!bob2

FDE is a work around in the same way as ssh keys are a work around. ie, it's not.
FDE is available to you now, it will stop someone from getting into your linode via a reboot, if you're not using it, it's your fault, not linode's.

bring on 2fa, i say, it's a good idea and many sites are using it now, but I'm still going to use fde regardless.

many banks use 2fa via an sms, so now thieves port mobiles to get access to the sms.

tl;dr 2fa good, fde better

2FA does not have to use SMS...

My concern is more that someone will get in and delete my entire account. In my opinion there is no excuse for linode to not offer two-factor auth. We should also be able to disable API and if enabled limit it to IPs of our choosing. Better yet we should be able to control what commands can be used with the API.

In light of the recent security notice today I think this should now be classed as critical.

Two options that we should be able to choose from:
1) Google Authenticator
2) SMS

_________________
-=L9NUX=-

With the quote:


I definitely also think we should have the option for 2-factor auth through something like Google Authenticator. I know not everyone finds it necessary and some find it pointless with the whitelist already in place, but at least having the option can't be a bit thing. Those that want it, use it. Those that don't, don't.

Exactly, and I can't use a white list as I use many different IP addresses and can't rely on a static IP. 2-Factor is the way to go.

_________________
-=L9NUX=-

+1 for Google Authenticator

2FA would make people feel good, but nothing more, it would be useless unless the API is tightened and changed, too.

People serious about security and privacy have protected themselves already from web manager and API break ins.

SMS 2FA is very weak, but if it makes you feel good, then sure, I say, let us demand SMS 2FA.

Let us all feel good, I say. Let us not get bogged down by reality, let us make useless changes that make us feel good instead.

I fully endorse the movement for 2FA