Page 1 of 1 (7 items)
This post has 6 Replies | 0 Followers

Posts 164
DivineCordial | Forum Activity | Posted: Sat, Apr 17 2021 12:14 PM

Are there any plans to add two factor authentication for account login?

If so, please prioritize authentication apps over SMS (SMS is considered insecure).
Also, please allow the ability to use multiple authentication apps / multiple devices (some sites only allow for one authentication which hinders having backup devices for authentication).

Logos 9 | Faithlife Connect Essentials
27" Win10 (21H1) AMD FX-8350 (4GHz) 16GB DDR3 2x500SSD 1x240SSD 2x3TBHDD
rMBP13" macOS 10.15.7 i7 (2.9GHz) 8GB DDR3 512SSD
iPadPro (2020) iPadOS 14.6 | iPhoneXR iOS 14.6

Posts 772
Kevin | Forum Activity | Replied: Sat, Apr 17 2021 12:42 PM

Bradley responded 6 months ago about similar for your perusal.

https://community.logos.com/forums/p/195561/1131356.aspx

Posts 234
Pater Noster | Forum Activity | Replied: Sat, Apr 17 2021 4:08 PM

Which is why I never have prayer lists, specific sermons (like funerals), Bible notes with any specific info on people/places/activities, or anything else inside Logos/Verbum that is personal or I would care about if it's hacked.

This is one of the worst platforms in today's world with regard to security. Last I saw any discussion on the topic, there was no encryption of the server-side - so a hack there exposes everything whether or not your password has been compromised. When I found that out, that was the day I deleted all my prayer lists.

I read the old posts, this is really 1990 thinking about security and is reprehensible imho for a suite of apps/platform that potentially contains extremely sensitive information for what, hundreds of thousands of users? Maybe more? Do you think this is not of interest to hackers? "I pray that the son of our governor, Todd, will overcome his addiction to drugs before it is too late..."... "To Jane, who I hope doesn't lose her job at XYZ Corp. and lose her family due to the adulterous affair she can't extricate herself from...please Jesus, give her strength..."

To comment on the linked post -- to say that the people most interested in 2FA already use strong passwords is naive.

DO NOT leave any personal data in Logos/Verbum that you would care about if it became public. You will be sorry. This is an insecure platform by any measure in today's world.

Posts 5551
SineNomine | Forum Activity | Replied: Sat, Apr 17 2021 7:44 PM

Pater Noster:
To comment on the linked post -- to say that the people most interested in 2FA already use strong passwords is naive.

May I comment that the people most interested in security don't put sensitive information in cloud-sync'd documents before verifying that their data is and will remain at least reasonably secure? Wink

Pater Noster:
DO NOT leave any personal data in Logos/Verbum that you would care about if it became public. You will be sorry. This is an insecure platform by any measure in today's world.

Good advice. Ideally, one wouldn't leave any sensitive personal data even in documents, online accounts, etc., that are significantly more secure than Logos/Verbum.

But, in the end, unless the recent frequent significant compromises of important databases run by billion dollar corporations and first world governments has changed things, most significant data breaches and instances of fun stuff like identity theft come from individual users compromising their own security by doing very silly things.

Posts 234
Pater Noster | Forum Activity | Replied: Sun, Apr 18 2021 4:15 AM

SineNomine:
May I comment that the people most interested in security don't put sensitive information in cloud-sync'd documents before verifying that their data is and will remain at least reasonably secure? Wink

Actually, originally FL communicated that their servers were AWS, Amazon Web Services, which is extremely secure. Later, it came out that the back end encryption capability that AWS offers was not being used by FL, new information. That's when people "most interested in security" Wink now felt the solution was no longer sufficiently secure.

SineNomine:
most significant data breaches and instances of fun stuff like identity theft come from individual users compromising their own security

This is false, the numbers are staggering in pointing the other direction.

Here is the list of COMPANIES MOST HAVE HEARD OF, with backend data breaches since 2019 (this does not say on whose servers data resided on):

Facebook - 540 million users data compromised

MGM Grand - 10.6 million users

Jetstar - 9 million users

Marriott - 5.2 million users

Zoom - 500,000 users

Magellan Health - 365,000 users

Nintendo - 300,000 users

There have been at least 52 reported backend data breaches that I have recently seen, and my list here does not include some very big breaches like the 2 Yahoo data breaches in 2017 and 2018 that compromised a combined 3.5 billion users. There are simply not billions of users having their personal data compromised through their own mishandling of passwords.

Posts 5551
SineNomine | Forum Activity | Replied: Sun, Apr 18 2021 12:58 PM

Pater Noster:

SineNomine:
most significant data breaches and instances of fun stuff like identity theft come from individual users compromising their own security

This is false, the numbers are staggering in pointing the other direction.

Don't quote me out of context, please:

SineNomine:
But, in the end, unless the recent frequent significant compromises of important databases run by billion dollar corporations and first world governments has changed things, most significant data breaches and instances of fun stuff like identity theft come from individual users compromising their own security by doing very silly things.

Emphasis added.

I can't be bothered to either attempt to guess or to research the number/percentage of the major breaches that come from individual users with admin/elevated access compromising their own systems' security by doing very silly things, but I know it's non-zero.

Posts 234
Pater Noster | Forum Activity | Replied: Sun, Apr 18 2021 4:15 PM

Time to leave these forums. Bye.

Page 1 of 1 (7 items) | RSS