2FA Policy Change Request

Benjamin Ng

• 23. Mai 2023 10:14

2FA has been a problem because we are only using 3rd party applications. If we have a cell phone on file, 2FA using phone authentication should be on as default. This will save a lot of issues when users lose their 2FA authenticator if there was a new device change. It will also allow users to recover their accounts more effectively. 

Alternatively, there can be a implementation of security questions to verify the identity of the user for added security. This will allow support staff to easily authenticate the user as the original owner and allow the user to recover their account via support ticket. 

Many users that lose their accounts have information that is important to them. Discord is an application that millions use to connect with others and meet friends. Memories are in the direct messages and are important to them. Please let users that lose 2FA to recover their accounts with alternative methods. I believe Discord can disable 2FA, but its security policy does not allow their support staff to do so. 

Please try to upvote this article so it can be seen by Discord staff and hope that it can enact change in discord. 

8

• 

  saudade

  • 23. Mai 2023 12:12
  • Bearbeitet

  Yes!

  I agree, try submitting support tickets aswell under the “New Features” request, informing about this and requesting new recovery methods for 2FA lockouts.

  2
• 

  liyasa

  • 23. Mai 2023 12:19

  I linked another 2FA feedback post to Discord and not much was given as a response :/
  Mostly, it was meant to point out how the 2FA lockout problem has become worse but hopefully as the OP suggests, we can rack and gain more votes to get Discord’s attention

  2
• 

  Benjamin Ng

  • 23. Mai 2023 15:45

  Yea, I believe that it might be a cost saving measure so that support tickets have less traffic and save cost. But Discord's importance to its users is as important as FaceBook or Twitter, where the user has lots of connections made to the account. I believe there should be enough identifying information to claim ownership of the account now, with Nitro payments, linked cell phones, Discord connections, etc. 
  
  If it is a means to cut cost, security questions to help disable 2FA with cell phone text message confirmation, would be a good self-service way to help remedy the problem, and allow users that had their accounts for years to recover them.

  1
• 

  sitrik

  • 23. Mai 2023 18:13

  Yeah, definitely.
  Discord should allow users to retrieve their accounts especially if they have enough ownership proof to verify it is their own account.

  Here is the most recent bumped post on the matter. @sayazu has suggested a good solution with email verification
  https://support.discord.com/hc/en-us/community/posts/360048878311-Fixing-2FA

  2

Bitte melden Sie sich an, um einen Kommentar zu hinterlassen.