Add Two Factor Authentication
Completed
As an OpenDNS Premium AND Umbrella Mobility customer, I feel OpenDNS promotes revolutionary security technologies. However, I think its time to add a two factor authentication login system to make OpenDNS and Umbrella logins more secure. We're constantly hearing about websites being attacked and their databases leaked. I think using something like the Google Authenticator system to prompt a random code after login to verify your identity via smartphone would be wonderful. This is a standard and many companies use Google's system. It seems to be easy to implement and would give users a chance to secure their accounts in the 21st century. Especially because OpenDNS is responsible for Fortune 500 companies, school districts, and many other important sectors, this security is vital.
Sites using two factor authentication today are Facebook, Twitter, LinkedIn, Last Pass, Hover, Microsoft, Apple, Amazon web services, and so many more. OpenDNS has come a long way, lets start bringing more security to the table,
Thanks,
-Phil
-
Many. One could immediately get the IP address of an organization and start scanning the ports. One could turn off security settings and blocked domains which means all devices/endpoints on that network can now connect to everything that was supposed to be blocked.
Looking at the logs, you can see all of the domains that are being connected to. This could easily paint a picture of what other businesses that business works with. With that knowledge, spear phishing would be a lot easier to craft. As for privacy, it would be same as allowing someone to look at your browser history without you even knowing.
There is a reason why Google, Apple, Microsoft, Facebook, Twitter, Banks, Brokerages, Utilities, Governments, and Hospitals (to name a few) use 2FA.
The millions of users who loose control of accounts everyday could be prevented if they had an additional layer of protection. This is referred to as defense-in-depth
https://www.us-cert.gov/bsi/articles/knowledge/principles/defense-in-depth
-
According to this http://engineering.opendns.com/2014/05/22/launching-two-step-verification/ we should be able to now use this!
-
I think the argument should be why should any offering by OpenDNS NOT come with 2FA? rotblitz if it is marked "complete" on the technicality of "it was related to the Umbrella service for businesses" can you point us to the appropriate place for submitting the request to add 2FA for all OpenDNS account types?
FWIW, I have not found a way to turn on 2FA for my "Household" account, so if there is a way, please point me to the instructions. -
You closed this but the information you provided is incorrect.
Even with the lowest free tier, Prosumer, and Umbrella - all of the security and privacy issues still applies as with Enterprise. Your IP is exposed under the "settings" tab, and under "stats" are the domains & IP's that were connected to.
Are you affiliated w/ OpenDNS? If so, I would encourage a feature request submitted to the appropriate team members.
Everyone, not just Enterprise customers should have security & privacy by default. Not as an add-on option.
-
"closed" meaning the thread is marked "completed".
"If you don't want it, disable logs and stats, or delete your dashboard network."
The security risks I thoroughly explained already. And of course if I disable everything and cancel the account then there wouldn't be an OpenDNS account to hack. But that defeats the purpose of having OpenDNS and the security & content filtering.
Having 2FA, the user can toggle it on/off as they choose. You prefer not to and that's ok.
-
"closed" meaning the thread is marked "completed".
I also do not have the power to mark a thread in such a way. As I said, I have the same power as you have.
It has been marked by staff, probably this:
https://support.opendns.com/hc/en-us/community/posts/220015847/comments/224533127 -
What did I close? I do not have the power to close anything...
"Your IP is exposed under the "settings" tab, and under "stats" are the domains & IP's that were connected to."
Yes, this is what you probably want. What are the security risks? If you don't want it, disable logs and stats, or delete your dashboard network.
And I'm affiliated with OpenDNS probably as you are. In no way.
-
In contrast to your first post where you said "2FA still isn't available outside of enterprise accounts", you are now talking about an enterprise account setting with arguments not really applicable for the private free services. For Umbrella, Prosumer and the free DNS Monitoring service 2FA is available since mid 2014 already.
That is why this idea is being marked as "completed". It was related to the Umbrella service for businesses.
-
A place for submitting a request for a free service? None! You cannot request something for a free service. You just can provide your wishes in the idea bank.
And no, for the free OpenDNS Home services there is definitely no 2FA. And I as user do not see a need for it and would not use it anyway. I want to quickly access my account. And the risks are less than minimal with a complex password and a user ID (email address) not being known to anyone.
Please sign in to leave a comment.
Comments
18 comments