sign in security (2fa)

[lyney]

still going to bump this up! while cs itself has not been compromised, and the hackings themselves have stopped (as far as i'm aware), i still feel that 2fa would be super helpful. we've made brilliant steps in the right direction, but 2fa can help prevent issues like this from occurring in the first place.

[ARACHNOPHOBI4]

Support! For safetyyy!!! * riots but in a friendly way *

[Adamented]

Support!

I think the people expecting one Mod to have the power to inform the entire userbase without necessarily being fully informed themselves have unrealistic expectations. The answer to not knowing and not having information is not to assume and spread misinformation, it's to ask for a comment from the staff and be patient while they- working as hard as they can to keep the site you love functional- do their best to handle the situation and deliver the information clearly and completely without misinformation.

We need to remember CS Staff are human too! They need time to do their jobs correctly, there's much more on the line for them if they accidentally perpetuate bad info. Unlike the users using ignorance as an excuse to spread hearsay.

[sourskvll]

support

[conarcoin]

i would really appreciate the ability to link my cs account to authy - i prefer it over all other 2fa (email, phone) as it doesn't require me to put personal information into a site and also doesn't rely on me being able to access my email account in the offchance that my email is compromised or i can't access it for some other reason. instead, i just open the authy app on my phone and grab the code and go, and i have everything in one place, and i can rest assured that even if authy were to be compromised they would not have access to my accounts through it.

[larn]

Support! My accounts on other websites have been saved so many times because of 2fa and I would hate to lose my CS account through hacking.

[Simon]

Thank you for the thoughtful suggestion. We have discussed this and came the the conclusion that we have to decline this suggestion for the following reasons:


-Implementing a third-party sign-on solution comes with a big technical cost for a security benefit that isn't any better than using a unique password on every website

-Many users would get locked from their accounts if they lose their phones or something similar, which will create a lot of administrative problems for our staff. The recovery pathway for lost 2-factor on websites is based on reconfirming ownership of your email account, and we will be using that same reverification of email account in our own login security features instead, without causing drama when trading in for a new phone.