Ex-Staff 2FA Requirement

Compromise is a median between outcomes preferred by two parties. This isn't really a compromise because it's "2FA or else".

I think everyone would be well advised to use 2FA. Ultimately, it is their decision whether or not to use it though, they can weigh the chance of their account being compromised vs the minimal drawbacks of enabling 2FA.

 

Not why ex-staff are solely the ones being targeted here. A lot of users have been hacked and had their profiles used to scam someone else. Removing their ex-mod/ex-admin rank doesn't make it impossible for a hacker to scam with their profile.... Also since most if not all of the 2FA apps require some sort of mobile device such as a smart phone, assuming that all ex-staff ranked members of the website don't already have one, they shouldn't be required to spend money on one just to maintain a rank they earned via contributing to the website..

 

Makes a lot of sense / would help the community.

 

Just about everyone has a smartphone these days, this is 2015 now. You can do 2FA on a computer, but if your computer gets infected... well...

I am going on about ex-staff ranks because they are worth trust and a lot will go "well, if they used to be on the staff team, they must be trusted!" without a second thought to if they may be hacked or not.

Removing the ranks won't stop them being hacked, no. But it will lower the value of the account if it did get hacked. Now if the owner of the account doesn't want to lose their rank or value, get 2FA. There's no excuse not to, ex-staff or not.

 

I heard you were on the staff team. You don't have an ex-mod rank because you're not trusted? Lol

But, so you're saying, if you don't have a smart phone you need to get it, because using a computer to verify could be just useless considering it could be infected?

I know a lot of people who don't have a smart phone so having them spend money to keep something they've earned is absolutely ridiculous.

 

Your incapability to sympathise shows once more, your whole point of reasoning stems from YOUR opinion and can therefore be disagreed with.

You say there's not one excuse not to have 2FA, yet you have been given several reasons as to why the 2FA system does not work for everyone, I myself included. Yet you can not, or simply will not understand that every opinion, even those who disagree with you, are as valid as yours. You can not, and should not simply shrug them off as wrong without proper reasoning to back up your claim.

 

It isn't safe to assume that everyone has one in 2015, nor would it be right to expect any current members of the website with ex-staff ranks who don't have one to purchase one in order to use 2FA.

Also regardless of the fact that accounts with Ex-Staff ranks may be found to be more trusted than other accounts, the rank being removed from their account will not stop it being used to scam... Pretty much any account that is hacked can be used to scam as has been proven time and again. The hacker isn't going to lose interest in the account just because it isn't ex-staff anymore. Not to mention the hacker can simply tell the person they're ex-staff and show evidence of the account previously having been on staff which i'm sure isn't hard to do.

Furthermore your last claim that there's no excuse not to is invalid. Just because you, myself, and many others have 2FA active on their profiles, does not mean there is never an excuse not to have it active, like James said above.

 

I was demoted for trust reasons, yes. But no one really knew me at the time, otherwise it would never have happened. Better safe than sorry basically.

As I said before, pretty much everyone has a smartphone these days. If not, you can install it on your computer. It's highly unlikely people will get on your PC if you know I.T. well enough. But if you have a phone, pretty much impossible.

If we had a majority vote, more ex-staff would have smartphones than those without. You yourself have been hacked recently also (but you managed to stop it in time), so why are you in favour of it not happening and possibly happening to others?

The majority do have smartphones, read my response to James above.

I know that, but an account with an ex-staff rank is worth more than one without. The hacker could indeed show it, and then the person would go "well, where's your ex-mod rank then?".

 

Then the person could simply state it's due to them not having 2FA - the same thing the legitimate owner of the account could state... Trading with an account that doesn't have 2FA =/= trading with someone who isn't trusted or a hacked profile. Just because they're ex-staff and don't have an ex-staff rank won't necessarily throw up any red flags to most people on this website.. Also an account with an ex-staff rank isn't necessarily worth more than another account. Ex-staff are more likely to have ties in the current community making it more noticeable if they were to be hacked /etc. Another person who isn't staff (even someone trusted) could be hacked but it would be harder to notice and thus the hacker could potentially have control of said profile longer.

