Give away Medal for having 2 Factor Authentication on

Status

Maddy

Proud Gamer
Supreme
Feedback score
87
Posts
1,729
Reactions
1,550
Resources
0
After seeing two people just say they scammed out within 5 mins of each other in shoutbox, I think that there should be some sort of award for having 2fa on.
This would get more people to turn it on. I did because someone was doing a giveaway where you had to turn it on to be able to win.,
 
Type
Suggestion
Status
Denied
PebbleHost
High performance, consistent uptime and fast support. Minecraft hosting that just works.

US

I only deal on mcm.
Supreme
Feedback score
38
Posts
245
Reactions
272
Resources
0
Then the hackers know who to go after (the people without the medal). Not a good suggestion
 

Geek

Mom of BBB
Support
Feedback score
11
Posts
898
Reactions
267
Resources
1
So now it has come to the point people need to be rewarded so they do not get compromised?

I do not see any pros to this. People shouldn't have to be rewarded to enable 2FA.
Exactly. Their reward is not being compromised. Not to mention, it's becoming more normal to have 2FA enabled anywhere possible. There's really no reason because in all honesty, it doesn't benefit the site (such as Generous or Retired Staff), it benefits the user.
 

Ally

gσ∂∂єѕѕ σƒ мαтнѕ αη∂ мєℓσηѕ χσ
Supreme
Feedback score
37
Posts
2,042
Reactions
2,194
Resources
0
I did because someone was doing a giveaway where you had to turn it on to be able to win.
Yeah I believe I did one in the past.

I like the idea and I understand where it's coming from, but a medal is not the best place to put "I have 2fa enabled, I'm safer!". (Medals are used for other things entirely, like donations and retired staff). There should be some form of encouragement, absolutely, but not via medals.
 

Geek

Mom of BBB
Support
Feedback score
11
Posts
898
Reactions
267
Resources
1
Yeah I believe I did one in the past.

I like the idea and I understand where it's coming from, but a medal is not the best place to put "I have 2fa enabled, I'm safer!". (Medals are used for other things entirely, like donations and retired staff). There should be some form of encouragement, absolutely, but not via medals.
Maybe a trophy instead even though trophy points are useless
 

Ally

gσ∂∂єѕѕ σƒ мαтнѕ αη∂ мєℓσηѕ χσ
Supreme
Feedback score
37
Posts
2,042
Reactions
2,194
Resources
0
Maybe a trophy instead even though trophy points are useless
It would be appropriate, considering that it tracks messages and your amount of days on the site.
 

alice

Supreme
Feedback score
24
Posts
310
Reactions
178
Resources
0
I do not see any pros to this. People shouldn't have to be rewarded to enable 2FA.
Sythe does, and it's a much larger market/forums than this one.

A simple badge encourages users to enable 2FA. It also distinguishes professional traders from the ones who don't really care.

If McMarket really cares about keeping users' accounts from getting compromised, first start by getting rid of threads like this https://www.mc-market.org/threads/520710/ and start encouraging good security practices, even forcing them. Kids on here don't know shit about security so they feel like it's ok to post their personal e-mail address since they see that everyone else does.

However, an e-mail address serves as a much stronger personal identifier than a username does, and more than half of the e-mails on that thread are associated with multiple database leaks (feel free to check them on https://haveibeenpwned.com/) This more than likely means that you could hack MULTIPLE accounts in that thread, with little to no effort. Threads like that are a gold mine for hijackers.

I reported that thread MONTHS ago and it just gets denied. I've brought it up multiple times in posts. It just gets ignored. Staff isn't really very smart when it comes to things like that. I would've for sure thought that at least Justis would have been against it, given his principles and how you're not really allowed to leak personal information anyway when it comes to other things.

An even bigger issue is the lack of login verification, which would provide more leeway to the above issue and make it harder to hijack accounts even if you found out the user's password. If you're logging in from a new device with different cookies/IP address, then you should have to confirm it via e-mail, no exceptions. Every website/company/application does this, from Gmail, to Discord, Instagram, Facebook, etc.
 

styx

Deactivated
Feedback score
3
Posts
79
Reactions
37
Resources
0
To be honest, it doesn't devalue medals. The only reason people are opposing this is because they have medals and want to feel special. One medal doesn't devalue medals, I agree to this. It would also encourage users to use 2FA because as we can see from the banned users, a lot of "compromised accounts"
 

blonde

闪耀
Premium
Feedback score
17
Posts
497
Reactions
146
Resources
0
You are held responsible if your account is compromised, and 2fa is an (optional) tool given by MCM to help prevent this. I don't think you need to awards users for using it.
 

Ally

gσ∂∂єѕѕ σƒ мαтнѕ αη∂ мєℓσηѕ χσ
Supreme
Feedback score
37
Posts
2,042
Reactions
2,194
Resources
0
The only reason people are opposing this is because they have medals and want to feel special.
Excuse me? How about you actually read the legitimate arguments against this suggestion properly, and stop belittling the people who have actually made an effort.
Sythe does, and it's a much larger market/forums than this one.

A simple badge encourages users to enable 2FA. It also distinguishes professional traders from the ones who don't really care.
Pardon me for not quoting all of your post. You're absolutely right in that there should be a reward. Let me point out that Trophy Points are a more appropriate place to put it (not medals) - and I absolutely agree it would be appropriate there. Trophy Points are, well, non-unique at this point but they get the job done (and very few people pay attention to medals especially, regardless).
If McMarket really cares about keeping users' accounts from getting compromised, first start by getting rid of threads like this https://www.mc-market.org/threads/520710/ and start encouraging good security practices, even forcing them. Kids on here don't know shit about security so they feel like it's ok to post their personal e-mail address since they see that everyone else does.
The intent is good but the nature of it isn't. At the very least it would be encouraging 1.18, however it is arguably "safe" to share your email. But honestly, it's just plain stupid to share your paypal email to the whole world in a single location. Over 50 cents. I mean don't get me wrong, I've shared my paypal email in the past. On a scale like that though, it's just farming accounts.
If you're logging in from a new device with different cookies/IP address, then you should have to confirm it via e-mail, no exceptions. Every website/company/application does this, from Gmail, to Discord, Instagram, Facebook, etc.
I think XenForo does it via Geolocation; within a certain location you're fine, and outside a certain radius you have to verify your IP. It can be turned off though. Every IP would be too much though. I have dozens, if not hundreds of IPs that I've used just moving from place to place, router to router (and on and off again - thanks dynamic IP) - and logging in is a pain. Also - if you don't have the appropriate cookies, you already have to login anyway since your session info is stored in the cookies anyway...?
 
Last edited:

Mick

BuiltByBit Owner
Management
Feedback score
28
Posts
6,413
Reactions
7,704
Resources
0
As many others have said, I don't want to make it obvious to everyone who has 2FA enabled and who doesn't, since that just makes people without it even less safe.

Maybe having it enabled could contribute to a higher score in the trust factor system that's being developed.
This is a cool idea for sure, I'll have to keep this in mind.

Denied, thanks for the suggestion.
 
Status
Top