Make 2fa Mandatory In Specific Cases(Thoughts?)

What in the world...

Example:

http://www.sythe.org/showthread.php?p=15243683#post15243683




Back When I was Hacked months & months & months ago, I was literally told(not asked) to add 2fa to my account or I'm not coming back.


Why has this policy been relaxed?

If someone has been infected with a virus, I dont see why in the world sythe would risk them as a liability.


I UNDERSTAND not everyone can use 2fa, but if someone is infected with a virus & their a liability to sythe, if they cant use 2fa then mabey they shouldnt be using the forum if that puts everyone else at risk.


I'm not asking to restrict anyone else besides people who have knowingly been hacked/infected, I'm suggesting that a new policy is enforced in the dispute forum where users MUST activate 2fa if they have been infected by a virus or hacked.


This seems like a logical step to make & one that should of been in place a long time ago?



There's no downside, How hard would it be for someone to have to 2fa their account and post a virus scan instead of just a virus scan? 2fa takes 30 seconds to do literally.

*It's automated, no staff time will have to be burned up doing it manually.
*It means the community is safer
* It means staff no longer have to worry about that user being hacked
* It means that user no longer has to worry about being hacked again

This seems like a really really easy thing to do and have a seriously large amount of upside to it with minimal downside.


Thoughts?

 

No support free market we want to support easy user growth on sythe

 

Easy growth?


You mean the 1% of users that are hacked & violated is what you want to GROW, those are the people you want to make it easier on to get back into sythe.org?


Also what in the world are u talking about the "free market"? I'm asking for KNOWN USERS THAT HAVE BEEN HACKED TO HAVE TO APPLY 2FA BEFORE COMING BACK, You think its better to let them come back without 2fa and get hacked and 10 people get scammed? This isnt a free market decision I've thought it through for a long time, this is a security precaution that has major upside.


Your comment makes 0 sense.

 

It's up to the user's to keep their information secure. If they are in a position of trust, they should know to keep their information secure. If not, they are liable for damages, and should listen to staff thoughts on whether they need to add additional security or not.

Would you force students who attend American schools to wear bullet proof vests for protection against being shot in a school shooting. I'm not aware of the numbers, but I'd go out on a limb to say it's 1% or less, as you quoted above. While this example may be to the extreme, I don't see this working. For staff, OMMs, etc., it is a necessary step if the user wants to take on additional responsibility. Otherwise, it's up to them to keep their account secure, or accept the repercussions otherwise.

 

I disagree, its not up to those users.

Those users are a liability to sythe.org which means its up to staff, not those users.

Would I make kids wear bullet proof vests ?no


But if someone had previous gun problems at school, would I sure as hell provide them with a security guard to walk with them or keep a better eye/put more precautions on them?absolutely.


This is a precautionary thing which protects alot of people for a little amount of work.


So far I havent seen one logical or well reasoned arguement against why this would be a poor idea, I'm not trying to dictate to users just protect the community & those users that have problems keeping their accounts secure.


Would like to hear more stances/thoughts.

 

Isn't a smartphone required for 2fa? If yes then no support.

 

You can set it up on a computer as well. It won't protect you very well if your computer is infected, but it'll still protect you from things like database leaks.

 

Teamtofu answered, its possible to use both a comp & phone.



Frankly I would guess 90% of these users who are compromised have a phone anyway, the rest can certainly do it via computer.



Still would like to hear other opinons no-one has given anything catastrophically negative or even a well reasoned arguement so far tbh.


Still looking to hear anyones thoughts that I might of missed.

 

I'd support making it mandatory for certain cases like mods, OMMs, but these people probably already all have 2fa.

Like others have said, it's up to the user to decide if they want to protect their information or not. Ultimately, if they are a legit user the burden is on them to pay back the victims of the scam - they are the ones paying the price for not keeping their account safe.

 

Support , fair to ask people who have been hacked to take steps to prevent hacking

 

I don't even think this is a bad idea. Support IMO.

 

Nope, if I ever got hacked I would like to return lol.

 

Last I checked if u read the above comments, u can use 2fa with both phone & computer so I assume u have one of the above considering u just posted lol.

 

I use my Smart TV to post.

 

No, not going to happen.

Do you see what you're saying here?

Yet, you are saying it would be OK for someone to set up 2FA on their computer? even though their computer may be compromised?

Not everyone has a smart phone and setting up 2FA via a computer (potentially infected, possible potential to be infected) is defeating the purpose of having 2FA which promotes nil security.

 

I literally not 1 minute ago just had a $200 donor banned for being hacked before he could scam.


None of you guys realize how many people are compromised on a daily basis and how many times it ruins someones chances of coming back to sythe, when I was hacked and used in 1 scam it nearly broke me for 35m 07 back then.

I'm not SUGGESTING THEY PUT IT ON THEIR COMPUTER I'm suggesting THEIR MADE TO ADD IT.

90% of users will use their phones to add 2fa when required.


And clearly u didnt think this through:


User a Is hacked and scams 100m 07.


User a repays 100m 07


User a is told to post a virus scan then activate 2fa on his account


So now User a is virus free & has 2fa on his account.


How many people are going to target a 2fa'd user hmm???


Also something else u said that made no sense:


If user A was hacked but has now posted a virus scan & is 2fa'd why would said user be at risk having 2fa on his computer?


If you really think hackers are going to GUESS AND HOPE THAT THE USER THEIR RATTING HAS 2FA ON HIS COMPUTER AND NOT HIS PHONE UR KIDDING YOURSELF.



Still havent had a single viable argument against this, waiting for one.

Looking for thoughts & community opinion all is appreciated in support or not.

 

Getting 2fa via computer is useless if you get hacked certain ways just fyi.

90%! what a statistic! where did you get it from? how much research went into that?


Owait.

5char but bus ignored lol. I'll enjoy watching this suggestion get denied.

 

I put it here for community input but honestly only staff would likely get this suggestion, I put the thread here for people to point out logical errors In thought I might of made.


So far I've heard nothing but a bunch of bull lol, I couldnt care less if it gets denied or accepted but I know how many hacked accounts I alone report a day and new users on sythe are right to be scared of donors without 2fa at this point lol, I was mainly putting this out there so I could see what firez/staff think of it.


I've thought this through for a long long time, this is the first suggestion of several I've thought of & I think should be implemented.

 

What about us that use Smart TVs? I don't think telling a 6k post user to fuck off is the smartest idea.

 

Sigh I cant help everyone, perhaps an additonal 2fa thing could be made for you guys later on.


Suggestions arent perfect and not everyone likes them the best I can do is help the majority over the miniority, very few people use smart tv's to my knowledge(I'm guessing here) and the amount of those people hacked is likely extremely low.


I suppose if you dont have a device that is compatible with 2fa it is possible to wave that requirement if u are ever hacked is the best solution I have :l.


I ran this by multiple people & a couple staff and it seemed to get strong favorable reception and I havent seen an issue here yet which would ruin this suggestion.