Communities

Writing
Writing
Codidact Meta
Codidact Meta
The Great Outdoors
The Great Outdoors
Photography & Video
Photography & Video
Scientific Speculation
Scientific Speculation
Cooking
Cooking
Electrical Engineering
Electrical Engineering
Judaism
Judaism
Languages & Linguistics
Languages & Linguistics
Software Development
Software Development
Mathematics
Mathematics
Christianity
Christianity
Code Golf
Code Golf
Music
Music
Physics
Physics
Linux Systems
Linux Systems
Power Users
Power Users
Tabletop RPGs
Tabletop RPGs
Community Proposals
Community Proposals
tag:snake search within a tag
answers:0 unanswered questions
user:xxxx search by author id
score:0.5 posts with 0.5+ score
"snake oil" exact phrase
votes:4 posts with 4+ votes
created:<1w created < 1 week ago
post_type:xxxx type of post
Search help
Notifications
Mark all as read See all your notifications »
Q&A

Welcome to Codidact Meta!

Codidact Meta is the meta-discussion site for the Codidact community network and the Codidact software. Whether you have bug reports or feature requests, support questions or rule discussions that touch the whole network – this is the site for you.

Can we have second-factor sign-in authentication via e-mailed one-time codes?

+3
−1

I realize that this might be a bit of a niche use case, but I'm going to put it out here anyway.

The availability of 2FA via an authenticator app is a great boost to account security.

However, there are still people who don't have smartphones, or who might not be willing to tie their smartdevice to their account here for some reason. For a not entirely unreasonable example, their smartphone might be a work-provided device where policy restricts what it can be used for.

I don't expect that this would be at the top of the list of priorities by any means, but since Codidact can already send e-mails (see for example the subscription feature), would it be possible to have second-factor authentication via an e-mailed one-time code?

I imagine that when set up, after successfully authenticating with one's password, an e-mail would be sent to the address associated with the account, containing a short code that must be entered before being signed in, and that this would happen each time the user signs in (not just when the attempt looks "suspicious" according to some metric – I suspect this would make the feature easier to implement).

Having that would mean that an attacker would need to gain access both to one's Codidact credentials, as well as one's e-mail account; and that such access would need to be ongoing (unless the attacker turns off the sign-in code requirement, which the legitimate account holder would notice no later than the next time they sign in and aren't prompted for a code).

History
Why does this post require attention from curators or moderators?
You might want to add some details to your flag.
Why should this post be closed?

1 comment thread

General comments (2 comments)

2 answers

You are accessing this answer with a direct link, so it's being shown above all other answers regardless of its score. You can return to the normal view.

+3
−0

This should be completed with the next deploy. To make it easy, we just email you a link to sign in - same functionality, but easier to use.

History
Why does this post require attention from curators or moderators?
You might want to add some details to your flag.

1 comment thread

General comments (3 comments)
+2
−2

Please make sure that such a feature is optional, and not the default when you create your account.

Personally I find such extra security a pain in the butt and annoying. This isn't Fort Knox or my bank account. A user name and password should be good enough, without needing a phone handy, or immediate access to a particular email account, or whatever.

History
Why does this post require attention from curators or moderators?
You might want to add some details to your flag.

1 comment thread

General comments (1 comment)

Sign up to answer this question »