Sync Security!
-
suppliedrelic last edited by
Is this something that is coming? Should really be standard at this point. I at least want a prompt if someone is trying to log into opera with my account and it is not me....
I would expect the team to know how important it is to protect the sensitive data of their users, which is being synced using the company servers.
-
suppliedrelic last edited by
Sensitive data like passwords are stored encrypted. Other data transits encrypted between computer and servers.
That encryption doesn't mean anything if the account password is compromised. Implementing support for 2FA would help ensure that data is only accessible by the account owner.
-
leocg Moderator Volunteer last edited by
That encryption doesn't mean anything if the account password is compromised.
Maybe, but what i'm saying is that if someone go to https://sync.opera.com/web/ and manage to login with your credentials, your passwords can not be viewed.
Implementing support for 2FA would help ensure that data is only accessible by the account owner.
Right, but it has costs.
-
A Former User last edited by
Maybe, but what i'm saying is that if someone go to https://sync.opera.com/web/ and manage to login with your >credentials, your passwords can not be viewed.
But can't someone with those same credentials use them in any Opera browser to sync that browser to my account? Then they can read my passwords in "Manage saved passwords" can't they, providing I am syncing passwords?
This worries me because I recently found under Other Speed Dials, a device name I have never seen before so I wonder if someone was able to sync to my account and its data.
-
ahelg last edited by
2FA would be great, although I can see that it would be expensive. Opera aren't nearly as big as the others who offer 2FA (such as Apple, Twitter, Facebook, Google, etc).
-
stefano42 last edited by
Since sending SMSs is costly I think Opera could implement RFC 6238, like in Google Authenticator and other apps.
-
sgunhouse Moderator Volunteer last edited by
Some people don't have cell phones, plus I saw a post on Slashdot recently that a government agency was advising against using SMS for authentication.
There's little that would be considered private on the web interface anyway - are your bookmarks embarrassing? Passwords are only in the browser.
-
stefano42 last edited by
There are "authenticator" apps for PCs too, I use "2 Factor Authenticator" on Windows 10 to access my team viewer account.
These apps don't use SMS, so they are not costly to implement. -
A Former User last edited by
Some people don't have cell phones, plus I saw a post on Slashdot recently that a government agency was advising against using SMS for authentication.
There's little that would be considered private on the web interface anyway - are your bookmarks embarrassing? Passwords are only in the browser.You cant sync passwords without third party copy so passwords have to be also at Operas servers.