2 step verifcation

Description: Share anything in relation to wohlsoft.ru. Suggestions, problems, questions, etc.
Moderators: Semi-moderatos, Moderators

2 step verification?

Yes
1
Chanceux2
100%
No
0
No votes
 
Total voters: 1
Chanceux2
Topic author, Honourable citizen
Honourable citizen
Avatar
Chanceux2
Topic author, Honourable citizen
Honourable citizen
Reputation: 2
Posts: 35
Joined: 10 Oct 2021

Post #1by Chanceux2 » 11 Nov 2021, 0:00

So I almost forgot my password to this site and it made me think about hackers. But then I thought "OH yeah, 2 step verification." but that doesn't exist on this site nor does it on SMBX Forums.

So I have an idea. On both www.supermariobrosx.org and here, there should be 2 step verification. I know hacking isn't really a big deal here since the community isn't as big, but at some point, someone is gonna want to hack for some reason.

Feel free to disagree with me
Staying on this forum due to being Banned on the smbx forum. Can't wait to see you there

Wohlstand M
Lead Developer
Lead Developer
Avatar
Wohlstand M
Lead Developer
Lead Developer
Age: 29
Reputation: 472
Posts: 1670
Joined: 15 Feb 2014
Location: Moscow, Russia
Website Youtube channel URL Skype Tencent QQ

Post #2by Wohlstand » 11 Nov 2021, 12:30

If you forgot the password, the password reset form always exists here: you can type your email or nickname to request the password reset and check your mailbox for the restore link.

While two-factor authentication adds a stronger security layer, it also adds two cons:
  • Users will have a more complicated process of the authentication that requires them to do something also than they did typically (copy-paste the code from email or phone, use fingerprint to confirm some, etc.)
  • Once you got the email/phone lost and/or smashed by a roller, you'll lose the ability to log in because the required authentication component was lost. That will require you to contact any staff by separated ways, and, additionally, confirm you are not a camel the actual account owner and not the random hacker who performs the identity fraud. However, there is a sort of emergency codes concept possible that users can export somewhere and re-use as a rescue way to log in if they lost the required device to log in.

If add it, make it being optional, to allow users to choose between convenience and stronger security. Anyway, I will need to check out how it is possible to be made in the most independent way to avoid external services use, I don't trust them (except for some cases). Also, make sure it won't harm the work of Chinese users (most foreign services are banned for them).


Return to “WohlSoft.ru”

Who is online (over the past 5 minutes)

Users browsing this forum: 1 guest