Announcement

Collapse
No announcement yet.

Increasing security with 2FA

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Increasing security with 2FA

    Back in Feb 2018, we released the option to enable second-factor authentication (2FA) for Pay Per Scene and Private Playdate payments (see the support.aw page for more info on what this is, and how to do it).

    When we added it, this was an option for users, and its kinda buried in the settings page, on the PPS tab. Since then, we have had a few cases of people hacking in to users accounts and spending our customers money on AW services, so we're considering requiring 2FA for all PPS users.

    First time setup
    For the first-time setup, that involves installing a smart phone app, and doing around four minutes of setup, to permanently secure your AW account.

    Ongoing purchases
    Ongoing, each time you want us to charge your credit card (eg, for a PPS-Wallet topup (for scenes, or Private Playdates) or a PPS-Direct scene purchase), you'll be asked to enter a secure one-time password the smart phone app provides. This is probably similar to banking you do already (and many other sites employ 2FA as well, of course).

    --

    Obviously, I am concerned that some people will simple choose not to buy from us because it's "too hard", and that's not something we can afford. :/

    What do you think about this?

    #2
    It does sound a bit bothersome for single-scene (direct) purchases, could you do something like asking every XX amount of cash or XX scenes bought asking for 2FA? A wallet sort of covers that but pps-direct uses a creditcard to buy each scene, right?

    I'm lazy in these things and usually buy a subscription, preferably for a year, so I'm set for a long time and don't have to bother separate payments

    Comment


      #3
      Sorry, but no. I do not want an Abby Winters app on my phone, and I do not want text messages from Abby Winters (or your billing company) coming through on my phone. If you make this compulsory I will make no further purchases.

      Comment


        #4
        JacksonP, the app is not from abbywinters.com, and there are no text messages.

        Comment


          #5
          Originally posted by garionhall View Post
          JacksonP, the app is not from abbywinters.com, and there are no text messages.
          But they key/entry in the app will say 'abbywinters.com' right?

          Those apps work by display in-app (only in app) a number which changes every 30 seconds.

          Maybe a one-time popup to notify people of the option of 2FA via either Google Authenticator or Authy (in case people don't like/trust google) would be a nice start? Also depends a bit on how many problems there currently have been with the non-TOTP method (I'd understand that not being public data but it's a consideration surely?)

          Comment


            #6
            Fran, the key in the app is "AW PPS" (we can change that to something even more innocuous if users request).

            Good idea to push OTP's more in the existing setup. The FAQ pages lists four possible apps users can use, and there's about a dozen out there (Googles is the most stable and easiest to use, in my experience).

            Comment

            Subscribe to our e-mail newsletter

             
            Sign up for the abby newsletter. Don't worry, we'll NEVER share your email address with anyone.
            Working...
            X