 

A lot of people just come here to trade. They're not gonna have any idea who is who, so if they see a hacked staff member's account with an "ex-mod" rank on it they'll just trust it instantly.

This is getting silly now, there's no reason not to enable it at all. Anyone who is legitimate would want everyone to have 2FA enabled.

 

Farcast has a good point. Not everyone needs the extra security to remain safe. There a plenty of other ways to keep your Sythe account "unhackable", including random character passwords, periodic password changes, virus scans, etc.

I personally have the 2FA because it is easier than the other methods. However if the 2FA app is compromised, the people who took to time to secure their account, rather than use easy-mode-2FA, would be the safe ones.

Giving information to a third party is always risky, I can see some people having a big problem if this were required.

 

If you're applying this to ex-staff, then it is only fair that we should also apply this to any and all donors, or they'll lose their donor perks.

After all, by your logic, they are more trusted than a member without a donor rank.

 

Donation ranks involve donating actual money, ex-staff ranks do not require money to get. It would be common sense for donators to have 2FA, as they've actually put money into the site.

 

Your argument is based on the fact that more trusted users, in this case, ex-staff, should have 2FA for extra security.

Donors are also more trusted than the average user. The resource is irrelevant (time, money, etc.)

 

That all depends on the amount donated. A donator would most likely enable 2FA as they had put money into the site.

 

Should still be able to opt-out without punishment in my opinion. If someone's willing to take a small risk/secure their account through other means and not use 2FA they should have that option but are responsible for their account in case of hacking.

I think the bigger issue is making sure all of the inactive ex-staff are temp-banned.

 

This is my point. Do you see where this becomes a slippery slope? Forcing a select group of members to do something in order to keep their ranks is not a good idea.

Users should be able to use their own discretion with these types of situations.

 

Hello Laptop,

Evidently, communication is very hard for you, and that's fine. You talk a lot, you have your own meaning and stick to it...but communication actually relies on both parties listening to each other, too!

You've quoted my message, that's completely fine and even expected if you want to respond to me, but your message, once again, is completely unrelated and has the sole purpose of backing up your own argument. Funnily, on the previous page, I already tended to the exact issue it brings up. It's right on the top of the page, I don't know how you could have missed that.

Which makes me wonder, if you don't even read the comments on your own suggestion thread, what are you trying to accomplish here? Are you looking for a solution to the problem at hand or are you simply trying to push through your 'solution' to the problem? Either way, here is the post:

Direct Link to the complete post: http://www.sythe.org/14652431-post21.html
Direct link to a screenshot:


That being answered, I believe you had one last statement directed at me:

Once again, this has already been answered before you even ask the question. It's in the same post!!

I will say it again, because apparently last time I was not clear enough. Just because you have an opinion on a specific matter, does not render everyone else with a different opinion on the same matter to be erroneous.
Cooperation will get you further than ignoring the ones trying to help by pointing out the flaws in your logic.

To answer your earlier question, I repeat:

Now that I'm sure you realise we're on the same team, can I get some constructive, related responses to my earlier comments ?

 

James and Farcast are right in this situation.

You can force a certain usergroup to get 2fa just because you believe they are more trusted.

If that were the case we would have to force anybody with a fun rank or any high donors to do the same.


Also saying "most people have smartphones" does not mean all users do. Yes we have the ability to do it in the computer but that's useless if our computers are comprimosed

 

Does anyone have a better solution then other than forcing it? I said to force it because there are ex-staff accounts out there that no longer log on, so if you make it "highly recommended" by sending a PM out to the ex-staff accounts, not all of them are gonna see it as some no longer use the site. That's why my suggestion is to first lift it if they don't have 2FA.

Now if an ex-staff member wants to argue it and say they believe their account security measures are good enough without 2FA (even though there are no negatives from enabling it on top of all your security you have already), then maybe they can be excluded from it, provided they make a good argument.

Just because 1 out of 10 people don't have a smartphone (or some other reason that renders them unable / unwilling to activate 2FA), surely it will be better off for the majority that do have it enabled?