Communities

Writing
Writing
Codidact Meta
Codidact Meta
The Great Outdoors
The Great Outdoors
Photography & Video
Photography & Video
Scientific Speculation
Scientific Speculation
Cooking
Cooking
Electrical Engineering
Electrical Engineering
Judaism
Judaism
Languages & Linguistics
Languages & Linguistics
Software Development
Software Development
Mathematics
Mathematics
Christianity
Christianity
Code Golf
Code Golf
Music
Music
Physics
Physics
Linux Systems
Linux Systems
Power Users
Power Users
Tabletop RPGs
Tabletop RPGs
Community Proposals
Community Proposals
tag:snake search within a tag
answers:0 unanswered questions
user:xxxx search by author id
score:0.5 posts with 0.5+ score
"snake oil" exact phrase
votes:4 posts with 4+ votes
created:<1w created < 1 week ago
post_type:xxxx type of post
Search help
Notifications
Mark all as read See all your notifications »
Users Search
Help Dashboard Sign In Sign Up
Q&A Blog
Q&A
Posts Tags Edits
Ask Question

Welcome to Codidact Meta!

Codidact Meta is the meta-discussion site for the Codidact community network and the Codidact software. Whether you have bug reports or feature requests, support questions or rule discussions that touch the whole network – this is the site for you.

Comments on Add safeguards to "mobile sign-in" feature

Post

Add safeguards to "mobile sign-in" feature

+6
−0

When you click on the "Mobile Sign-In" button, you are shown a QR code that, when scanned with your phone, opens your browser on the phone and signs you in automatically.

Although I can see how this is helpful, I consider it a security risk. When I do this, anyone who sees my screen can now log in as me by scanning the QR code.

Another risk is that if I'm away from my computer for a few minutes and forget to lock it, someone can now hijack my account. While this is always a risk when leaving one's computer unattended, I feel that Codidact makes it a little too easy.

I think we should add a second factor here. For example, the user might be sent a confirmation e-mail, before they are allowed to log in.

Alternatively, we could have a user setting where we switch this feature off.

feature-request discussion status-completed mobile-browser sign-in
posted over 1 year ago
user card
FractionalRadix‭
4 0 22 7
History
Why does this post require attention from curators or moderators?
You might want to add some details to your flag.
Why should this post be closed?

1 comment thread

Any second factor *must* be optional (2 comments)
Any second factor *must* be optional
Olin Lathrop‭ wrote over 1 year ago · edited over 1 year ago
copy link

As long as this is optional and not the default, I don't care. Personally, I find 2FA annoying. I just want to get on with things, and now I have to find my phone, go fetch email (possibly on a different computer), or whatever. It's always a hassle. I put up with it in cases where it matters, like bank accounts.

I definitely don't want 2FA forced on me by sites where there is no reason to be anal about security. Codidact is certainly one of those.

ArtOfCode‭ wrote over 1 year ago
copy link

Olin Lathrop‭ FractionalRadix isn't talking about 2FA. They're suggesting adding a second confirmation to the mobile sign in feature, which is separate. 2FA is not and will not be required.