Discord 2FA and Recovery

Comments

4 comments

  • lieuwe_berg

    Just a friendly reminder that bots can see a user's join date.

    0
  • Amaroq the Kitsune

    There's always other methods of verification. Secret questions + CAPTCHAs are one of them. Also, being able to accept new sign-ins from within the user/account management console, or remotely sign-out other clients would both be useful features, though the latter would need anti-abuse measures put in place in the event that your account gets compromised.

    2
  • Knagie

    Isn't that why you get backup codes for 2FA? They are explicitly telling you to keep those safe.
    2FA is 2FA for a reason, others can, in theory know, all your information but need your device or the backup codes to get in. Your information can be done digitally while the codes need to be physicall or at least close by to gather those.

    It would be a security flaw if they would allow it, and next to that how would Discord know who you are, except the data about your account that most people can figure out with a bot. 
    All information Discord has can be "easily" compromised and would allow others to circumvent your 2FA without you knowing.

    0
  • BlackHorde

    I just changed my phone, had my email hijacked, lost my keys and 2FA was usless, forced to delete account and make a new one. They need a better recovery system for disabling 2FA, other companies have set them up. So why is Discord so lacking.

    Suggest - Better 2FA account Recovery.

    5

Please sign in to leave a comment.