Welcome to Codidact Meta!
Codidact Meta is the meta-discussion site for the Codidact community network and the Codidact software. Whether you have bug reports or feature requests, support questions or rule discussions that touch the whole network – this is the site for you.
Add safeguards to "mobile sign-in" feature
When you click on the "Mobile Sign-In" button, you are shown a QR code that, when scanned with your phone, opens your browser on the phone and signs you in automatically.
Although I can see how this is helpful, I consider it a security risk. When I do this, anyone who sees my screen can now log in as me by scanning the QR code.
Another risk is that if I'm away from my computer for a few minutes and forget to lock it, someone can now hijack my account. While this is always a risk when leaving one's computer unattended, I feel that Codidact makes it a little too easy.
I think we should add a second factor here. For example, the user might be sent a confirmation e-mail, before they are allowed to log in.
Alternatively, we could have a user setting where we switch this feature off.
1 answer
One threat model is the nearby person at the coffeeshop (or whatever) being able to scan the large QR code that comes up as soon as you click that button in the header. Many other things in the headers are modals/dropdowns, so you might not be expecting that QR code there and might not have considered your surroundings. One thing we could do is to put that QR code behind another click, like an expander, so you have the chance to back out. (Somebody else suggested this in a Discord discussion.)
Another thing we could do is to not have that button in the header. A button for mobile sign-in is already available on your profile; it seems reasonable to me to have to go there for what I assume is a rare operation.
Another threat model is the unattended, unlocked computer. I don't know that we would want to impose a second factor on everybody for mobile sign-in (email confirmations can be hard to handle on a phone[1]), but you can also enable 2FA for your account. 2FA would apply to all logins, not just ones that started with scanning the QR code, so this is a heavier burden than what you're asking for.
For people who aren't going to use the mobile sign-in QR code anyway, I agree that being able to turn it off would be useful.
Update: We removed the control from the top bar (it remains on your user profile), and the QR code is now initially collapsed (with a warning).
-
Anecdatum: more than once, I have gone down the "forgot password" path on my phone because it was easier than dealing with confirmation links that didn't want to open in the correct browser or weren't easily cut/pasted from an email app. I think I'm reasonably tech-savvy but touch interfaces on small screens are just plain hard for me. ↩︎
0 comment threads
1 comment thread