Change the requirements for Server Discorvey.

Yosi

• February 28, 2020 17:49

I've been told to enable the Server Discorvey system you need to have 2FA (Two-Factor Authentication) enabled. I understand that it's to protect the staff members from getting their account hacked, and the 2FA is supposed to help protect the account. Though in my opinion, the risks are too high to enable it. 

First of all, this is just forcing the staff member to enable 2FA. 2FA makes sure that your account has another way of protecting it, but does it really protect you? If you lose your codes, you lose your account alongside it if you don't have it logged in into Discord. I'm aware that I can write down the codes and hope not to lose it, but forgetting where you put it is also a thing. 

Second of all, there's no way to return your account if you've lost the code. This system is usually based on a third party device. If the smartphone is factory reset or lost, or authenticator application is deleted accidentally, the token would be lost and it's recovery is very unlikely. And this is all just to be able to moderate a server (Delete messages, change other people's username, manage roles, etc...). 

Lastly, the application itself you're using can get hacked as well. This 2FA system doesn't fully protect your account as it's supposed to. Forcing the staff members who are against using the 2FA system to enable it just for Server Discovery isn't fair for the staff. This is changing our own user setting for a small help in advertising. 

To conclude this all, I believe that requirement should be removed. It's unfair for the staff member to take all this high risk of losing their account and what's in it for this thing.

3

• 

  DIM

  • August 11, 2020 16:30

  Im pretty sure even if u delete the app (auth) once u re install it all the previous keys (considering that u never deleted them before manually) would still be there, I just installed my auth app and it had all the keys I've ever made and its been like a year now since I've deleted that app, but I do agree this 2FA is a bit surplus, theres more harm in enabling it then having it disabled since we oughta make more mistakes then being hacked or exploited whatever.

  1
• 

  sselesUssecnirP

  • February 28, 2020 22:49

  I've had problems with my phone being stolen or broken and lost access to 2FA- but I just get another device, download Authy, and input my backup password. (there may be one or two more steps in there that I forgot, but it's really easy) 
  
  2FA, at least in my opinion, is not a headache and it does help better protect your account. I'm not trying to get in an argument or anything... just stating my opinion on the matter! As for this being a server discovery requirement, maybe loosen the 2FA requirements for staff members to a few less permissions? I understand requiring 2FA for people who can Manage Roles, Manage the Server, and Manage Channels... and all the administrative action- but simple moderation like message deleting and changing user names to more appropriate names and such doesn't seem like something that needs to be locked behind 2FA when enabled.

  0

Please sign in to leave a comment.