Date   

moderated Re: Wording to disable two-factor (2FA) #suggestion

Bruce Bowman
 

On Tue, Nov 3, 2020 at 12:56 AM, Jeff Smith wrote:
"whoever is entering the password has already passed two-factor authentication"
Obviously a false assumption. You left out all the ways the intruder has either found the computer unattended or had a remote access to their screen.
Jeff -- It just seems to me, if you're the kind of person who does things like that, no amount of security questions or login factors is going to work.

Just last month my client literally had this exact problem, where the intruder had snuck into his office. They had obtained all the passwords they wanted, but they would not have gotten the login on there home computer because they would not have the 2FA.
Correct.

Obviously they would have simply disabled his 2FA since they did have his password.
Assuming they knew 2FA was in place and they had to do something to disable it [while they were sitting there in clandestine fashion] and had all the time in the world to figure all that out, yes.

What I'm seeing much more frequently in questions posed to GMF and Group_Help are from people who have lost their second factor and damaged a device or reset it to factory defaults and now need support help just to log in. It seems appropriate to weigh the likelihood of one against the other.

Regards,
Bruce


moderated Database bug in time fields #bug

Chris Smith
 

There seems to be a bug in the database time fields...

If I add a record that has time fields in it, then go back and edit the same record and don't change the time fields, they are saved blank/empty. It seems to have something to do with the "am" / "pm" that is added on automatically by the system - if I edit the "am" / "pm" out then it saves fine, but if they are left in the field is saved blank.

Chris


moderated Re: Wording to disable two-factor (2FA) #suggestion

Jeff Smith
 

On Mon, Nov 2, 2020 at 09:48 AM, Bruce Bowman wrote:
If that isn't adequate security, then I guess we need a third factor.
You are arguing to have only ONE factor, not two because of your assumption that there is need to only enter the first factor in order to REMOVE the second factor (assuming my other conditions where the intruder came in through something already logged in for their first intrusion).

We are not talking about just two passwords. We are saying, "Something you know, and something you have" this is the only reason why 2FA is enough for normal use so you don't need three. What would the third one be? Probably a retnal scan as "something you are" I guess


moderated Re: Wording to disable two-factor (2FA) #suggestion

Jeff Smith
 

Well if you must, I will repeat the reasons here what I said is wrong with your ideas in the Group_Help.

Microsoft and Facebook are the two crappiest examples of security or common sense. If you prefer those, that is why I said you do not want security.

"whoever is entering the password has already passed two-factor authentication"
Obviously a false assumption. You left out all the ways the intruder has either found the computer unattended or had a remote access to their screen. Just last month my client literally had this exact problem, where the intruder had snuck into his office. They had obtained all the passwords they wanted, but they would not have gotten the login on there home computer because they would not have the 2FA. Obviously they would have simply disabled his 2FA since they did have his password.


moderated bulk deletion of attachments #suggestion

 

I went into Billing to see how much storage we're using, since someone just posted a humongous bunch of attachments. In the list of elements, attachments has a link to "view attachments." Which is great, but unfortunately, you can't delete the attachments from there. You have to go into each message individually, delete the attachments, go back to admin-->billing and start all over again.

Could attachments be deletable from "View Attachments" in Billing? This is probably not as simple as it sounds since (I think) it would involve editing each message. But it is incredibly laborious as things stand.
--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


moderated Re: consider a "Like" to be a "follow" #suggestion

 

Wow! This is like asking the genie for something and he goes Your Wish Is My Command! Thanks, Mark! 😊


On Nov 2, 2020, at 12:25 PM, Mark Fletcher <markf@corp.groups.io> wrote:


On Mon, Nov 2, 2020 at 11:59 AM J_Catlady <j.olivia.catlady@...> wrote:
This is great (sort of;). Is it possible to have that at the top of the individual message page as well? That would be closer to what I was hoping for at the beginning, where Liking a message would cause you to follow the topic. You still can't do anything with the message that causes you to follow its topic except reply to it (assuming you're on auto-follow replies). You still have to go outside of the message itself to create a follow. Call me greedy...

Done.

Thanks,
Mark 

--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


moderated Re: consider a "Like" to be a "follow" #suggestion

Bruce Bowman
 

Wow. This change really enhances the mute/follow function.

Thanks much!

Bruce


moderated Re: consider a "Like" to be a "follow" #suggestion

 

On Mon, Nov 2, 2020 at 11:59 AM J_Catlady <j.olivia.catlady@...> wrote:
This is great (sort of;). Is it possible to have that at the top of the individual message page as well? That would be closer to what I was hoping for at the beginning, where Liking a message would cause you to follow the topic. You still can't do anything with the message that causes you to follow its topic except reply to it (assuming you're on auto-follow replies). You still have to go outside of the message itself to create a follow. Call me greedy...

Done.

Thanks,
Mark 


moderated Re: consider a "Like" to be a "follow" #suggestion

 

This is great (sort of;). Is it possible to have that at the top of the individual message page as well? That would be closer to what I was hoping for at the beginning, where Liking a message would cause you to follow the topic. You still can't do anything with the message that causes you to follow its topic except reply to it (assuming you're on auto-follow replies). You still have to go outside of the message itself to create a follow. Call me greedy...
--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


moderated Re: consider a "Like" to be a "follow" #suggestion

 

Hi All,

In the /topic page, at the top, there is a now a Follow/Unfollow/Mute/Unmute Topic button (which one depends on your settings...)

