Discord 2FA and Recovery
In the event a users loses their information such as their password and 2FA Backup Codes and if they had their number changed. I think it would be pertinent for Discord to try to allow users to identify themselves by other means such as when the account was created, or something to show authenticity that the account holder is legitimate. Rather than forsaking people's accounts to the abyss if they should ever lose this information
Just a friendly reminder that bots can see a user's join date.0
There's always other methods of verification. Secret questions + CAPTCHAs are one of them. Also, being able to accept new sign-ins from within the user/account management console, or remotely sign-out other clients would both be useful features, though the latter would need anti-abuse measures put in place in the event that your account gets compromised.2
Isn't that why you get backup codes for 2FA? They are explicitly telling you to keep those safe.
2FA is 2FA for a reason, others can, in theory know, all your information but need your device or the backup codes to get in. Your information can be done digitally while the codes need to be physicall or at least close by to gather those.
It would be a security flaw if they would allow it, and next to that how would Discord know who you are, except the data about your account that most people can figure out with a bot.
All information Discord has can be "easily" compromised and would allow others to circumvent your 2FA without you knowing.0
I just changed my phone, had my email hijacked, lost my keys and 2FA was usless, forced to delete account and make a new one. They need a better recovery system for disabling 2FA, other companies have set them up. So why is Discord so lacking.
Suggest - Better 2FA account Recovery.5
Please sign in to leave a comment.