freeplatypus 1 Posted ... Hi all, First of congratulations on great product. It beats all other VPN providers in user review! I have one issue though. This seems to pertinent to all VPN providers out there. How does one secure access to VPN account? OpenVPN and connections are encrypted and all the cryptographic goodies are there but security of access to account itself is fairly limited. Someone can still/guess/keylog credentials and get access to account - and therefore connect under my credentials to the Internet, and cause (even legal) havoc. Why is there not added security in this space? 2FA authentication seems no brainer these days but no one seems to offer it. VyprVPN is really bad with this, the offer encrypted storage with their service but once your credentials are compromised all goes down the drain. Cheers all! Quote Share this post Link to post
zhang888 1066 Posted ... This was already discussed somewhere but I can't find the topic right now,in general, if someone has the ability to keylog/phish your credentials, you have a much bigger security issue which 2FA will only partially solve. When someone gets access to your credentials or the VPN certificates, the only actual threat here is that they would be able to see your IP in theclient area. They cannot however decrypt your traffic - Perfect Forward Secrecy is implemented. The term "connect under your credentials to the internet" is vague. Anyone can register an account like yours, or freeplatypus1, pay the subscriptionand use the service. That's the same thing among all public VPNs. An account is simply a way of keeping the billing periods, port forwardings etc.Unlike your Cable/DSL subscription which has some real, physical parameters. You have much higher chance of abuse when someone connects to your home Wi-Fi from the street. Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post
freeplatypus 1 Posted ... Ok so no ... 2FA prevents quite a few low-tech breaches like over the shoulder snooping and a like There is really no reason not to have it As I mentioned in original post it is not concern of decrypting traffic The fact that someone can use your account (no I am not talking about reusing your nick) for performing illegal activity under your credentials will make it difficult to explain with law enforcement. After all everything on your account will lead to you as person and your payment details. Quote Share this post Link to post
ofiris 15 Posted ... I agree with everything freeplatypus said. Plus, 2FA allows for one to use a VPN in non-secure terminals, such as when one is not using their own PC but still want to access something via VPN. 2FA is something that should be deeply considered in my opinion. I'd love to hear Staff's opinion on this. 1 freeplatypus reacted to this Quote Share this post Link to post
freeplatypus 1 Posted ... It would be great. Seems like platform that runs this site can have 2FA enabled. 1 freeplatypus reacted to this Quote Share this post Link to post