Sync Security!

suppliedrelic

suppliedrelic last edited by

Is this something that is coming? Should really be standard at this point. I at least want a prompt if someone is trying to log into opera with my account and it is not me....

I would expect the team to know how important it is to protect the sensitive data of their users, which is being synced using the company servers.

leocg

leocg Moderator Volunteer last edited by

Sensitive data like passwords are stored encrypted. Other data transits encrypted between computer and servers.

suppliedrelic

suppliedrelic last edited by

Sensitive data like passwords are stored encrypted. Other data transits encrypted between computer and servers.

That encryption doesn't mean anything if the account password is compromised. Implementing support for 2FA would help ensure that data is only accessible by the account owner.

leocg

leocg Moderator Volunteer last edited by

That encryption doesn't mean anything if the account password is compromised.

Maybe, but what i'm saying is that if someone go to https://sync.opera.com/web/ and manage to login with your credentials, your passwords can not be viewed.

Implementing support for 2FA would help ensure that data is only accessible by the account owner.

Right, but it has costs.

A Former User

A Former User last edited by

Maybe, but what i'm saying is that if someone go to https://sync.opera.com/web/ and manage to login with your >credentials, your passwords can not be viewed.

But can't someone with those same credentials use them in any Opera browser to sync that browser to my account? Then they can read my passwords in "Manage saved passwords" can't they, providing I am syncing passwords?

This worries me because I recently found under Other Speed Dials, a device name I have never seen before so I wonder if someone was able to sync to my account and its data.

leocg

leocg Moderator Volunteer last edited by

But can't someone with those same credentials use them in any Opera browser to sync that browser to my account?

In theory, yes. But why someone would do it?

sgunhouse

sgunhouse Moderator Volunteer last edited by

If you are worried about your passwords, then don't sync them. You can choose what data to sync.

ahelg

ahelg last edited by

2FA would be great, although I can see that it would be expensive. Opera aren't nearly as big as the others who offer 2FA (such as Apple, Twitter, Facebook, Google, etc).

stefano42

stefano42 last edited by

Since sending SMSs is costly I think Opera could implement RFC 6238, like in Google Authenticator and other apps.

sgunhouse

sgunhouse Moderator Volunteer last edited by

Some people don't have cell phones, plus I saw a post on Slashdot recently that a government agency was advising against using SMS for authentication.

There's little that would be considered private on the web interface anyway - are your bookmarks embarrassing? Passwords are only in the browser.

stefano42

stefano42 last edited by

There are "authenticator" apps for PCs too, I use "2 Factor Authenticator" on Windows 10 to access my team viewer account.
These apps don't use SMS, so they are not costly to implement.

A Former User

A Former User last edited by

Some people don't have cell phones, plus I saw a post on Slashdot recently that a government agency was advising against using SMS for authentication.
There's little that would be considered private on the web interface anyway - are your bookmarks embarrassing? Passwords are only in the browser.

You cant sync passwords without third party copy so passwords have to be also at Operas servers.

genevalgene

genevalgene last edited by

guys, opera sync was hacked!

https://techcrunch.com/2016/08/26/opera-says-its-service-for-syncing-web-browser-data-was-hacked/?ncid=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=sfgplus&sr_share=googleplus&%3Fncid=sfgplus