Force 2FA for premium/supreme

Tulip · Jul 21, 2016

With all the hacking recently, I think it's time we force all premium/supreme users to use it. This would be extremely easy to implement, I believe all it is is one xenforo permission.

Ireland · Jul 21, 2016

Tulip said:
With all the hacking recently, I think it's time we force all premium/supreme users to use it. This would be extremely easy to implement, I believe all it is is one xenforo permission.

Great Idea we really need this.

Tulip · Jul 21, 2016

Deleted User 15396 said:
REDACTED

Problem is that's clearly not working, how many accounts have been compromised? 10? 12? Although the email option wouldn't stop all attacks the phone one would, and that would have stopped at least a few attacks

Tulip · Jul 21, 2016

I_Shave_My_Balls said:
^^^^

However, keylogging & shit... oh wait you said use common sense, well, yeah. That solves a lot of fucking problems.

Regardless of if we tell people that, it's not going to stop these hacking incidents. This is the best option imo.

Arshi · Jul 21, 2016

+1 but I dont have a phone

Tulip · Jul 21, 2016

I_Shave_My_Balls said:
Although I really enjoy 2FA, I've had a lot of people come at in the past six years and none of them even got close to getting through my passwords alone. People just get hacked for being fucking idiots with no common sense.

2FA should be a choice, not enforced. If people don't want 2FA let them be, if they want it, they'll enable it.

Yeah, that's you. You're more security minded than the 10 people that got hacked.

The bottom line: This is the only way to ensure people will keep their accounts as safe as possible.

Ivain · Jul 21, 2016

Force this, force that.
People should be informed of it, but not everyone has a reliable phone that they wanna be using.
And email's only good if you've got a secure server. It's not gonna cut it. And why only premium and supreme? What makes us so different? that delusion that someone with donator ranks is more trustworthy?
Maybe someone should write a little blog about how to make a password that a hacker won't get through in 10 mins.

Tulip · Jul 21, 2016

Ivain said:
Force this, force that.
People should be informed of it, but not everyone has a reliable phone that they wanna be using.
And email's only good if you've got a secure server. It's not gonna cut it. And why only premium and supreme? What makes us so different? that delusion that someone with donator ranks is more trustworthy?
Maybe someone should write a little blog about how to make a password that a hacker won't get through in 10 mins.

I say premium or supreme because only those ranks have access to 2FA in the first place.

Marth · Jul 21, 2016

Yeah uh valves 2fa did want to make me kms, not too excited if it gets implemented here

Arshi · Jul 21, 2016

I think we should have site generated passwords just like bustabit

Nrevi · Jul 22, 2016

Some people like me are lazy to do it. If you want to be safe just make a 2fa, if not you're responsible for your loss. -1 sry fam

Ajdin · Jul 22, 2016

We already get a bunch of people not being able to access their account because they lost access to their two factor platform. Forcing it would only make it worse.

We had it forced a in 2015 and the community didn't like it at all. I don't think it should be implemented for this reason.

Want extra security on your account? Cool, good to hear. You had a bad/leaked password and account got compromised? Too bad, we're not going to babysit you.

Ajdin · Jul 22, 2016

avsterbone said:
But you will censor the word "p*rnh*b". Seems legit.

There's a big difference between babysitting and censoring a URL to inappropriate adult content.

Force 2FA for premium/supreme

Tulip

hi

Ireland

kek

Tulip

hi

Tulip

hi

Arshi

Giving out Free Bleach <3

Tulip

hi

Ivain

Master Terraformer

Tulip

hi

Marth

strictly biz

Arshi

Giving out Free Bleach <3

Nrevi

Ajdin

I used to be a big deal on here but now irrelevant

Ajdin

I used to be a big deal on here but now irrelevant