Should we remove 2FA

Should 2FA be removed

  • Total voters
    24
I don't mind the 2Fa and it does offer some additional security. Can you make it an option to turn on/off at the user level?
 
k, nate's about 2 roll on this fking german P of S and his hessian hired guns b4 they sack morristown

poor nazi bastard don't kno about usa yet b/c they haven't announced it's been invented
 
If it works as advertised it would be ok. Like its supposed to recognize your browser/ip/machine...it doesn't. Its also supposed to remember you login for 60 days if you check the box to do so..it doesn't.
 
Back on old forum when registration was wide open with a primitive captcha, we had an onslaught on spam bot joins to the tune of 20k or more. It literally made the admin portal lock up just trying to find users. @Zanthious can give more detail on that.
It's not like we are trying to protect sensitive data, more like trying to make sure that doesn't happen again.
 
Good plebs would know the difference between their leader asking what to do from asking for opinions.
 
2FA should not be mandatory, I understand the desire because of spam and bots but there's a tradeoff between security and access. Decide what is more important to you, user experience, your own spam burden, or security
 
I don't care either way.

I'd say no. It's fine ... except it's not fine if the only 2FA option that is working is the email one ... because when I try and add my Authy to it ... it errors out and says it can't generate a code to register in my authenticator app

"Invalid API key"

I don't know what it is asking of me.

I used the email option and it hasn't pestered me enough since then to bother complaining about it.
 
i just use google authenticator but honestly the bots arnt any worse than some of the ppl here so its whatever lol.
 
Hellsfury said:
I don't care either way.

I'd say no. It's fine ... except it's not fine if the only 2FA option that is working is the email one ... because when I try and add my Authy to it ... it errors out and says it can't generate a code to register in my authenticator app

"Invalid API key"

I don't know what it is asking of me.

I used the email option and it hasn't pestered me enough since then to bother complaining about it.
Click to expand...
This is the backend side API it's talking about.
And Authy is not setup/configured because they charge a nickle for every time somebody generates a token
Need to find a way to remove that option from the list
 
do we not send an email with a code to verify on sign-up? as i tried to point out earlier but didn't get any reply, email for 2fa is mostly pointless security theater and if we're allowing that then what's the point
 
you've pointed that out quite a few time both here and the cord

if it's easy to bypass why worry about it and let the admins deal with it as I always assume the proof is in the pudding as it were

if there's certain posters unable to overcome an obstacle a bot can get over then maybe make a list of who we should be worried about not hearing from post apocalyptic forum migration
 
I think it would be good if you changed the 2fa code requirement to run every 60 days. 90 I think is a bit long, and 30 isnt long enough.
 
You must log in or register to reply here.
Back
Top