search

2factorauth / twofactorauth

List of sites with two factor auth support which includes SMS, email, phone calls, hardware, and software.
https://2fa.directory
Other
3.39k stars 1.78k forks source link

Please add Nationwide Building Society (UK), and MacRumors #1514

Closed MaplesThroughWindows closed 8 years ago

MaplesThroughWindows commented 8 years ago

Let me say that I'm afraid I have no intentions of learning how to submit pull requests at this time. Please accept this submission and request as an attempt to improve the accuracy of the list (which is a fantastic idea), and don't attempt to encourage me to apply the changes myself. It won't happen at any time in the foreseeable future. I've no intention of offending with this statement, but I think it's important to have said it to prevent time being wasted.

That said: please add Nationwide Building Society (UK) to the list of Banks that offer 2FA. Though, I should say that their setup is slightly odd, and may only constitute 2FAuthorization. Customers with Current Accounts are supplied with a portable Chip-and-PIN reader, into which they must insert their Current Account Debit Card and provide the PIN, before receiving a OTP to supplement their username and password on login. However: the OTP process can be bypassed by supplying Memorable Information instead, allowing customers to view account details. In this case, certain actions are prohibited to them unless they use the OTP method to authorise further: downloading a PDF statement; sending a secure message; etc. I leave it to list maintainers to decide whether or not to include this.

MacRumors offer 2FA for their Forums, does this count as, "Social"? If reddit's on that list then surely it must. Software-Based token OTP (eg. FreeOTP) and email-based OTP is supported.

Finally: Steam specifically refer to their Steam Guard Mobile Authenticator 2FA as "two factor authorization". Is that simply a misuse of the term, or should they be removed from the list? Screenshot attached:

img_0235

Carlgo11 commented 8 years ago

Hello @MaplesThroughWindows, Thank you for the kind words.

I'll respond to your questions based on the order you wrote them.

Nationwide Building Society

Many other companies have similar setup and I would say they're using 2FA. I'll submit a PR for you right away :wink:

MacRumors

Same thing. I'll add it to my todo list.

Steam

Steam's Steam Guard Mobile Authenticator layout is similar to many other companies 2FA implementations. I don't see why it wouldn't be seen as 2FA. It's a time based OTP with a secret stored on the user's phone. Just like Google Auth or Facebook's code generator.

Thanks!

//@Carlgo11