Should 2FA be enabled on service accounts?If multi factor authentication is enabled, how should that affect self-service password reset?Generating backup codes for a 2FA implementationHow to fix a repeatedly hacked gmail account (where 2FA is enabled and passwords are changed)?Strange messages from Gmail regarding my recovery email address changingWhatsapp is adding passwords: what is the threat model that they want to protect their users from?If I add two accounts to the same 2FA app, are those accounts linked from a privacy point of view?How should disabling 2FA be handled by a service?Attacker circumventing 2FA. How to defend?What is optimal way to connect accounts to 2FA on phone?Sharing 2FA tokens

Why put copper in between battery contacts and clamps?

How to efficiently shred a lot of cabbage?

Can a US President, after impeachment and removal, be re-elected or re-appointed?

Raindrops in Python

Should students have access to past exams or an exam bank?

Why did I lose on time with 3 pawns vs Knight. Shouldn't it be a draw?

Why would an invisible personal shield be necessary?

Why does calling cout.operator<<(const char*) print the address instead of the character string?

How to prevent a single-element caster from being useless against immune foes?

PCB design using code instead of clicking a mouse?

Why would anyone ever invest in a cash-only etf?

What is a good example for artistic ND filter applications?

What is the highest achievable score in Catan

Would people understand me speaking German all over Europe?

Solve equation using Mathematica

Is it okay for me to decline a project on ethical grounds?

Is it unprofessional to mention your cover letter and resume are best viewed in Chrome?

What would the United Kingdom's "optimal" Brexit deal look like?

How can you tell the version of Ubuntu on a system in a .sh (bash) script?

Was Donald Trump at ground zero helping out on 9-11?

Would it take any sort of amendment to make DC a state?

What Marvel character has this 'W' symbol?

Are all French verb conjugation tenses and moods practical and efficient?

Best Ergonomic Design for a handheld ranged weapon



Should 2FA be enabled on service accounts?


If multi factor authentication is enabled, how should that affect self-service password reset?Generating backup codes for a 2FA implementationHow to fix a repeatedly hacked gmail account (where 2FA is enabled and passwords are changed)?Strange messages from Gmail regarding my recovery email address changingWhatsapp is adding passwords: what is the threat model that they want to protect their users from?If I add two accounts to the same 2FA app, are those accounts linked from a privacy point of view?How should disabling 2FA be handled by a service?Attacker circumventing 2FA. How to defend?What is optimal way to connect accounts to 2FA on phone?Sharing 2FA tokens






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








4















See the title. I'm involved in a security audit right now, and am wondering whether 2FA should be enabled on not just human login accounts but also on service accounts (non-human accounts)? If so, how is this normally managed? Someone must still be at the other end to confirm the 2FA right? And would this be mainly a one time thing at setup or would they need to reconfirm the 2FA request periodically?










share|improve this question







New contributor



Jason is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





















  • Assume for the moment the service you're authenticating against is 3rd party. That means you'll have to automate 2FA for a service intended for a human, but now needs to be automated. That sounds like something just waiting to break if the 3rd party changes the way the 2FA works where I human wouldn't care, but automation might rely on the old structure.

    – Steve Sether
    9 hours ago

















4















See the title. I'm involved in a security audit right now, and am wondering whether 2FA should be enabled on not just human login accounts but also on service accounts (non-human accounts)? If so, how is this normally managed? Someone must still be at the other end to confirm the 2FA right? And would this be mainly a one time thing at setup or would they need to reconfirm the 2FA request periodically?










share|improve this question







New contributor



Jason is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





















  • Assume for the moment the service you're authenticating against is 3rd party. That means you'll have to automate 2FA for a service intended for a human, but now needs to be automated. That sounds like something just waiting to break if the 3rd party changes the way the 2FA works where I human wouldn't care, but automation might rely on the old structure.

