A list of popular sites and whether or not they accept two factor auth.
The goal is to have a website with a comprehensive list of sites that support two factor auth as well as the methods that they support it.
This is to aid when deciding on alternative services based on the security they offer for their customers.
This also is a way for consumers to see what sites still need to invest in further security practices and which ones already do.
All the data is managed through a series of Yaml files so it may be useful to read up on the Yaml syntax.
To add a new site, go to the data files and get familiar with how it is setup. There is a section and coresponding file for each Category and they all follow this syntax:
-
Don't break the build: We have a simple continuous integration system setup with Travis. If your pull request doesn't pass, it won't be merged.
To manually test the build, just run the following:
$ ruby verify.rb
-
Use a Nice Icon: The icon must be 32x32 in dimension. Earlier we were using 16x16 but upgraded for various high density screens.
-
Be Awesome: You need to be awesome. That is all.
To add a new section, modify the sections value in main.yml and follow the template below:
sections:
- id: category-id
title: Category Name
icon: icon-classThen create a new file in the _data directory named the same as your section's id with the .yml extension.
First and foremost, make sure the new site meets our definition requirements for Two Factor Auth.
The values should be pretty straight forward for adding a new website. The
websites array should already be defined, just add a new website to it like
this example:
websites:
- name: Site Name
url: https://www.site.com/
twitter: SiteTwitter
img: site.png
tfa: Yes
sms: Yes
email: Yes
phone: Yes
software: Yes
hardware: Yes
doc: <link to site 2FA documentation>-
See Guideline #2 about icons. The png file should go in the corresponding
img/sectionfolder. -
Only the 2FA methods implemented by a site need a
yestag, the others can just be left off completely. -
For the sake of organization and readability, it is appreciated if you insert new sites alphabetically and that your site chunk follow the same order as the example above.
-
If a site supports 2FA, their Twitter handle is not needed and can be left out for cleanliness.
-
If a site does not have 2FA but there is documentation that they are adding it, then use:
tfa: no status: <url to documentation>
A lot of people have different ideas of what constitutes Two Factor Auth and what doesn't, so it stands to reason that we should clarify a bit. For the purposes of this site, Two Factor Auth is defined as any service provided as a redundant layer for account authentication. Services that provide authorization redundancy are certainly appreciated, but should not be considered Two Factor Auth.
As an example, a site that prompts you for an authentication token following user login would be considered Two Factor Auth. A site that does not prompt you for a token upon login, but prompts you for a token when you try to perform a sensitive action would not be considered Two Factor Auth.
For context, check out the discussion in #242.
This code is distributed under the MIT license. For more info, read the LICENSE file distributed with the source code.