Request for Additional Security

Kira Ametrine
  • Đã sửa

My account was hacked in December 2021 resulting from poor management of the 2FA feature on Discord. I would like to propose the following:

  • Require verification of the 2FA code in order to access the backup codes. Currently this is not required. The lack of verification makes 2FA useless.
  • Restrict authentication tokens to IP address. Make it so that authentication tokens cannot be reused if the IP address is not the same as the account is currently logged into. Allowing authentication tokens generated upon successful login to be reused regardless of IP address makes 2FA useless.
  • Require verification via email prior to allowing a user to login if the location of the login is different from usual, regardless of whether or not 2FA is used. This enhances the security of 2FA.
  • Require verification of previous email prior to allowing changes to the email address on the account

Many respectable organizations and businesses do this to help protect the accounts of their customers. Discord has a serious problem with security and users falling for phishing attacks. As a cyber security analyst I will not pretend I am immune to these attacks; the fact I myself was hacked is tantamount to this. However, the above mentioned mitigations WILL help to stop these attacks or at least slow them down.

5

Bình luận

2 bình luận

Ngày Bình chọn
  • N'zan Ametrine

    THIS is a must. Please work on this function so that our accounts can have their protection actually matter.

    • Require verification of the 2FA code in order to access the backup codes. Currently this is not required. The lack of verification makes 2FA useless.
    1
  • 𝔹𝕚𝕖𝕓𝕝𝕚𝕤𝕞

    Absolutely agree, security on Discord is laughable at best. The reason why moderation gets swamped with hacked account tickets is BECAUSE the 2FA is absolutely useless. If they just improved 2FA with the above suggestions to-the-letter, then there would not only be a MUCH safer environment, but it would also alleviate a metric ton of ticket pressure from customer support. WE. NEED. THIS.

    ASAP.

    2

Vui lòng đăng nhập để lại bình luận.