Distinguish services which support open standard

[MufriA]

Please add new column or different icon to show services which supports open standard(HMAC-Based One-time Password (HOTP) algorithm specified in RFC 4226 and the Time-based One-time Password (TOTP) algorithm specified in RFC 6238) which Google Authenticator and others apps implements.

This distinction will help users to identify whether he can easily enable 2factor auth or needs to install new app to enable it.

Services like paypal and battle.net supports 2 factor auth using proprietary logic.

In present software implementation column we can show Google Authenticator icon to show open implementation and tick icon for others.

[mxxcon]

Are you talking about providers section or regular services?

[MufriA]

@mxxcon regular services

[MufriA]

@mxxcon actually it can be added to providers section too, so that users will know whether the provider can be used where google authenticator is used

[mxxcon]

We actually changed site's structure to move away from listing specific implementations for regular services. See #208 for background.

[MufriA]

I understand, improving software implementation column to display open or closed will help users to identify compatibility with the app they already use.

right now only option to check this is after visiting the site and move to setup 2factor process.

On Wed, May 14, 2014 at 11:23 AM, mxxcon notifications@github.com wrote:

We actually changed site's structure to move away from listing specific implementations. See #208 for background.

Reply to this email directly or view it on GitHub: https://github.com/jdavis/twofactorauth/issues/493#issuecomment-43044911

[smholloway]

I don't think there's a clean way to achieve this. For example, how many users know what "RFC 6238" is? I'd wager it's less than 1%. The terms "TOTP" and "HOTP" aren't much better. So, then we need to explain RFC 6238 and one time passwords, and now the scope of twofactorauth.org has increased 10x. Niche ideas like this will diminish the usability of the site. Users don't need to know the implementation details of a site's 2fa.

[MufriA]

That's the point, users who use 2factor will know Google Authenticator, displaying Google Authenticator icon will help them to identify that this website supports Google Authenticator and will encourage them to enable 2factor.

On Wed, May 14, 2014 at 8:54 PM, Seth Holloway notifications@github.com wrote:

I don't think there's a clean way to achieve this. For example, how many users know what "RFC 6238" is? I'd wager it's less than 1%. The terms "TOTP" and "HOTP" aren't much better. So, then we need to explain RFC 6238 and one time passwords and the scope of twofactorauth.org has increased 10x. Niche ideas like this will diminish the usability of the site. Users don't need to know the implementation details of a site's 2fa.

Reply to this email directly or view it on GitHub: https://github.com/jdavis/twofactorauth/issues/493#issuecomment-43095081

[mxxcon]

@MufriA what about users that use some other type of 2fa? should we have a separate icon for them too?...and we'll keep adding more and more icons and columns. I think keeping it vendor/implementation agnostic ensures the site doesn't give unfair advantage/preference to one client over another.

[astec-mw]

@mxxcon I agree.

[jdavis]

While I think it's great to be ambitious in our goals of providing information that is useful to 100% of the people, I don't think that's possible.

I think that the work @smholloway did with #208 was the best thing for the site and the best compromise.

I love open standards but I don't think it is the fight we should focus on. Thanks for the concern though.