Ok, I’ve hesitated posting here ever since this was opened and I’ve finally decided to comment. I have looked at and read all previous forums so that is not an argument that can be used against me.
I feel as though there is a very obvious way of handling this that causes the least friction based on some of my limited research and should work.
Just make the entire eroscripts site viewable for people not logged in. I was looking at the meta.discorse.com website and it looks like everything there is viewable. If you MUST have at least something hidden/locked, make a new category that is just nothing and have that be logged in only.
That way, for people like me, and probably at least some of the user base here, they don’t have to have MFA or even log in to download scripts. I have an account just for scripts and I’m certain that there are others out there that think like I do.
Last thing I’ll say about security, the weakest link in all security situations is always us humans. It’s why social engineering is a thing. As well as that, if a hacker wanted to get in, they could just create a new email, go through and setup MFA, get access to the site, and post malware without even hacking anyone. For a lot of us, if this account gets hacked, we just create a new account so it doesn’t matter.
edited for writing mistakes