Legend

Forum

Unread topics or posts

Topic

Unread posts

Locked

Announcement

Search

Search results for "Posted by Patrick"



AuthorMessage
Patrick

Posted: Nov 24, 2013



Those interested in enhanced login security can take advantage of Toodledo's OpenID option. By utilizing an OpenID provider that allows for two-factor authentication, an OpenID-enabled account is much less susceptible to hacking, especially when logging in from others' computers or insecure locations.*
www.clavid.com is such a provider. Independent and based in Switzerland they offer a multitude of authentication options, including SMS one-time password, SyferLock, certificate, and Yubikey.
Eventually every significant web service provider will offer a TFA login option, as an alternative to static passwords. Google, Amazon, Facebook, Evernote, Dropbox do.

http://en.wikipedia.org/wiki/Two-factor_authentication
http://en.wikipedia.org/wiki/Openid
The OpenID Foundation - openid.net

Once you have your OpenID provider set up, you'll need to add your identity URL to the Toodledo account settings.

--
You can use https:// for securing all www.toodledo.com traffic during a session. Although it's somewhat discouraged in the help topic due to the additional processing load, you can "turn on encryption" in account settings, to ensure the https:// SSL connection is used by default.
http://www.toodledo.com/info/help.php?sel=29

--
The Janrain-operated myopenid.com, linked to in the Toodledo OpenID login screen and help topics, will shut down in February. Jake, please update these.
Clavid is a dedicated Authentication / Identity Provider.
Symantec's pip.verisignlabs.com is another IP, but they have fewer authentication options and no free SMS OTP. Their mobile app can be used for TFA login to PayPal and eBay.
See openid.net for other options..

--
*assuming your base account has a strong password, to start with.

Sorry for the long post. I believe it's relevant.


This message was edited Nov 25, 2013.
Patrick

Posted: Nov 24, 2013



Posted by Jake:
The actual breach happened on Oct 28th.
...
Fortunately, this is only a secondary database for Toodledo that does not contain much user data. Here is what data may have been accessed.
...
1) Your IP address ...
2) Your email address, but only if you have changed your email address with Toodledo in the last 90 days.


Posted by Jake:
Yes, we would have liked to email this to everyone, but we don't actually have that capability right now. Sending out over a million emails all at once is a bit of a challenge :)


Presumably 'over a million' would be your entire user base, and the emails changed within the prior 90 days would be a much lower number. Presumably you did not 'lose' the affected database, and can identify the 90-day emails.

Whatever it took, Toodledo should have sent out an immediate advisory to the people who might have been affected. Provided with the address list there are a multitude of professional email services capable of doing this, if Toodledo lacks that relatively basic ability.

So much can be done with one's email address, which is also our userID for Toodledo. To learn of such a security breach weeks after the fact, and only because I happened to visit the forum, is very disappointing.

That email advisory should still go out.

P.


This message was edited Nov 24, 2013.
Patrick

Posted: Sep 06, 2013



Posted by pjlewis:
Keyboard shortcuts for the web interface are detailed here:
https://www.toodledo.com/info/help.php?sel=18

Thanks. I'm familiar with the current keyboard shortcuts.
Patrick

Posted: Sep 06, 2013





This message was edited Sep 06, 2013.
Patrick

Posted: Sep 05, 2013



I don't see a shortcut key listed. Having to reach and use the mouse just to access the Quick Add Task field doesn't seem right :) "a" and "q" are unassigned?

While on the topic, a shortcut key to sort by Importance would be handy. It's the default sort (I think?), it's the one I find most useful. Being able to quickly return to that view would save another reach for the mouse and several clicks. "i" isn't used.

"esc" doesn't work to close the keyboard shortcut popup.

Thanks.


This message was edited Sep 05, 2013.
Patrick

Posted: Jan 26, 2012



You're testing with the Opera desktop clients, but not Opera Mobile?

This message was edited Jan 26, 2012.
Patrick

Posted: Jan 15, 2010
From Topic: Firefox addon



When might we expect compatibility with Firefox 3.6?
--
Patrick
Contact Us | Blog | API | Jobs | Press | Documentation | Forums Privacy | Terms | Copyright © 2004-2014