Add an additional level of security for password retrevial

Comments

6 comments

  • Avatar
    Chris Frost

    Hello,

    Thank you for your suggestion. We're planning on releasing a Two-Step Password Verification in the near future. Two-Step Verification will add an extra layer of security to accessing your account. 

     

  • Avatar
    xdinh

    As of date (5/15/15), my kids can still bypass OpenDNS settings easily by resetting password, and then logging into OpenDNS with my email & setting new password of their choosing to gain access to OpenDNS's control panel to open up access to really bad, harmful sites.  This pretty much defeats the purpose of OpenDNS.

    Any idea on when 2-step password verification going to be implemented?

  • Avatar
    rotblitz

    Why do you provide your e-mail login credentials to your kids?  This is not what credentials are thought for, not with your e-mail account and not with OpenDNS.  You're doing it wrong.  Even seven steps of authentication wouldn't help then if you give your login credentials away to your kids or otherwise...

  • Avatar
    Patrick Colford

    @xdinh Two-factor authentication is available with our Enterprise and Prosumer packages, but I have to agree with Rotblitz. If you've given the login credentials to your email to your children, then they can use that email address for password resets for any service which allows password resets through email. This includes services such as Netflix, Twitter, and many other services on the web besides. We encourage everyone strongly to not give your login credentials to anyone.

  • Avatar
    xdinh

    The kids don't know my email password nor do they have access to my emails.  They know only my email address.

    They do something like "Forgot your password".  Login to OpenDNS using my username/email address and a newly created password.  Change account settings & they're on their way.  That's the rub.

     

  • Avatar
    rotblitz

    "The kids don't know my email password nor do they have access to my emails."

    I do not believe that they don't know.  And if they don't know, they know the password of your computer account which can allow access to others of your accounts (e-mail, OpenDNS, Facebook, ...) even without knowing the related passwords.

    "Login to OpenDNS using my username/email address and a newly created password. "

    This is impossible.  You must have overseen a weak point where your children are able to intrude your system.   They cannot login with a newly created password without having it requested by clicking the "Forgot your password" link.  This sends a notification with link to your e-mail account.  Therefore they must have access to your e-mail account to be able requesting a new password.

    To get rid of this symptoms, you simply change the password for all, your computer account, your e-mail account and your OpenDNS account.  Pretty clear that your kids must not use your computer account either, but their own computer accounts.  And their accounts must not be administrator accounts, else they can easily hi-jack your computer account again and hereby also your e-mail account and OpenDNS account.

Please sign in to leave a comment.