    – Steve Sether
    9 hours ago













4












4








4








See the title. I'm involved in a security audit right now, and am wondering whether 2FA should be enabled on not just human login accounts but also on service accounts (non-human accounts)? If so, how is this normally managed? Someone must still be at the other end to confirm the 2FA right? And would this be mainly a one time thing at setup or would they need to reconfirm the 2FA request periodically?










share|improve this question







New contributor



Jason is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











See the title. I'm involved in a security audit right now, and am wondering whether 2FA should be enabled on not just human login accounts but also on service accounts (non-human accounts)? If so, how is this normally managed? Someone must still be at the other end to confirm the 2FA right? And would this be mainly a one time thing at setup or would they need to reconfirm the 2FA request periodically?







multi-factor






share|improve this question







New contributor



Jason is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.










share|improve this question







New contributor



Jason is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.








share|improve this question




share|improve this question






New contributor



Jason is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.








asked 9 hours ago









JasonJason

211 bronze badge




211 bronze badge




New contributor



Jason is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.




New contributor




Jason is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

















  • Assume for the moment the service you're authenticating against is 3rd party. That means you'll have to automate 2FA for a service intended for a human, but now needs to be automated. That sounds like something just waiting to break if the 3rd party changes the way the 2FA works where I human wouldn't care, but automation might rely on the old structure.

    – Steve Sether
    9 hours ago

















  • Assume for the moment the service you're authenticating against is 3rd party. That means you'll have to automate 2FA for a service intended for a human, but now needs to be automated. That sounds like something just waiting to break if the 3rd party changes the way the 2FA works where I human wouldn't care, but automation might rely on the old structure.

    – Steve Sether
    9 hours ago
















Assume for the moment the service you're authenticating against is 3rd party. That means you'll have to automate 2FA for a service intended for a human, but now needs to be automated. That sounds like something just waiting to break if the 3rd party changes the way the 2FA works where I human wouldn't care, but automation might rely on the old structure.

– Steve Sether
9 hours ago





Assume for the moment the service you're authenticating against is 3rd party. That means you'll have to automate 2FA for a service intended for a human, but now needs to be automated. That sounds like something just waiting to break if the 3rd party changes the way the 2FA works where I human wouldn't care, but automation might rely on the old structure.

– Steve Sether
9 hours ago










2 Answers
2






active

oldest

votes


















4














The trouble with requiring MFA on service accounts, is that it would have to be fully automated. For instance, a time based OTP.



But as this OTP is based on a secret seed, it is effectively just another password stored in a config available to the service account. And it therefore gives no real additional security above that of just a single factor such as a password.






share|improve this answer




















  • 2





    Agree! A 2FA token is just another password. Make the service password a random, large password, and you are done. 2FA will not bring much security, and will be a moving part waiting to break.

    – ThoriumBR
    6 hours ago


















2














Multi-factor authentication is certainly possible without human intervention.



However, it requires a frame challenge.



When dealing with humans, the three typical factors for authentication are something you know (password), something you have (TOTP device/program, phone with SMS, access to an email account, etc.), and something you are (biometrics). You can not combine different things from the same factor and call it multifactor authentication. I.e., a fingerprint and a retina scan is not 2FA, but a fingerprint and a password is 2FA.



Biometrics doesn't work over a network, whether you're scanning a human's fingerprints or you're "fingerprinting" a computer, since you can't verify that the client isn't lying unless you have a trusted agent standing by. "The client is in the hands of the enemy." -- Raph Koster (Game designer, not security expert, but the advice is well applied.) Without that trusted agent, biometrics are only useful for identification, not for authentication(*).



The next authentication factor, something you have, is usually indistinguishable from something you know when you're a computer. TOTP seeds, passwords, session tokens, RSA private keys, and so on are just bytes to a computer, and at some point will reside in RAM. Humans can get away with having TOTP seeds, session tokens, cryptographic keys, and the like be second factors, because humans are very unlikely to be able to memorize these, so they need access to separate hardware (or at least something written down).



