Require users to re-enter their password to delete a server
Discord is open nearly all the time and there's basically no in-app safe guards for dangerous operations. For example, if I'm on my laptop and I leave it for a few moments anyone who knew what they were doing could easily and permanently delete all my Discord servers. This would be pretty catastrophic for anyone. Especially those with very large servers.
To address this, I suggest that after the user enters in the correct server name to confirm they are deleting the intended server, to also require them to re-enter their password to ensure they are the actual owner of the account as well.
-
If you have 2FA enabled it forces you to enter that
Much more safe than just your password, as if you get phished and put in the 2FA code and someone else gets into your account. 2FA changes every 30 seconds and gets invalidated until the code refreshes1 -
very good idea !! 0 -
i agree with @Heck.
it would be beste to re-authenticate before server deletion.
0
Por favor, entrar para comentar.
Comentários
3 comentários