Use an open source 2fa provider and a phone-free solution
The two 2fa providers currently offered by Discord are closed-source. I won't get into the semantics of this too deeply here, but suffice it to say that a closed source security solution is, by its very nature, bad for security and untrustworthy. In addition, using Google's authentication service is a huge turn-off for a significant number of people, particularly in the EU where Google flaunts GDPR and Data Protection laws.
An easy solution is to implement a third option. PrivacyIDEA (https://www.privacyidea.org/) is an open source platform that supports TPM, OTP generation, smartphone apps, yubikeys etcetera. In short, it does everything that Authy and GAuthenticator does, plus a whole lot more - and it's free if you support it yourself. Alternatively, you can support the industry and get an enterprise support package from NetKnights here: https://netknights.it//en/produkte/privacyidea
Just for posterity, the Github project for privacyIDEA is here: https://github.com/privacyidea/privacyidea
There's another problem that needs to be addressed - and that is users without a mobile phone, like myself. In theory, one can get around this by building android in a VM, but this sort of defeats the purpose of 2fa. A better solution might be to simply employ email verification, with a warning that this might not be the most secure option.
-
I agree with North Scrub and add that Discord should be involved with Open Source apps and NOT with Corporate Censorship platforms like Twitter, Facebook and Telegram.
KMAN, editor, DIGILEAKCanada - News Not Noise
0
कृपया टिप्पणी करने के लिए साइन इन करें करें.
टिप्पणियां
1 टिप्पणी