2-factor Authenticator change - lost accounts
Currently, if you lose your authenticator + backup codes, you permanently lose your account - this kind of system is efficient & understandable from a security perspective, but completely misguided when compared to any other projects w/ an authenticator system.
Discord offers deleting your account if you lose all access to it, but refuses to simply remove the authenticator - this kind of offer (deleting your account without having access to it) lacks logical consistency: it only works because, if it's genuinely just an imposter on your email, the real owner of the discord account will simply login & cancel the deletion request; do you see where I'm getting at? It's illogical because the same offer can be applied for the authenticator removal - if no one logins for 15 days upon the request to remove it via email, then it's safe to rule that it's the real owner of the account.
That's it - simple change that will help many & has no possibility for errors - it follows the same logic as deleting your account via email.
-
اريد ازالته لقد فقدت حسابي
0 -
You may be interested into my post regarding 2FA dont forget to upvote
https://support.discord.com/hc/en-us/community/posts/13800661348759--How-Discord-Can-Improve-2FA-How-to-Keep-Accounts-Secure-and-Avoid-Lockouts-0
Please sign in to leave a comment.
Comments
2 comments