So it should be optional to have 2 step verification. It is that users vault if their account is hacked. It definitely should not be mc-markets problem nor a problem we have to deal with.
Staff have to deal with those who have had their accounts compromised. Is it seriously that big of an inconvenience to click on an email link or enter a code every 30 days? It takes 10 seconds. Like I said, while your security practices may be somewhat sound, that definitely doesn't guarantee others are. By forcing 2FA across all users, it makes every account significantly more difficult to get in to, thus reducing the amount of time staff have to spend helping those recover their accounts.
Lol, 10 seconds is still 10 seconds. If you log on 6 times a day, you just lost a minute. 1 Week, you just lost 7 minutes, the year? You lost 364 minutes = 6 hours just checking your email. Even more if you are not constantly logged on to your email or you have multiple emails logged on so you need to switch between.
Like MetalMonkey said, you can trust your device for 30 days. Also consider that having you account hacked will be much more inconvenient than entering a code every 30 days.
Not at all. Considering the fact that I have to fucking type in a legitimate password that doesn't start and end with 1 and 9, I seriously doubt anyone would bother hacking me or most of the users on mcm.
Having a simple password definitely isn't the biggest issue; its reusing your password across multiple sites. Like I said, many leaks have gone public recently with plain text passwords. Any kid could just download the link and Ctrl+F for your email or username. 2FA pretty much makes this completely preventable. Check out https://haveibeenpwned.com and enter your email or username so you can see which (public) leaks you have been a part of.
I would also suggest reading my reply before making another reply and wasting my time repeating the exact same thing to you. I said avoid using simple passwords and launching random programs. I mean it is very rare that an actual hacker with malicious intentions will target your accounts and use other means than password cracking or rats to get in. I guarantee that most of these compromised accounts available publicly have been stolen for the 2 reasons stated above.
Assuming that I check log onto mc-market only 1 time a day with a time average of 10 seconds a day, I would be wasting 300 seconds a month, or 3650 seconds a year. Now 3600 seconds is equivalent to an hour. I'm spending an hour copying and pasting codes to log on to mcm, and thats if it's only once a day. I log in 3 times a day so apparently I will waste 3 hours of my future life copying and pasting random codes to log in.
If you check the "Trust this device for 30 days" option, yes it adds up to 10 seconds a month.
Using complicated passwords and not running shady programs won't help you if you are involved in a password leak. You don't understand how ridiculously easy it is to get your hands on a password leak; much easier than trying to install a RAT on someone else's computer or bruteforcing their password.
You don't know what you're talking about. When logging in using 2FA there's an option to trust a device for 30 days. Here, I'll show you:
If you check the "Trust this device for 30 days" option, yes it adds up to 10 seconds a month.
Using complicated passwords and not running shady programs won't help you if you are involved in a password leak. You don't understand how ridiculously easy it is to get your hands on a password leak; much easier than trying to install a RAT on someone else's computer or bruteforcing their password.
You don't know what you're talking about. When logging in using 2FA there's an option to trust a device for 30 days. Here, I'll show you:
You even quoted my post then tried to tell me "apparently you don't know this option exists when its written right there, in your response. I state that out of the entire mcm community assuming that 1,000 do not want to enable trust this device, wastes time checking their mails to log in once a day it would total up to 1,000 hours. You then tell me I must not know enabling trust this device exists. WTF? I went over it, and your trying to argue that I don't know it exists.
Okay, so you are defending your argument by saying "you are not allowed to post a rebuttal". That sounds like a completely fair way to debate. Either way, I intend to continue to respond in order to clear up the obvious misconceptions everyone has about 2FA since you are decrying it for no valid reason.
So you are saying that you, who is complaining about having to complete 2FA every day or so, are refusing to use the option to allow you to complete 2FA every month instead? I can only see a masochist doing that. Could you please explain to me why on earth anyone would decide not to use that option? Since you mentioned traveling people, 2FA validation is based on browser cookies, not IP address. So even if you move across the world, if you are using the same device, you still don't have to complete it. I also seriously doubt that you are traveling every day. Also, the geolocation based protection strategy you promoted is flawed. Any member in the same country can access your account and if you are traveling, well that completely contradicts your argument (not to mention that geoip isn't always accurate). Yes, I am aware you can disable it, but this defeats the point.
My intention isn't to promote arguing, but when you throw personal insults at the person trying to rebut your point, it makes it seem like more of an argument than a friendly debate.
Sorry reported. Seems to think mc-market is a place to debate and argue about opinions rather then a marketplace for offering and requesting various services.
Geolocation based protection stradegy I promoted. Ok, last time you claimed I didn't know anything, now your claiming I'm promoting random things I guarantee you just pulled out of your ass. Traveling every day and traveling to another place once every 30 days are 2 entirely different things. You are 100% off topic now and are just here to argue and thread trash. Just leave, nobody needs you to promote off-topic arguements and meaningless hate.
Please direct me to where I am throwing personal insults. I swear, make comparisons, but I don't believe I threw any personal insults. Even if I did throw any personal insults, its due to the fact that you are relentlessly trying to trash my thread with your own opinion.
I guess forcing your own opinion is fine, though.
Okay, maybe not promoted, but you definitely seemed to prefer geolocation-based security over 2FA.
Like I said, xenforo 2FA is cookie-based, so you should have absolutely no issue when moving, no matter how often it is.
I'm not in any way trying to trash your thread. You are promoting poor security practices based on misconceptions, I am just trying to correct those misconceptions. I am explaining why 2FA is enabled for everyone.
If I wanted to "attack" your thread, I would not be commenting about 2FA. I have absolutely no reason to attack you or your thread. If you consider this off topic, I think you should revaluate your definition of the word. I wasn't the first person to bring up this subject, but you only seem to be attacking me for it.
I know many people will complain about it, but have you considered a forced password reset? There's been a number of sites which have done it as a result of the recent leaks.
Not useful if there's people that are gonna set their password to 12344321 and similar low level crap.
Yeah, im traveling so I'm borrowing a computer, (hate laptops), don't want to enable 2fa on someone elses computer lol.
