REMOVE TWO STEP AUTH

[okay]

Hello,

MCM should really remove two step authentication. I know it was recently added for security purposes but tbh, I'd rather not be secure. It's such a pain, every single day I have to check my emails in order for me to login. If I want to get on my iPad, I have to check my emails again, if I want to get on my phone, need to check my emails again. Even the "Remember this device for 30 days" doesn't work as my IP changes daily.
If it's for security purposes, I'd rather get hacked than have to enter a code every day and about four times day, that's just my opinion.
I also think it's useless, what's someone gonna do hack my account to rate their posts or hack my account to eh idk...just remove it...

 

[NoxitePlays]

agree

 

[mattypoo]

Is the "trust this machine for 30 days" not an option?

Read the post...

 

[Overlord]

If it's for security purposes, I'd rather get hacked than have to enter a code every day and about four times day, that's just my opinion.

This is why people get scammed.

nara~kavi you still want to tell me these people are clueless? They're far from clueless, they're ignorant

For the record, the forced 2FA for premiums here is pretty dumb, I made a thread on it I think

 

[thebaum64]

Hello,

MCM should really remove two step authentication. I know it was recently added for security purposes but tbh, I'd rather not be secure. It's such a pain, every single day I have to check my emails in order for me to login. If I want to get on my iPad, I have to check my emails again, if I want to get on my phone, need to check my emails again. Even the "Remember this device for 30 days" doesn't work as my IP changes daily.
If it's for security purposes, I'd rather get hacked than have to enter a code every day and about four times day, that's just my opinion.
I also think it's useless, what's someone gonna do hack my account to rate their posts or hack my account to eh idk...just remove it...

You can make it so it does not ask you on devices (aka via email) everyday. You can set it for every 30 days

 

[Overlord]

You can make it so it does not ask you on devices (aka via email) everyday. You can set it for every 30 days

Yeah, I was going to suggest that but apparently his IP changes 4 times a day. TBH, that's unheard of. I don't think any ISP does that, lol... I feel like he's either exaggerating heavily, or he's using some penny ISP. But yeah, XenForo bases 2FA remembrance based on IPs.

 

[okay]

Yeah, I was going to suggest that but apparently his IP changes 4 times a day. TBH, that's unheard of. I don't think any ISP does that, lol... I feel like he's either exaggerating heavily, or he's using some penny ISP. But yeah, XenForo bases 2FA remembrance based on IPs.

My IP resets daily, not four time a day.[DOUBLEPOST=1451272575,1451272517][/DOUBLEPOST]

This is why people get scammed.

nara~kavi you still want to tell me these people are clueless? They're far from clueless, they're ignorant

For the record, the forced 2FA for premiums here is pretty dumb, I made a thread on it I think

Why are you even here? This doesn't even apply to you...

 

[Overlord]

My IP resets daily, not four time a day.

That is what you said, I guess you removed your post since I can't find it anymore.

Why are you even here? This doesn't even apply to you...

Irrelevant. As far as I remember, that wasn't one of your fantasist rules on commenting on suggestions.

 

[okay]

LMAO REMOVED IT? Get a mid to check, it was never there stop talking shit and start opening your eyes. You have no say in this and don't even know what it is as far as I'm concerned so please stay out of this thread.

 

[Overlord]

LMAO REMOVED IT? Get a mid to check, it was never there stop talking shit and start opening your eyes. You have no say in this and don't even know what it is as far as I'm concerned so please stay out of this thread.

I don't believe in immature "mommy, he did it" kinda stuff, so no, I'm not interested in pursuing staff to check something...

http://www.mc-market.org/threads/58797/

I think that sums up what it is, and in fact I presented a thread on it Thursday, you presented yours with pretty poor logic on Sunday. Reference: http://www.mc-market.org/threads/58804/.

I'll be obligated to leave when you point me to the rule forbidding my response.

