Welcome to Codidact Meta!
Codidact Meta is the meta-discussion site for the Codidact community network and the Codidact software. Whether you have bug reports or feature requests, support questions or rule discussions that touch the whole network – this is the site for you.
Comments on Add safeguards to "mobile sign-in" feature
Add safeguards to "mobile sign-in" feature
When you click on the "Mobile Sign-In" button, you are shown a QR code that, when scanned with your phone, opens your browser on the phone and signs you in automatically.
Although I can see how this is helpful, I consider it a security risk. When I do this, anyone who sees my screen can now log in as me by scanning the QR code.
Another risk is that if I'm away from my computer for a few minutes and forget to lock it, someone can now hijack my account. While this is always a risk when leaving one's computer unattended, I feel that Codidact makes it a little too easy.
I think we should add a second factor here. For example, the user might be sent a confirmation e-mail, before they are allowed to log in.
Alternatively, we could have a user setting where we switch this feature off.