the wire, and sftp is an overall better file transfer protocol than ftp :slight_smile:

https://hkn.eecs.berkeley.edu/~dhsu/ssh_public_key_howto.html

additionally, just google “ssh public key authentication” and you’ll find tons of resources.


#5

What about using .htaccess files to protect file access? Our site is a large WOrdpress site, and I’ve been looking at possible plugins to help prevent hacking. Bulletproof is a plugin that puts .htaccess files in every directory.

[quote="kitchen, "]


#6

[quote=“apalmer123, post:5, topic:57913”]
What about using .htaccess files to protect file access? Our site is a large WOrdpress site, and I’ve been looking at possible plugins to help prevent hacking. Bulletproof is a plugin that puts .htaccess files in every directory.

This is really a completely different topic than the OP asked to discuss. Rather than hijack this thread you should open your own. :slight_smile:


#7

I am the OP, but will do as you suggest. Thanks.


#8

Haha, sorry about that. Should have scrolled up and looked, I thought someone was jumping in to change the subject :slight_smile: