Welcome to Codidact Meta!
Codidact Meta is the meta-discussion site for the Codidact community network and the Codidact software. Whether you have bug reports or feature requests, support questions or rule discussions that touch the whole network – this is the site for you.
Post History
When you click on the "Mobile Sign-In" button, you are shown a QR code that, when scanned with your phone, opens your browser on the phone and signs you in automatically. Although I can see how th...
#3: Post edited
by
Monica Cellio
·
2023-08-13T18:49:26Z (9 months ago)
#2: Post edited
by
Monica Cellio
·
2023-08-03T17:11:02Z (10 months ago)
fixed, pending deploy
#1: Initial revision
by
FractionalRadix
·
2023-08-03T15:41:41Z (10 months ago)
Add safeguards to "mobile sign-in" feature
When you click on the "Mobile Sign-In" button, you are shown a QR code that, when scanned with your phone, opens your browser on the phone and signs you in automatically. Although I can see how this is helpful, I consider it a security risk. When I do this, anyone who sees my screen can now log in as me by scanning the QR code. Another risk is that if I'm away from my computer for a few minutes and forget to lock it, someone can now hijack my account. While this is always a risk when leaving one's computer unattended, I feel that Codidact makes it a little _too_ easy. I think we should add a second factor here. For example, the user might be sent a confirmation e-mail, before they are allowed to log in. Alternatively, we could have a user setting where we switch this feature off.