| though i dont see this site really needing it, but i think it be a nice option |
 |
| Wow.... What would they do about your MAL account? Show to the world how shitty your taste is? If you have your Social Insurance Number, Phone Number, Address in your MAL, that's when you have to worry... xD |
_Ako_ said: This is pretty much it. I don't see is necessary for this website in any way.Wow.... What would they do about your MAL account? |
 |
| Nice to have the option but I don't think it's really necessary so I'm voting no. Plus MAL already makes you use a pretty decent password iirc... I remember trying to change (password reset) my password like 1 month 1/2 ago and noticed the password requirements (1 letter, 1 symbol, 1 upper, x characters, or whatever the requirements were) essentially forced to use one of my strongest passwords since it's the only one that fit the requirements. Meant for the password to be for select sites/services but oh well. I'm not worried about it, just I didn't really see the need to use it here. |
 “Don’t just mindlessly judge people as you please.” – Rin Okumura “Your past shouldn’t stop you from achieving your goals and dreams.” – Rin Okumura |
| Why revive this thread? Just let it die. NO. I don't want to use my mobile number for this. MAL wasn't that rich to maintain such system. Lastly, who knows when MAL would be hacked again like last year? |
| Haters always gonna hate. |
WisestOne said: _Ako_ said: This is pretty much it. I don't see is necessary for this website in any way.Wow.... What would they do about your MAL account? Mhhhh... Hey, I'd want something that will prevent spambots to spreading its cancer here, and this, or at least tweak it a little bit and it is good enough... xD |
cleviojr said: Hello there friends, well, I searched if anyone else already suggested it and I haven't found myself so if I'm missing something please tell me. Two step verification is a new technology and method used by a sort of websites including Google, Guild Wars 2, Steam, and tons of online games and services we know. This method consists basically in the addition of an authentication that comes after the regular Username and Password, this authentication can consist in confirmation through SMS, Phone calls, applications(such as Google Auth). This rely on the fact that an account can nowadays be bruteforced by mechanisms used by hackers, and within this method, the user must confirm a code sent through the previously confirmations such as the google auth. I really suggest this so some users that feel unsafe, including me, everywhere, can feel more comfortable using such important tools as MAL. Do you agree with me? Do you think MAL should make a 2 step verification method(as an optional feature, of couse)? 2FA/MFA is not a "new" technology - it was patented in 1998-2000 by Kim Dotcom, but revoked in 2011 because AT&T had it in 1995, which is also in question because the origins are traced to S/KEY in the late 1980s. And yes, there are some advantages of it, but there are also some disadvantages of it. Here's just a quick list straight from the wiki page: Advantages No additional tokens are necessary because it uses mobile devices that are (usually) carried all the time. As they are constantly changed, dynamically generated passcodes are safer to use than fixed (static) log-in information. Depending on the solution, passcodes that have been used are automatically replaced in order to ensure that a valid code is always available; acute transmission/reception problems do not therefore prevent logins. Disadvantages Users must carry a mobile phone, charged, and kept in range of a cellular network, whenever authentication might be necessary. If the phone is unable to display messages, such as if it becomes damaged or shuts down for an update or due to temperature extremes (e.g. winter exposure), access is often impossible without backup plans. The user must share their personal mobile number with the provider, reducing personal privacy and potentially allowing spam. Mobile carriers may charge the user for messaging fees.[13] Text messages to mobile phones using SMS are insecure and can be intercepted. Thus third parties can steal and use the token.[14] Text messages may not be delivered instantly, adding additional delays to the authentication process. Account recovery typically bypasses mobile-phone two-factor authentication.[15] Modern smartphones are used both for browsing email and for receiving SMS. Email is usually always logged in. So if the phone is lost or stolen, all accounts for which the email is the key can be hacked as the phone can receive the second factor. So smart phones combine the two factors into one factor. Mobile phones can be stolen, potentially allowing the thief to gain access into the user's accounts. SIM cloning gives hackers access to mobile phone connections. Social-engineering attacks against mobile-operator companies have resulted in the handing over of duplicate SIM cards to criminals.[16] |
 |
| HELL NO! This is MAL not a bank account, I'll leave if this is ever implemented. Discord does this shit and it pisses me off. |
  |
| If it will be option one can turn on and off, sure. Nothing's wrong with a little bit more security for those that want it. |
 I'm watching anime since 2012. I also play games, sometimes. Don't bother me if you want to 'become friends' or things like that. It's tiresome. I know you just want to collect some meaningless numbers. Thought: How many people sparked H. Charlotta just for blue pot? |
| With the recent MAL API security issues I would say this is a necessary step for the security of the site as a whole. You guys could even use the Google Authenticator API like Discord and others non-google services do. |
 |
| We are absolutely looking in to two-factor authentication as an additional security measure to protect MAL users. Intentions would be to make it an optional feature (not required.) |
| Thanks! |
|
More topics from this board
» new list option - "Maybe"dailydi - Yesterday |
8 |
by Shishio-kun
»»
5 hours ago |
|
» Yearly Wrapped like MyDramaList ?ame - Sep 6 |
13 |
by ScaryOwl
»»
Oct 11, 10:47 AM |
|
» Abusing the Number of Shared Anime and Affinity to Uncover Private Listsvazae - Mar 7, 2021 |
6 |
by Serhiyko
»»
Oct 10, 7:01 AM |
|
» Separate rating lists by genre for more fair comparisons ( 1 2 )Mathi786 - Oct 7 |
94 |
by CC
»»
Oct 9, 8:42 PM |
|
» Can there be a different completed status for rewatching a show?Rally- - Oct 3 |
5 |
by Zekkenshin
»»
Oct 9, 12:07 AM |