Google authenticator is easy to set up on android. Works fine for me.
On Sat, Jan 31, 2015 at 1:26 AM, Jonathan S. Shapiro <[email protected]>
wrote:
> All:
> I've been silent on the list for the last three (or so) weeks, and I
> thought it might be polite to say why.
> Every so often I decide to resume or initiate a major project. Whenever I
> do, I think to myself: "Wouldn't it be nice to be able to engage the
> community of people who share these interests in a more interactive way? It
> would really help to have a mechanism to accept and incorporate comments,
> engage in discussions, and curate the results. Down the road it would be
> nice to capture the opinions and experience of the community good and bad."
> Every time this comes up I look into the state of CMS software. The
> proximate cause this time was that I wanted to develop the next draft
> specification for BitC publicly in such a way that all of you might
> contribute comments, critiques, and annotations.
> BitC cannot succeed as an *n*-man show for small *n*, and certainly not for
> *n*==1*.* If we are going to build an ecosystem, we need a persistent place
> for ddebate, discussion, [dis]agreement, convergence, and curation. Mailing
> lists work well when the discussion is "alive", but they don't provide a
> way to curate and summarize conclusions in actionable form.
> I have spent the last three weeks bringing up test deployments of
> Wordpress, Joomla, and Drupal. All three have improved dramatically since
> my last look. All three suffer from inadequate architectural coherence. All
> three suffer from security concerns as a consequence. It appears to me that
> it is now possible to put up an interactive website with a tolerable
> investment of administrative effort. It now appears plausible that Drupal
> can do the job, and can be deployed without substantially greater risk than
> the existing portfolio of Mailman+OSDoc. I've even found a few themes that,
> with minor modification, don't suck. :-)
> The main threats to a content management system are penetration and spam.
> When plugins are chosen judiciously, the risk of penetration seems
> manageable. Spam is endemic, and I simply don't have time to deal with that
> by hand. Passwords are now a lost cause from the standpoint of brute force
> attacks in any case, so here is my notional plan.
> I propose to set up a site having three roles:
> 1. Readers, who do not require authentication. Readers cannot comment.
> 2. Community: Those who participate in forums (discussions) and may
> comment on documents. Requires authentication.
> 3. Participants: Those who have an active role in the project, either as
> authors, as curators, or as code contributors.
> If you're on the mailing list, you'd fall under "contributors", but I'm
> very hopeful that many of you will seek to be more active "participants".
> Because of the "comment spam" issue, and the problem of brute-force attack,
> I have in mind to require two-factor authentication using Google
> Authenticator. GA is a time-based one-time pad. On login, you enter your
> user name, password, and one-time number provided by an app running on your
> phone, ipad, or desktop. This eliminates password phishing sorts of attacks
> at the risk of requiring a smart phone or a tablet device (or a PC). In my
> opinion, it's a relatively mild pain in the butt at login time in exchange
> for a pretty effective defense against brute-force attack and spam. To be
> honest, I'm not sure that the actual password serves any useful purpose. :-)
> My initial plan is to bring up the drupal site at bitc-lang.org, migrating
> the legacy content into a sub-tree. Once this is complete, the mailing
> lists should be frozen for archival purposes and discussion should move to
> the forums.
> I apologize in advance for the inconvenience of two-factor authentication.
> Other sites have been overrun, and I'd rather spend my time on BitC than on
> site administration. My suggestion is to log in once with TFA and keep a
> window open. That way you won't be prompted. My personal experience with
> Google Authenticator has been more palatable than I expected
> If Google Authenticator won't work for you, I would very much like to know
> ASAP!
> shap
_______________________________________________
bitc-dev mailing list
[email protected]
http://www.coyotos.org/mailman/listinfo/bitc-dev