However, there are things that a computer can't "know" ahead of time. If you have a hardware device that performs cryptographic operations and stores the private key inside in a way that can't be copied (without obvious evidence of tampering), such as a U2F dongle, then this qualifies as something the computer has but doesn't know. Similarly, information sent out-of-band can also be considered something the computer has, rather than something it knows. For instance, a token can be emailed, FTPd, or sent through SMS. Depending on your threat model, simply opening a connection on a different port may be good enough to fool automated surveillance tools, though I wouldn't trust it against an active eavesdropper.



Speaking of threat models, the current threat models against users using passwords isn't the fact that it's just one factor. The threat model is that most users reuse passwords, have low entropy passwords, and that nearly every human's data has been included in multiple data breaches, including many data breaches that have never been detected or reported. Since computers don't have any problem memorizing very long and truly random passwords, and can memorize every password that's given to them, it is trivial to set up a unique, high entropy password for every service account.



Footnotes:



(*) Identification is different from authentication in that, I can identify myself as the queen of Mars, but I can't be authenticated as the queen of Mars. A username is identification, but a username and password is authentication. A fingerprint is identification, but a fingerprint taken with a trusted agent overseeing the process is authentication.






share|improve this answer





























    Your Answer








    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "162"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader:
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    ,
    noCode: true, onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );






    Jason is a new contributor. Be nice, and check out our Code of Conduct.









    draft saved

    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f214430%2fshould-2fa-be-enabled-on-service-accounts%23new-answer', 'question_page');

    );

    Post as a guest















    Required, but never shown

























    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    4














    The trouble with requiring MFA on service accounts, is that it would have to be fully automated. For instance, a time based OTP.



    But as this OTP is based on a secret seed, it is effectively just another password stored in a config available to the service account. And it therefore gives no real additional security above that of just a single factor such as a password.






    share|improve this answer




















    • 2





      Agree! A 2FA token is just another password. Make the service password a random, large password, and you are done. 2FA will not bring much security, and will be a moving part waiting to break.

      – ThoriumBR
      6 hours ago















    4














    The trouble with requiring MFA on service accounts, is that it would have to be fully automated. For instance, a time based OTP.



    But as this OTP is based on a secret seed, it is effectively just another password stored in a config available to the service account. And it therefore gives no real additional security above that of just a single factor such as a password.






    share|improve this answer




















    • 2





      Agree! A 2FA token is just another password. Make the service password a random, large password, and you are done. 2FA will not bring much security, and will be a moving part waiting to break.

      – ThoriumBR
      6 hours ago













    4












    4








    4







    The trouble with requiring MFA on service accounts, is that it would have to be fully automated. For instance, a time based OTP.



    But as this OTP is based on a secret seed, it is effectively just another password stored in a config available to the service account. And it therefore gives no real additional security above that of just a single factor such as a password.






    share|improve this answer













    The trouble with requiring MFA on service accounts, is that it would have to be fully automated. For instance, a time based OTP.



    But as this OTP is based on a secret seed, it is effectively just another password stored in a config available to the service account. And it therefore gives no real additional security above that of just a single factor such as a password.







    share|improve this answer












    share|improve this answer



    share|improve this answer










    answered 8 hours ago









    Geir EmblemsvagGeir Emblemsvag

    9031 gold badge5 silver badges10 bronze badges




    9031 gold badge5 silver badges10 bronze badges










    • 2





      Agree! A 2FA token is just another password. Make the service password a random, large password, and you are done. 2FA will not bring much security, and will be a moving part waiting to break.

      – ThoriumBR
      6 hours ago












    • 2





      Agree! A 2FA token is just another password. Make the service password a random, large password, and you are done. 2FA will not bring much security, and will be a moving part waiting to break.

      – ThoriumBR
      6 hours ago







    2




    2





    Agree! A 2FA token is just another password. Make the service password a random, large password, and you are done. 2FA will not bring much security, and will be a moving part waiting to break.

