Remove 2 Factor Authentication Trophy

Status

SoldierAlex

Well-Known Member
Supreme
Feedback score
8
Posts
3,214
Reactions
1,319
Resources
0
I think that the Two Factor Authentication trophy (http://www.mc-market.org/threads/195517/) should not be implemented. While I do see that making it such will encourage users to enable it, those who do not have it are vulnerable to being brute forced/hacked into. If I was someone who was looking to make a few quick bucks, I'd look for those who do not have the trophy. I'd then run a brute force program with some proxies and a most common password lists. I'm sure there are a few accounts on the forums I'd be able to get in to. With this account I can be malicious and scam people using the user's reputation.
 
Type
Suggestion
Status
Implemented

Justis

Community Member
Admin
Feedback score
61
Posts
2,116
Reactions
2,412
Resources
1
You can't even see what trophies another user has though?
You can only see how many total points they have, which would be impossible to determine exact trophies from.
Unless I'm missing something, you are only able to view your own trophies from your own account, so I can't see this being an issue to worry about.
 

Justis

Community Member
Admin
Feedback score
61
Posts
2,116
Reactions
2,412
Resources
1

Jdsgames

Supreme
Feedback score
14
Posts
330
Reactions
192
Resources
0
Thanks for that.
Thought I might have been missing it.

If we keep the page, then the 2fa trophy definitely shouldn't be added.
If we want the trophy, then that page needs to be removed.
Obviously I've survived without it thus far. :p I'm sure everyone else can as well.

I don't think it should be something forced- Look at steam
Trade-locks and a long line of bullshit from all their verifications.
 

Justis

Community Member
Admin
Feedback score
61
Posts
2,116
Reactions
2,412
Resources
1
I don't think it should be something forced- Look at steam
Trade-locks and a long line of bullshit from all their verifications.
We're not forcing 2fa though, the trophy is just meant to encourage it.
Accounts protected (correctly) by 2fa are far more secure, and that's good for the entire community.
We an help you recover an account you've locked yourself out of, but we can't get back hundreds of dollars to users who've been scammed by someone who got into your account.
 

Jdsgames

Supreme
Feedback score
14
Posts
330
Reactions
192
Resources
0
We're not forcing 2fa though, the trophy is just meant to encourage it.
Accounts protected (correctly) by 2fa are far more secure, and that's good for the entire community.
We an help you recover an account you've locked yourself out of, but we can't get back hundreds of dollars to users who've been scammed by someone who got into your account.

Not really if someone gets ahold of a sim-card or other various means they get your mobile number and can reset it.
Then if anything I would suggest suggesting longer, stronger passwords.
 

Justis

Community Member
Admin
Feedback score
61
Posts
2,116
Reactions
2,412
Resources
1
Not really if someone gets ahold of a sim-card or other various means they get your mobile number and can reset it.
Then if anything I would suggest suggesting longer, stronger passwords.
We only offer email and 2fa app verification, as far as I am aware. Faking being someone else to a phone company requires more than a sim card, but even if it didn't, I don't see how that'd be particularly helpful here, considering we don't offer text verification.

I stand by my statement that accounts protected (correctly) by 2fa are far more secure.

But yes, longer and stronger passwords are ideal, always.
2fa adds nothing in addition to your current security level if you're foolish with it.
However, it's meant to be "in addition". Not a replacement, or modification.

The only reason I can think that using our 2fa methods could increase risk here, is if you were using the email verification, and had the same password for your email as you do on your site, and your email password was ever leaked.
However, that is not correct usage of 2fa.
 

Mick

BuiltByBit Owner
Admin
Feedback score
28
Posts
6,423
Reactions
7,642
Resources
0
We removed this just after it was released but I just never accepted this suggestion.

Thanks for the suggestion!
 
Status
Top