WebSite X5Help Center

 
Axel  
Axel  
User

Quand la sécurité de connexion sera t'elle à la hauteur des autres ?  fr

Autor: Axel  
Visitado 1004, Seguidores 1, Compartilhado 0  

Bonjour Incomédia.

Bonne année !

Depuis quelques années déjà, la connexion à un site internet est désormais plus sécurisée qu'auparavant.

C'est à dire que maintenant sur 99% des sites au moment de la connexion avec ses identifiants, les sites renforcent la sécurité en envoyant un code unique à saisir pour continuer l'authentification.

Au début c'était surtout les banques, mais désormais tout le monde le fait.

Par exemple après avoir entré vos identifiants, vous recevez par eamil ou SMS (en fonction de votre choix) un message comme ci dessous

Un autre niveau de sécurité est de reveoir un email indiquant qu'une connexion avec votre compte vient d'être effectué et de vérifier si cela est bien vous ou non....

Généralement l'email recçu donne des indication (nom du navigateur, géolocalisation ...etc)....

Juste pour que l'intéressé soit bine certain qu lé connexion ne soit pas une intrusion...

Cela aussi n'existe pas avec WSX5 ...

J'ai pas vérifié si cela été inscrit dans le RGPD que vous ne maintenez déjà pas...!!!! Mais je crois pas que cela en fasse parti.

A quand des correctifs sérieux sur ce point, plutôt par exemple qu'un explorateur de fichiers qui ne fonctionne pas !!!!! 

Axel

Publicado em
12 RESPOSTAS
Incomedia
Eric C.
Incomedia

Hello Axel,
while certainly these additional security checks are an interesting addition, they are suited especially for websites/platforms with a need for higher security standards, such as banking websites, and, unfortunately, currently there are no updates planned related to features like these.

Eric

***** Google Translation:

Bonjour Axel,
Bien que ces contrôles de sécurité supplémentaires constituent certainement un ajout intéressant, ils conviennent particulièrement aux sites Web/plateformes ayant besoin de normes de sécurité plus élevées, tels que les sites Web bancaires, et, malheureusement, aucune mise à jour n'est actuellement prévue concernant des fonctionnalités comme celles-ci.

Eric

Ler mais
Publicado em de Eric C.
Axel  
Axel  
User
Autor

Again you are wrong yell

actually many many websites are using 2fa authentication and not just bank like you said.

many many

so you consider that wsx5 does bot generates sensitive website. You don't know what kind of information is behind our website.

could be very important and sensitive.

so gain wsx5 is poor. even  with competitors

Ler mais
Publicado em de Axel  
Claudio D.
Claudio D.
Moderator
Usuário do mês IT

Axel good point. But I don't completely agree with what you state.


Because if it is true that WebsiteX5, to date, does not provide this security, it must also be said that this extra security depends on the Host where the website resides.


For example, I use, to date, 3 different Hosts (and not the one that Incomedia offers) and none of the 3 provides for dual authentication during ftp transfer.
All 3 provide for ftps, but NOT 2FA.
Instead, when I connect from the web (browser) to the online management panel, only one of them requires for dual authentication; the other 2 is still optional.

Ler mais
Publicado em de Claudio D.
Axel  
Axel  
User
Autor

Hey Claudio,

I don't speak about FTP transfer between WSX5 and the provider.

I speak here about the access pageprotection by user login on the Website to protect some others web pages .(May be Eric you have done also a misunderstanding like Claudio !)

Its' completly different.... It is to protect login pages on the website and their content. So 2FA should be available by default or by option during authentication process.

So it's why I said that many many websites now are using 2FA and not only Bank or insurance like said Eric.

I repeat, we can create some websites with sensitive information behind and to protect them we are using an access page with login/password. So here 2FA should be used too.

Hope to be more clear

Axel

Ler mais
Publicado em de Axel  
Claudio D.
Claudio D.
Moderator
Usuário do mês IT
Axel  
I speak here about the access pageprotection by user login on the Website to protect some others web pages .(May be Eric you have done also a misunderstanding like Claudio !) Its' completly different.... It is to protect login pages on the website and their content. So 2FA should be available by default or by option during authentication process.

ah ok... 

yes I thought you were referring to ftp transfer.


In the case of accessing the /admin panel you would first have to know the administrator's email... and then try to indivinate the password by brute force.
I would say the combination of the two makes it almost impossible to do in a reasonable amount of time.


However, yes , it wouldn't hurt if you could enable 2FA there too... especially for those who run ecommerce, for others it's not like you'd find who knows what data in there... (maybe just IP addresses , in case of using the "comments" feature)

In the case of access (login) of customers , also there it would be useful for ecommerce , but also in case of restricted areas...

But always remains the mail/password combination ...

Maybe it could be, also, useful to activate a block or delay mechanism, in case of three or more unsuccessful attempts ...

bye

Ler mais
Publicado em de Claudio D.
Axel  
Axel  
User
Autor

Hello Claudio,

Claudio D.
In the case of accessing the /admin panel you would first have to know the administrator's email... and then try to indivinate the password by brute force. I would say the combination of the two makes it almost impossible to do in a reasonable amount of time. However, yes , it wouldn't hurt if you could enable 2FA there too... especially for those who run ecommerce, for others it's not like you'd find who knows what data in there... (maybe just IP addresses , in case of using the "comments" feature) In the case of access (login) of customers , also there it would be useful for ecommerce , but also in case of restricted areas... But always remains the mail/password combination ... Maybe it could be, also, useful to activate a block or delay mechanism, in case of three or more unsuccessful attempts ... bye

Full agree with you.wink
Admin page is not enough protected... the URL is always the same (www.domaine.com/admin). So easy to test on x websites.

And a brute force attack is easy to do. Like you said no delay time for x wrong password, or account locked for x mn at first time and re-locked x +y mn at second time ...etc...

And like no email is sent to the admin for the attempt... brute force will be successfull...Just using Patator, John the ripper and let's go.

But this part seems not important for Incomedia..surprised

Axel

Ler mais
Publicado em de Axel  
Axel  
Axel  
User
Autor

And just curious to read Incomedia reply on this big security issue into their software. 

may be they are able to say that is not very urgent to fix...foot-in-mouth

they prefer to provide new features never asked by us. we have so stupid remarks.... always 

Ler mais
Publicado em de Axel  
Axel  
Axel  
User
Autor

All companies into the world are focused on securiries issues.... ALL !.....

Ler mais
Publicado em de Axel  
Axel  
Axel  
User
Autor

Ici le même principe avec le site de la Poste en France.... 

juste pour envoyer un colis..... 

C'est ici de la sécurité d'accès à un compte et rien à voir avec la sensibilité du site... c'est pas une banque ici !!!

Axel

Ler mais
Publicado em de Axel  
Axel  
Axel  
User
Autor

En me connectant chez mon provider qui n'est pas une banque !!!!!

A nouveau une vérification...

Alors Incomedia, quand allez vous offrir cette sécurité dans WSX5 ....  ??????

un jour, dans 10 ans ????? (vous serez probablement mort avec la concurrence et l'AI). dommage.

Axel

Ler mais
Publicado em de Axel  
Franck M.
Franck M.
User

Je reviens faire un tour ici, et je vois que c'est toujours la même chaude ambiance !

Complétement d'accord avec toi Axel, toujours les mêmes demandes et rien ne suit derrière !

Ler mais
Publicado em de Franck M.
Axel  
Axel  
User
Autor

Les versions défilent en Beta, Preview et finale...

Mais toujours aucune annonce sur ce type de sécurité !

Ler mais
Publicado em de Axel