    – ThoriumBR
    6 hours ago





    Agree! A 2FA token is just another password. Make the service password a random, large password, and you are done. 2FA will not bring much security, and will be a moving part waiting to break.

    – ThoriumBR
    6 hours ago













    2














    Multi-factor authentication is certainly possible without human intervention.



    However, it requires a frame challenge.



    When dealing with humans, the three typical factors for authentication are something you know (password), something you have (TOTP device/program, phone with SMS, access to an email account, etc.), and something you are (biometrics). You can not combine different things from the same factor and call it multifactor authentication. I.e., a fingerprint and a retina scan is not 2FA, but a fingerprint and a password is 2FA.



    Biometrics doesn't work over a network, whether you're scanning a human's fingerprints or you're "fingerprinting" a computer, since you can't verify that the client isn't lying unless you have a trusted agent standing by. "The client is in the hands of the enemy." -- Raph Koster (Game designer, not security expert, but the advice is well applied.) Without that trusted agent, biometrics are only useful for identification, not for authentication(*).



    The next authentication factor, something you have, is usually indistinguishable from something you know when you're a computer. TOTP seeds, passwords, session tokens, RSA private keys, and so on are just bytes to a computer, and at some point will reside in RAM. Humans can get away with having TOTP seeds, session tokens, cryptographic keys, and the like be second factors, because humans are very unlikely to be able to memorize these, so they need access to separate hardware (or at least something written down).



    However, there are things that a computer can't "know" ahead of time. If you have a hardware device that performs cryptographic operations and stores the private key inside in a way that can't be copied (without obvious evidence of tampering), such as a U2F dongle, then this qualifies as something the computer has but doesn't know. Similarly, information sent out-of-band can also be considered something the computer has, rather than something it knows. For instance, a token can be emailed, FTPd, or sent through SMS. Depending on your threat model, simply opening a connection on a different port may be good enough to fool automated surveillance tools, though I wouldn't trust it against an active eavesdropper.



    Speaking of threat models, the current threat models against users using passwords isn't the fact that it's just one factor. The threat model is that most users reuse passwords, have low entropy passwords, and that nearly every human's data has been included in multiple data breaches, including many data breaches that have never been detected or reported. Since computers don't have any problem memorizing very long and truly random passwords, and can memorize every password that's given to them, it is trivial to set up a unique, high entropy password for every service account.



    Footnotes:



    (*) Identification is different from authentication in that, I can identify myself as the queen of Mars, but I can't be authenticated as the queen of Mars. A username is identification, but a username and password is authentication. A fingerprint is identification, but a fingerprint taken with a trusted agent overseeing the process is authentication.






    share|improve this answer































      2














      Multi-factor authentication is certainly possible without human intervention.



      However, it requires a frame challenge.



      When dealing with humans, the three typical factors for authentication are something you know (password), something you have (TOTP device/program, phone with SMS, access to an email account, etc.), and something you are (biometrics). You can not combine different things from the same factor and call it multifactor authentication. I.e., a fingerprint and a retina scan is not 2FA, but a fingerprint and a password is 2FA.



      Biometrics doesn't work over a network, whether you're scanning a human's fingerprints or you're "fingerprinting" a computer, since you can't verify that the client isn't lying unless you have a trusted agent standing by. "The client is in the hands of the enemy." -- Raph Koster (Game designer, not security expert, but the advice is well applied.) Without that trusted agent, biometrics are only useful for identification, not for authentication(*).



      The next authentication factor, something you have, is usually indistinguishable from something you know when you're a computer. TOTP seeds, passwords, session tokens, RSA private keys, and so on are just bytes to a computer, and at some point will reside in RAM. Humans can get away with having TOTP seeds, session tokens, cryptographic keys, and the like be second factors, because humans are very unlikely to be able to memorize these, so they need access to separate hardware (or at least something written down).



