Enhanced Security
As a long-time user and supporter of Discord, I appreciate the platform's efforts to create a secure and enjoyable environment for its users. However, to further improve security and reduce the risk of account hijacking, I would like to propose the following (OPTIONAL) enhancements:
-
Geo Restrictions:
- Implement geo restrictions to prevent unauthorized logins from new devices in unfamiliar locations. Users should be notified and given the option to approve or deny access.
- Notification also provides a location of the login attempt, Country/state (IP location estimate)
- Blind 2FA auth requests should no longer be opaque, must be 100% transparent
-
Email Fallback:
- Introduce a 30-day grace period for delinking an email from an account. This would allow users to restore their account if a bad actor gains access and attempts to delete credentials.
- Fallback is the first email linked to the account and,
- New emails require 30 days to be present on the account to qualify as a fallback
- Removing a fallback email has 30 days to restore it from that email account
-
Account Changes Validation:
- Require password or authentication validation for any major changes to account settings.
- This includes adding, removing emails, sms, and other behaviors that are seen for stolen users
-
2FA Priority Management:
- Ensure that 2FA is not enabled to delete or change login credentials without a validation test post login.
-
Rollback Feature:
- Allow users to roll back any major account changes within a 30-day period.
-
New Login Validation:
- Require validation for new login attempts, showing the country and location of origin.
- Track known sessions and allow them to be rejected/deleted
-
IP Flagging:
- Flag IP addresses if multiple users are logging in from the same IP. Users should validate these login attempts via email, including validation sent to an old email address to deny the device if necessary.
- this may not cover VPN services but could be handled with a simple 2FA check for that user.
These practices are common in major companies like Microsoft and financial institutions and would significantly enhance user security on Discord. By focusing on user retention and validation, we can better prevent accounts from being migrated to another location and uprooted by malicious scripts.
-
Previous version of this suggestion:
https://support.discord.com/hc/en-us/community/posts/4419386395287-Enhanced-2FA-SecurityVote there as well, its been 2 years.
3 -
I strongly agree with this, but it wouldn't really affect the rest of the problems that the app has
3 -
The app and platform does have many faults, I agree.
However, many users run communities, act as moderators, and build teams and projects on Discord. If your 2FA is compromised, your personal data, passwords, and anything you store in DMs are at risk. Collaborative projects and sensitive information could be exposed and vulnerable. Enhanced security features are crucial to protect these aspects of our digital lives on Discord.
To make the app better, we need security and stability
3 -
And we also need a better support teamn thats the main problem in my opinion
0 -
hopefully these features would cut out the need for most support incidents, its a million dollar industry to blackmail discord users with their accounts. support doesn't have the same resources.
2 -
Exactly, this is why we need better support for those who fell for the "i accidentally reported you" scam, including me who recently fell for that scam as my main account recently got hacked.
0 -
I sincerely hope Discord takes your proposals seriously and considers implementing them. Keep up the great work!
0
댓글을 남기려면 로그인하세요.
댓글
댓글 7개