Jump to content
Not connected, Your IP: 3.137.190.6

Recommended Posts

Hi all,

 

First of congratulations on great product. It beats all other VPN providers in user review!

 

I have one issue though. This seems to pertinent to all VPN providers out there. How does one secure access to VPN account? OpenVPN and connections are encrypted and all the cryptographic goodies are there but security of access to account itself is fairly limited.

 

Someone can still/guess/keylog credentials and get access to account - and therefore connect under my credentials to the Internet, and cause (even legal) havoc.

 

Why is there not added security in this space? 2FA authentication seems no brainer these days but no one seems to offer it. 

 

VyprVPN is really bad with this, the offer encrypted storage with their service but once your credentials are compromised all goes down the drain.

 

 

Cheers all!

Share this post


Link to post

This was already discussed somewhere but I can't find the topic right now,

in general, if someone has the ability to keylog/phish your credentials, you have a much bigger security issue which 2FA will only partially solve.

 

When someone gets access to your credentials or the VPN certificates, the only actual threat here is that they would be able to see your IP in the

client area. They cannot however decrypt your traffic - Perfect Forward Secrecy is implemented.

 

The term "connect under your credentials to the internet" is vague. Anyone can register an account like yours, or freeplatypus1, pay the subscription

and use the service. That's the same thing among all public VPNs. An account is simply a way of keeping the billing periods, port forwardings etc.

Unlike your Cable/DSL subscription which has some real, physical parameters.

 

You have much higher chance of abuse when someone connects to your home Wi-Fi from the street.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

Ok so no ...

 

  1. 2FA prevents quite a few low-tech breaches like over the shoulder snooping and a like
  2. There is really no reason not to have it
  3. As I mentioned in original post it is not concern of decrypting traffic
  4. The fact that someone can use your account (no I am not talking about reusing your nick) for performing illegal activity under your credentials will make it difficult to explain with law enforcement. After all everything on your account will lead to you as person and your payment details.

Share this post


Link to post

I agree with everything freeplatypus said. Plus, 2FA allows for one to use a VPN in non-secure terminals, such as when one is not using their own PC but still want to access something via VPN.

 

2FA is something that should be deeply considered in my opinion. I'd love to hear Staff's opinion on this.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...