 

[okay]

I don't believe in immature "mommy, he did it" kinda stuff, so no, I'm not interested in pursuing staff to check something...

http://www.mc-market.org/threads/58797/

I think that sums up what it is, and in fact I presented a thread on it Thursday, you presented yours with pretty poor logic on Sunday. Reference: http://www.mc-market.org/threads/58804/.

I'll be obligated to leave when you point me to the rule forbidding my response.

K you win, wanna leave now dad?

 

[Overlord]

K you win, wanna leave now dad?

Sure kiddo, I got some TV to watch. You should try watching some TV too. Can be pretty fun at times - actually, most of the time.

 

[okay]

Sure kiddo, I got some TV to watch. You should try watching some TV too. Can be pretty fun at times - actually, most of the time.

I watch bigger fish.

 

[nara~kavi]

I think a good way of moving forward on this (though a way with a lot of work for staff) would be to have 2-Step on for every Premium/Supreme member but make it so that they can PM staff informing staff that they have changed their password and that they have made it more complicated and that they understand the dangers of removing 2-Step from their account. Once they make this PM to staff, staff can remove the 2-Step authentication from the user's account.

I think this method would allow those whose it's a big inconvenience for to remove it while ensuring that the majority of users are still protected from Ew and his ilk.

If there was a way this could be automated that'd be even better. Maybe just make a pop-up box that says all this and makes people click a checkbox to turn 2-Step off?

 

[montyburly]

I think a good way of moving forward on this (though a way with a lot of work for staff) would be to have 2-Step on for every Premium/Supreme member but make it so that they can PM staff informing staff that they have changed their password and that they have made it more complicated and that they understand the dangers of removing 2-Step from their account. Once they make this PM to staff, staff can remove the 2-Step authentication from the user's account.

I think this method would allow those whose it's a big inconvenience for to remove it while ensuring that the majority of users are still protected from Ew and his ilk.

If there was a way this could be automated that'd be even better. Maybe just make a pop-up box that says all this and makes people click a checkbox to turn 2-Step off?

I agree with this. This would be a good way to meet in the middle. People inconvenienced by TFA would just have to use a better password, and people who don't want to change their password could just use TFA. My password is over 20 characters long and has a combination of different numbers and symbols, so I see no reason for me to have to use TFA. Nobody is going to crack it and I don't use it for any other sites.

 

[Overlord]

I think a good starting point is for an honest reply on why 2FA is forced now?

The only good reason to be forcing 2FA is because the site's database was dumped and the server was hacked, a 'sysadmin' went malicious (I think that's something that could happen at any point) or something along those lines. In any of those cases, users should get an explanation with further security steps to protect them. For all we know, the encryption on passwords could be removed and passwords could be dumped raw. Users should know the reason behind such a security call.

So start with that, why is 2FA forced?

 

[nara~kavi]

I think a good starting point is for an honest reply on why 2FA is forced now?

The only good reason to be forcing 2FA is because the site's database was dumped and the server was hacked, a 'sysadmin' went malicious (I think that's something that could happen at any point) or something along those lines. In any of those cases, users should get an explanation with further security steps to protect them. For all we know, the encryption on passwords could be removed and passwords could be dumped raw. Users should know the reason behind such a security call.

So start with that, why is 2FA forced?

It is forced because of a former member/moderator named Ew. He has attacked the site numerous times since he was banned, even accessing another staff member's account at one point. He has recently been using leaked databases from other sites (I believe [Censored]) to obtain passwords of members and then he attempted to use them on MC-Market accounts. As some users use the same passwords on multiple sites, he was able to use these passwords to hijack these members' MCM accounts and apparently there was enough in the database for him to use that it warranted putting up the 2FA.

So, if every member of this forum were responsible and were not stupid, then there would be no need for 2FA. Unfortunately that is not the case, and many members here use very stupid and simple passwords and use them on almost every site they go to. 2FA is forced in order to protect these people, and to protect the site and other members from the damage that Ew could do by compromising these user's accounts.