Thanks,
Mark


moderated Re: Wording to disable two-factor (2FA) #suggestion

Bruce Bowman
 

On Mon, Nov 2, 2020 at 10:16 AM, Jeff Smith wrote:
Please just say, "Enter Your Password" in order to avoid confusion.
How about "Enter Your Password (NOT your OTP)"

My secure advice (as a specialist) is to require the OTP instead, because of the security breaches that often happen by people who only know the password so they sneak in while the account owner is AFK and disable authentication so they can go to their own computer and authenticate because they only were able to steal the owner's password.
You have to be logged in to do this, meaning that whoever is entering the password has already passed two-factor authentication.

If that isn't adequate security, then I guess we need a third factor.

Regards,
Bruce
 


moderated Re: rename "Reason" column in Past Members to "History" or "Activity" #suggestion

 

Hello,

On Sun, Nov 1, 2020 at 7:32 AM J_Catlady <j.olivia.catlady@...> wrote:
The history column has disappeared from the Past Members list (not sure how long ago this happened) but it turns out that clicking on the Reason field, which is now a link, now takes you to the member's activity history.


I've changed the column title to History.

Thanks,
Mark 


moderated Re: Wording to disable two-factor (2FA) #suggestion

Duane
 

On Mon, Nov 2, 2020 at 09:16 AM, Jeff Smith wrote:
Actually the problem is since every other site requires me to enter the OTP here from authenticator
Except Facebook and Microsoft, and possibly some others.

Duane


moderated Wording to disable two-factor (2FA) #suggestion

Jeff Smith
 

I am certain more people have this misunderstanding than care to admit, considering the many days I just spent trying to find out why I could not disable 2FA.

After I click the button "Disable two-factor authentication", the dialog immediately pops up with:
"Enter Your Password To Disable Two-Factor Authentication" and the text entry field.
Note it is redundant language when the label of text field should only tell what needs to be entered here. We already know why we enter our password because it is literally on the button we just hit.

Please just say, "Enter Your Password" in order to avoid confusion.

Actually the problem is since every other site requires me to enter the OTP here from authenticator, plus it literally says "Two-Factor Authentication" in the label of text entry, I was trying to enter the OTP.
My secure advice (as a specialist) is to require the OTP instead, because of the security breaches that often happen by people who only know the password so they sneak in while the account owner is AFK and disable authentication so they can go to their own computer and authenticate because they only were able to steal the owner's password.

Thank you, --jeff


moderated Re: Sort Admin menu sub-items #suggestion

 

One more suggestion: Make the list order customizable by user. That is, have some default, for new users or users not logged in but viewing a public group, and allow the user to change the list order. The same order would apply to all of the user's groups where the options are available. If a new feature is added, it can default to near the top or near the bottom of the list, depending on how much you want to promote the feature.

JohnF


moderated Re: Sort Admin menu sub-items #suggestion

 

I totally agree. Right now it looks completely random from the perspective of some users (including me). Alphabetical at least is simple and unsurprising.


On Nov 2, 2020, at 5:52 AM, Mark Murphy <mark@...> wrote:

My suggestion is also about expectation. In choosing from a list of 13 separate actions, I believe most people expect the list to be ordered in some way: most recently used, most often used, alphabetical, by functional group, etc. Look at any commonly used multi-level menu UI such as Word or Excel, for examples.

I think we can disagree about how the list should be ordered. Alphabetical makes sense to me.

--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


moderated Add option to make sub-group member list viewable to parent group members? #suggestion

Sarah Tappon
 

I would like to make my subgroups' membership lists viewable to all members of the parent group. I can't find a straightforward way of doing this. Would love to see it added as an option.

For context, my group is a cohousing community where we want to make it easy for everyone to see who is involved in the various sub-committees.

Thank you!


moderated Re: Better control of muted hashtags #suggestion

bbannayan@...
 

It's been a couple years since this suggestion was made but as a new user this is nearly the first thing that came to mind.  Hiding unwanted hashtags would radically increase the signal to noise ratio in at least one of the groups I'm a member of.


moderated Re: Sort Admin menu sub-items #suggestion

Mark Murphy
 

My suggestion is also about expectation. In choosing from a list of 13 separate actions, I believe most people expect the list to be ordered in some way: most recently used, most often used, alphabetical, by functional group, etc. Look at any commonly used multi-level menu UI such as Word or Excel, for examples.

I think we can disagree about how the list should be ordered. Alphabetical makes sense to me.


moderated Re: Sort Admin menu sub-items #suggestion

 

I was about to make that same point about unmoderated groups.


On Nov 1, 2020, at 11:29 AM, Christos G. Psarras <christos@...> wrote:

J,

Huh? Order of most frequent use by whom? The most common thing I do is check the activity log, which almost at the very bottom, also against its rightful place in the alphabet. It took me awhile to get used to that.
Yeah, not to mention that if one's group is unmoderated, the (first) Pending link is pretty-much useless.

I also would like to see some of the links rearranged, but not alphabetically though, usage-wise as Bruce suggested.  My fishy personal preference would be having these at the top: Activity, Pending, Members, Settings, Subgroups and Usage, then the rest, Invite, DirectAdd, Integrations, Aliases, Domains, Donations.

Cheers,
Christos

--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu

2941 - 2960 of 29448