Ex-Staff 2FA Requirement

A better alternative is not necessary to invalidate another theory.

 

How is it better for the people who already have 2FA, what would change for them?! You have completely lost me here.

 

I fully support this

 

I am on about those that don't have it enabled.

 

Support! If your ex-staff you should definitely be required to have this your as accounts look very trusted to new users.

 

Even if this doesn't pass, could we at least have all inactive ex staff have their user titles temporarily removed until they either activate 2FA or make staff aware that they won't?

 

Support,surprised this isn't already a thing tbh.

 

Support, Don't see why this wouldn't happen tbh.

 

makes sense to me

 

Why only ex-staff? Shouldn't this apply to all staff, and all businesses. For example RS2Pleasant?

 

Staff already have it as a requirement (among other protection methods) as for Market users, well you can't really make every market user have 2FA (even though that would be pretty cool).

As for R2, he's Market Mod currently, so he has 2FA enabled regardless of being a market user or not.

 

The same should go for ex staff. Who's to say that some top notch gold seller/market god isn't more trustworthy than an ex staff member? While I personally think 2FA should be enabled on every account possible, there shouldn't be any reprocussions from not enabling it (eg. taking away Ex staff rank, etc.). It should be recommended (like how it is), but not forced upon..

 

Maybe you should look up how many ex-staff accounts have been seemingly hacked recently and used to scam. A market user who wanted to be successful would 100% enable 2FA anyway, as their #1 concern is people trying to hack them to scam with.

 

I only took mine off cause I changed phones lol. Didn't really help me in any way

I'd support this, but it's their account and they have every right to choose.
We have no power, whereas staff have powers on the forum. 2FA for staff makes sense, even with the other defence procedures in place for staff accounts.

 

Ex mods keep their rank in exchange of elevating the security of their account to the highest level possible. Sounds like a good compromise (agreement/settlement) to me.

The request is not unreasonable by any means. It can be done on nearly any device with wifi capabilities, this includes your PC.

The rank undoubtedly holds substantial weight. Can you blame anyone for trusting users with said rank? Of course not. What we can do is protect other users from falling victim to a continual account heist. Not only are they putting themselves at risk by not securing their account to the highest level, but they are also putting everyone else at risk who comes across them in the market.

I don't want to hear anything about not having devices, or trusting your PC to do 2factor on. This is 2015. You should have at least one device in your possession that is capable of the procedure. Heck, android tablets go for $40.

It makes sense to add the requirement since you must have 2fa enabled to become staff.

 

Ex mods already have their rank, threatening to remove it is not a compromise.

It isn't unreasonable to enable 2fa, but some people don't want to use it.

It's their own choice to put their account at greater relative risk. It is the choice of other users to trade with them, go first, and not use a middleman.


It doesn't stop with Ex-mods however. Many high profile market users have been hacked a lot recently. Everyone should have 2FA if they value their account security, but if they don't and manage to get their password stolen, ultimately they will pay for it.

 

Same thing can be said for staff when it was made a requirement. I don't think you understand the stature the rank holds. If sythe users are being fooled to thinking that because you donated, it makes you trustworthy, what is an ex mod rank to them? The credentials for obtaining the rank is the same for being a current staff member. That is why the requirement should be made.

Ex staff post 2fa requirement would still have 2fa enabled, so why not make it requirement for all ex staff members? It doesn't make sense to divide the sensible approach by laziness and selfishness.

You're acting as if 2fa is an irritant to use. I've only ever used the app 3 times (not counting when I deactivated it for switching devices), which only takes less than 20 seconds to handle. All you need to do is save the password and you won't need it again unless you're on a different device.

Your argument is feeble. You're trying to defend users who hold something worth of high reverence to disregard something that benefits everyone out of selfishness. When you put yourself at risk of being hacked on this forum, it affects everyone. The act of enabling 2fa is not an intolerable demand by any means. Arguing otherwise is comical.

 

im now a believer

 

Ex-staff do not have any of the powers that staff do, this is a meaningless comparison.

Irrelevant, and also wrong.

Account security is the responsibility of the account owner. If I made my password "1234" and disabled my 2FA, and got hacked, I'm the one responsible for it. It doesn't affect "everyone".

Moving the goalposts. First it was a "Compromise", now it's a demand?

 

An active market user is more likely to pay back scammed funds if their account is used to hack, whilst an inactive ex-staff may not pay them back as they have no interest in the site anymore. That's why it is important for ex-staff to have security on their account, if they are inactive and get hacked, they may not pay it back. An active market user would because they make money off the site and would want to continue doing that.