Ex-Staff 2FA Requirement

That's the problem, a cheap smartphone is not reliable. I've had my 2FA manually reset because of a defective smartphone twice now which took around a week each and I simply never bothered to try the 2FA system once more because is such a hassle as long as you're completely reliable on a device that, at any time point in time, is simply too fragile (gravity, fluids, and theft for example) to be classified as anything but unreliable, does not work for me and I'm sure there are others that think the same way.

I agree something needs to be done, but I'm not entirely certain forcing 2FA is the solution.

One could argue that the reason I got hacked was the lack of 2FA, but it is more likely that, on top of my status, this just made me a target. My password was unique and secure, my computer was clean and nothing else was touched. Everyone else that had their Sythe account hacked tells us the same story and none of us are really connected through any other means than Sythe. This should lead any reasonable mind to believe it's more likely a flaw in Sythe's security than all of us being a victim of any (ridiculously specific) malicious software at the same time. Be it as simple as a brute-force or something worse, it doesn't matter if this is an issue with Sythe's security it should be dealt with as such.

Until now, the 2FA system has always been optional, unless you are an active staff member. Therefore, as an ex-mod, 2FA is optional and can not take away Sythe's liability towards this supposed security issue and should be investigated as such. Perhaps even in the format of a report, as we surely would do if it were anyone else were (unintentionally) causing any malicious activities.

Honestly, I am astonished by the fact that the hacking victims are forced to refund the victims without actually looking into what caused the hack and who should be held responsible. It is generally accepted that these cases are linked and should definitely be treated as such. Especially when debating liability. I know for a fact that most of the staff agrees, I know for a fact that Richard is(was?) looking into what happened in Sythe's back-end and and I also know for a fact that a captcha system was added to discourage (possibly disable) brute-forcing.

Why should we, the people, have to refund the victims if we are not at fault when, arguably, Sythe's security system, is!

 

Support this as I experienced it first hand....
>.>

 

I'm going to give my support to this, it will certainly make their account securer and there isn't a real reason not to have it.

 

Please god don't make me enable that shit.

But on a less "me being a lazy sack of shit" note, it is a rather good idea.

 

You can use 2FA on your own computer if you want. It won't help much if your computer is compromised but it will stop people from accessing your account if they are able to get hold of the password which I'm guessing is the problem atm.

I fully support this.

 

Someone try to log in to my account and they locked me out... I ended up enabling it after. It's a good idea and its probably a good idea to have it as a req for OMMs as well if it already isn't.

 

You can also use your computer.

 

Support, I don't see why not. Easy to put it on, and there's no way it would be a bad thing in any way

 

I'm all for this as well, it's not a lot to ask and it helps out heaps.

 

rofl that was me for real, check ip logs

also, yeah, good idea

p.s. i'd love to see laptop as a mod again, he's a great kid, shows initiative.

 

Already a requirement.

 

Also Fishfishy.

+1 support, there's really no reason not to be 2fa'd, especially with staff or ex-staff rank.

 

Uh, no, the rank is earned and in no way conditional. There are people on this site that are, you know, actually capable of securing their accounts.

I've been around for 7 years, staff for at least 2 of those years, never been compromised. Although some dumbasses here desperately need it, 2FA shouldn't be a requirement.

Point of this thread in Laptop's eyes: They didn't give me ex-mod therefore less people should have it.

 

Supporting this.

It doesn't hurt to enable it.
Just makes things more secure

 

As is typical with Sythe, create rules around the least educated. As well, without 2fa, nobody can be "secured" completely. These mods were, it's extremely likely, hacked as a result of the recent db leaks. All at the same time and all previously inactive.

 

Support 100%. If you want to keep the rank, you must keep your account protected at the highest level of security. It's a fair compromise.

 

Support. And I hope existing staff all have this too. There's really no excuse or downside

 

Doesn't really fit the definition of a compromise.

This. People's account security is their own responsibility.

 

Uh... no

These ex-mod accounts didn't have 2FA (for whatever reasons) and at least 3 were used to scam, therefore they were either hacked or faked hackings (I really doubt all 3 would go to the dark side).

Reading posts on here it seems like at least one person or more is targeting ex-mod accounts to scam with, so if you want to keep the ex-mod, you are expected to maintain security on your account. Plus, there's no guarantee you will cough up the money if you did get hacked, so it's much safer to just guarantee that they will be safe.

At the end of the day - 2FA is secure, if you have it on your phone, you're pretty much untouchable. All ex-staff should have it enabled anyway, without the need for a requirement.

 

What's your definition of compromise?