Two Factor Authentication

Page 1 of 1 (10 items)
This post has 9 Replies | 0 Followers

Posts 17
Jay | Forum Activity | Posted: Sat, Nov 25 2017 8:09 AM

I hope this is the correct forum to make a suggestion/wish list for Logos. Would like to recommend that Logos implement two factor authentication for our accounts. Given that some of the information we store in online documents may contain sensitive info (prayer requests, etc.) would be wise for them to implement 2FA to help secure our accounts. Something like Authy would be great. Or even using the Logos mobile app to approve logins the way Google does.

Posts 2829
Don Awalt | Forum Activity | Replied: Sat, Nov 25 2017 8:34 AM

While we're at it, I am pretty sure our data is not encrypted on the data servers FL uses. That almost seems like a liability potential to me in this era, imagine some really sensitive newsworthy personal data being breached off of a FL server...from what we have seen in the news, do you think governments/authorities/Congress would consider that responsible?

Posts 10212
Denise | Forum Activity | Replied: Sat, Nov 25 2017 8:35 AM

Do they even scramble the user data?  'Security' has gone thru the forum wringer several times. Yawner for FL.

Plus, the upcoming new community prayer tool wouldn't work .... when you enter a prayer, Logos let's you know if others are praying the same thing. Very comforting.


Posts 1024
EastTN | Forum Activity | Replied: Sat, Nov 25 2017 8:48 AM

leafdrinker:

I hope this is the correct forum to make a suggestion/wish list for Logos. Would like to recommend that Logos implement two factor authentication for our accounts. Given that some of the information we store in online documents may contain sensitive info (prayer requests, etc.) would be wise for them to implement 2FA to help secure our accounts. Something like Authy would be great. Or even using the Logos mobile app to approve logins the way Google does.

I suspect that users have very different needs in this area.  Perhaps there could be a way to provide additional security for those features that involve sensitive data, but not for the basic research functionality of the program. If someone hacked into my data, they might discover my thoughts on Isaiah, but that's about it.  I'd really rather not have to go through a two-factor login every time I want to work on a paper or lesson.

Posts 17
Jay | Forum Activity | Replied: Sat, Nov 25 2017 8:53 AM

If it is indeed accurate that Logos does not encrypt our data, then that would be a more pressing issue. I would hope that Logos would take security more seriously - especially something as simple as data encryption. I would be shocked to learn that the data resting on their services is in the clear and not encrypted - especially this day and age.

With regards to 2FA, it would be optional, just like with other services like Google. Those who don't want the extra layer of security would simply opt not to enable it.

Posts 2829
Don Awalt | Forum Activity | Replied: Sat, Nov 25 2017 1:23 PM

leafdrinker:
If it is indeed accurate that Logos does not encrypt our data, then that would be a more pressing issue.

The last time I am aware it was discussed is in this link. It will probably be enlightening to read the whole thread although it is long, and there is well, a certain amount of vitriol tied to the posts at times 😳

You'll see that posters indicate and ask about encryption, and Bob chimes in on several issues, one quote being this:

So, if you take user privacy _really_ seriously, I agree you shouldn't store stuff in our Notes files.

As a result of that thread the only Notes I have in Logos are basically old clippings. Everything else I moved to another product. I also have no prayer lists, sermons or reading plans in Logos. I don't add any more clippings, while I have kept the old ones, all my new clippings since Bob's post go in another product (that has encryption).

As you'll see in the post, people associate data breach with pastors putting potentially illegal material in the cloud so if there is a breach it's their own fault, when in reality that is an important but incomplete view of the risks. What about the pastor who is reading up on abusive relationships because he is counseling someone, and that becomes public knowledge and becomes significant in some legal/marriage/custody battle...what if there are types of prayers that implicate people in a family or parishioners, because the pastor knows things someone is going through that at a minimum would be a great embarrassment if made public. Knowledge about any kind of interest in counseling topics might be tied too a prayer list, to some clippings, and all of a sudden the trust someone had in coming to a spiritual director, pastor, counselor, etc. has been violated. 

I am actually familiar with a case where it was exposed through a hack that a government official's teenage child was in alcohol rehab, and that was not previously made public, and quite the public chaos resulted. I am sure you can imagine scenarios where this kind of information exposure would be very damaging to a lot of people and in fact be valuable information to sway even elections. The reality is, most times privacy and security issues exist because people and companies have an extremely naive view of the ramifications of data becoming public until it happens to them. It frankly amazes me that in the age FL is so naive about security and privacy of user data, and what the ramifications would be if a breach occurred and it was discovered that available encryption by their cloud service provider was not used.

So it's up to the user to make sure there aren't any scenarios where anything you have stored on servers in Logos can't become an issue, embarrassment, or worse to you, your family, or anyone else. Good luck figuring that out (because you don't know everything going on in people's lives either).

I'll leave any speculating on the why's and how come's for FL's position to the reader, although Bob made it clear he doesn't see the need. This does make me shake my head why I cannot out of principle and risk store data in software designed to do so because the company places a higher priority on some of the features it currently releases while ignoring this priority. 

Posts 1714
Robert M. Warren | Forum Activity | Replied: Sat, Nov 25 2017 4:40 PM

Another login step would be just swell

Win 10 Android 9 Fire OS 5

Posts 981
Tom Reynolds | Forum Activity | Replied: Sat, Nov 25 2017 5:35 PM

I think Bob has taken a prudent step. If billion dollar companies can't keep their servers hack-proof why would Logos be able to do so? If Logos promised security and then were hacked they would be responsible. So by only offering credit card security (which is required to operate and defined by the credit card companies) they can't be held liable for any breaches.

I store nothing in Logos - no notes, no prayer items, no sermons; nothing except tags on books.

Posts 2829
Don Awalt | Forum Activity | Replied: Sun, Nov 26 2017 1:25 PM

Tom Reynolds:
If billion dollar companies can't keep their servers hack-proof why would Logos be able to do so?

Because they are using the cloud services of the best in the world, like Google, Amazon, IBM - I believe they use Amazon maybe someone from FL will jump in here. They are able to use the same security infrastructure as the largest firms in the world.

Tom Reynolds:
So by only offering credit card security (which is required to operate and defined by the credit card companies) they can't be held liable for any breaches.

You can't really believe that - do a little Google searching. 😁

Posts 10212
Denise | Forum Activity | Replied: Sun, Nov 26 2017 2:10 PM

Each user, who didn't press the Cancel button (wherever that was) agreed to:

"DO NOT STORE HIGHLY CONFIDENTIAL INFORMATION IN THE SOFTWARE. The Software is designed for consumer reference and study purposes, and while we will take all precautions to protect your data, we cannot ensure the level of security you would expect from online banking or other highly secure services."

Now, Marketing said not to worry:

"Welcome to Your Faithlife. Make yourself at home. Your private groups, intimate fellowships, and biblical community now have a place to live online."

This means, not 'too' intimate. And no 'too' private either. In fact assume the public (and FL technicians) can at some point see everything (the same assumption as outside FL).

It's like the signs in your hotel room. Not responsible for anything that might go wrong.


Page 1 of 1 (10 items) | RSS