      However, there are things that a computer can't "know" ahead of time. If you have a hardware device that performs cryptographic operations and stores the private key inside in a way that can't be copied (without obvious evidence of tampering), such as a U2F dongle, then this qualifies as something the computer has but doesn't know. Similarly, information sent out-of-band can also be considered something the computer has, rather than something it knows. For instance, a token can be emailed, FTPd, or sent through SMS. Depending on your threat model, simply opening a connection on a different port may be good enough to fool automated surveillance tools, though I wouldn't trust it against an active eavesdropper.



      Speaking of threat models, the current threat models against users using passwords isn't the fact that it's just one factor. The threat model is that most users reuse passwords, have low entropy passwords, and that nearly every human's data has been included in multiple data breaches, including many data breaches that have never been detected or reported. Since computers don't have any problem memorizing very long and truly random passwords, and can memorize every password that's given to them, it is trivial to set up a unique, high entropy password for every service account.



      Footnotes:



      (*) Identification is different from authentication in that, I can identify myself as the queen of Mars, but I can't be authenticated as the queen of Mars. A username is identification, but a username and password is authentication. A fingerprint is identification, but a fingerprint taken with a trusted agent overseeing the process is authentication.






      share|improve this answer





























        2












        2








        2







        Multi-factor authentication is certainly possible without human intervention.



        However, it requires a frame challenge.



        When dealing with humans, the three typical factors for authentication are something you know (password), something you have (TOTP device/program, phone with SMS, access to an email account, etc.), and something you are (biometrics). You can not combine different things from the same factor and call it multifactor authentication. I.e., a fingerprint and a retina scan is not 2FA, but a fingerprint and a password is 2FA.



        Biometrics doesn't work over a network, whether you're scanning a human's fingerprints or you're "fingerprinting" a computer, since you can't verify that the client isn't lying unless you have a trusted agent standing by. "The client is in the hands of the enemy." -- Raph Koster (Game designer, not security expert, but the advice is well applied.) Without that trusted agent, biometrics are only useful for identification, not for authentication(*).



        The next authentication factor, something you have, is usually indistinguishable from something you know when you're a computer. TOTP seeds, passwords, session tokens, RSA private keys, and so on are just bytes to a computer, and at some point will reside in RAM. Humans can get away with having TOTP seeds, session tokens, cryptographic keys, and the like be second factors, because humans are very unlikely to be able to memorize these, so they need access to separate hardware (or at least something written down).



        However, there are things that a computer can't "know" ahead of time. If you have a hardware device that performs cryptographic operations and stores the private key inside in a way that can't be copied (without obvious evidence of tampering), such as a U2F dongle, then this qualifies as something the computer has but doesn't know. Similarly, information sent out-of-band can also be considered something the computer has, rather than something it knows. For instance, a token can be emailed, FTPd, or sent through SMS. Depending on your threat model, simply opening a connection on a different port may be good enough to fool automated surveillance tools, though I wouldn't trust it against an active eavesdropper.



        Speaking of threat models, the current threat models against users using passwords isn't the fact that it's just one factor. The threat model is that most users reuse passwords, have low entropy passwords, and that nearly every human's data has been included in multiple data breaches, including many data breaches that have never been detected or reported. Since computers don't have any problem memorizing very long and truly random passwords, and can memorize every password that's given to them, it is trivial to set up a unique, high entropy password for every service account.



        Footnotes:



        (*) Identification is different from authentication in that, I can identify myself as the queen of Mars, but I can't be authenticated as the queen of Mars. A username is identification, but a username and password is authentication. A fingerprint is identification, but a fingerprint taken with a trusted agent overseeing the process is authentication.






        share|improve this answer















        Multi-factor authentication is certainly possible without human intervention.



        However, it requires a frame challenge.



        When dealing with humans, the three typical factors for authentication are something you know (password), something you have (TOTP device/program, phone with SMS, access to an email account, etc.), and something you are (biometrics). You can not combine different things from the same factor and call it multifactor authentication. I.e., a fingerprint and a retina scan is not 2FA, but a fingerprint and a password is 2FA.



        Biometrics doesn't work over a network, whether you're scanning a human's fingerprints or you're "fingerprinting" a computer, since you can't verify that the client isn't lying unless you have a trusted agent standing by. "The client is in the hands of the enemy." -- Raph Koster (Game designer, not security expert, but the advice is well applied.) Without that trusted agent, biometrics are only useful for identification, not for authentication(*).



        The next authentication factor, something you have, is usually indistinguishable from something you know when you're a computer. TOTP seeds, passwords, session tokens, RSA private keys, and so on are just bytes to a computer, and at some point will reside in RAM. Humans can get away with having TOTP seeds, session tokens, cryptographic keys, and the like be second factors, because humans are very unlikely to be able to memorize these, so they need access to separate hardware (or at least something written down).



        However, there are things that a computer can't "know" ahead of time. If you have a hardware device that performs cryptographic operations and stores the private key inside in a way that can't be copied (without obvious evidence of tampering), such as a U2F dongle, then this qualifies as something the computer has but doesn't know. Similarly, information sent out-of-band can also be considered something the computer has, rather than something it knows. For instance, a token can be emailed, FTPd, or sent through SMS. Depending on your threat model, simply opening a connection on a different port may be good enough to fool automated surveillance tools, though I wouldn't trust it against an active eavesdropper.



        Speaking of threat models, the current threat models against users using passwords isn't the fact that it's just one factor. The threat model is that most users reuse passwords, have low entropy passwords, and that nearly every human's data has been included in multiple data breaches, including many data breaches that have never been detected or reported. Since computers don't have any problem memorizing very long and truly random passwords, and can memorize every password that's given to them, it is trivial to set up a unique, high entropy password for every service account.



        Footnotes:



        (*) Identification is different from authentication in that, I can identify myself as the queen of Mars, but I can't be authenticated as the queen of Mars. A username is identification, but a username and password is authentication. A fingerprint is identification, but a fingerprint taken with a trusted agent overseeing the process is authentication.







        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited 6 hours ago

























        answered 7 hours ago









        GhedipunkGhedipunk

        3,3351 gold badge13 silver badges23 bronze badges




        3,3351 gold badge13 silver badges23 bronze badges























            Jason is a new contributor. Be nice, and check out our Code of Conduct.









            draft saved

            draft discarded


















            Jason is a new contributor. Be nice, and check out our Code of Conduct.












            Jason is a new contributor. Be nice, and check out our Code of Conduct.











            Jason is a new contributor. Be nice, and check out our Code of Conduct.














            Thanks for contributing an answer to Information Security Stack Exchange!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid


            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.

            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f214430%2fshould-2fa-be-enabled-on-service-accounts%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            Canceling a color specificationRandomly assigning color to Graphics3D objects?Default color for Filling in Mathematica 9Coloring specific elements of sets with a prime modified order in an array plotHow to pick a color differing significantly from the colors already in a given color list?Detection of the text colorColor numbers based on their valueCan color schemes for use with ColorData include opacity specification?My dynamic color schemes

            Invision Community Contents History See also References External links Navigation menuProprietaryinvisioncommunity.comIPS Community ForumsIPS Community Forumsthis blog entry"License Changes, IP.Board 3.4, and the Future""Interview -- Matt Mecham of Ibforums""CEO Invision Power Board, Matt Mecham Is a Liar, Thief!"IPB License Explanation 1.3, 1.3.1, 2.0, and 2.1ArchivedSecurity Fixes, Updates And Enhancements For IPB 1.3.1Archived"New Demo Accounts - Invision Power Services"the original"New Default Skin"the original"Invision Power Board 3.0.0 and Applications Released"the original"Archived copy"the original"Perpetual licenses being done away with""Release Notes - Invision Power Services""Introducing: IPS Community Suite 4!"Invision Community Release Notes

            199年 目錄 大件事 到箇年出世嗰人 到箇年死嗰人 節慶、風俗習慣 導覽選單