You didn’t understand anything then.
None of that was necessary.
I think that may be the heart of the issue here. Maybe users aren’t as computer literate as some might think. I’ve been using computers since I was a kid and this is the first time I have ever had to use an authenticator.
3 Likes
Im not even against it i was just saying that not everyone saw it by not looking at the site for a while or like me who saw the 4 ads on top and just never looked at it again my problem was that the thread where you could complain or ask something was closed so its good that this thread is here
Bruh I seriously believed it was an April Fool’s joke. The announcement was so long I never scrolled through the whole thing, especially compressed into such a small box.
Time to lock the thread I think.
For the sweaty redditors reeeeeee-ing above instead of doing a simple tjet jippitie query; might want to checkout KeePass, been around a while, with clients for any device/OS.
Beats your current pen and paper, or 1 password for everything approach. Who knows, maybe after embracing KeePass, you won’t have to hit that reset password thingie on every website every other month 
Jesus, some people love being contrarians just because. If you don’t agree with the thread then leave, don’t comment, and let people express their frustrations instead of insulting people.
Next time the government will try to face id your life, or implant some gps in your ass I will be there to mock you that you are reeeee-ing if you don’t agree.
The fact is that a porn forum does not need to be at the forefront of security. Many banks don’t use tokens and default to sms codes, not that its good, but it’s not a stretch to see people frustrated. It would be way less drama if there was email 2FA option.
It’s not like there is a plague of users getting hacked and the forum flooded with spam/phishing/malware. It would make more sense to only put posting in software and script sections behind 2FA as thats the a possible attack vector if an account with popular thread gets compromised. I would guess most users have throwaway accounts/emails anyway since the forum is porn related.
So the change is just admins professional bias, which is fine, he runs the show.
But you (and others) don’t have to mock and downplay peoples frustration.
14 Likes
Based MFP dev
1 Like
You are mistakenly conflating digital hygiene with digital surveillance; you may come to find (just one tjet tjipittie away, btw) that digital hygiene actually aids in countering surveillance.
suggestion i use. having any extention app or device is bad and will not use. instead use web otp generator and save token to password manager. use long 20 digit random passwords anyway so phishing was not problem
Just to comment on this, the strength of a password does not eliminate phishing as a threat.
Phishing attempts to steal a password.
MFA via TOTP attempts to prevent phishing but more complex phishing techniques can still steal a TOTP token and create a new session for itself.
The best way to completely eliminate phishing is via passkey.
On discourse passkeys are separate from MFA (which is a misuse of passkeys but nothing I can do about it)
I have 2 suggestions:
- Easiest path: use Chrome Authenticator for TOTP
- Most secure path + least friction: setup TOTP with a password manager, and configure a passkey
- It’s a bit more setup but makes logging in way smoother and an easier experience than anything else
Passkey login flow (featuring bitwarden)
So the only way to get a smoother, easier login experience on this site now is to pay $1.65 monthly for bitwarden? (Are they sponsoring this? 
)
1 Like
It goes without saying that there are services that don’t paygate passkey usage.
You can choose a free option like I do. (My password manager is self-hosted vaultwarden)
Like I have recommended at least a thousand times. You can use KeepassXC.
Worth noting that anyone currently struggling to set up MFA can’t access any of this advice anyway. All they see is the verification screen.
2 Likes
This is general and is not blocked from login.
So yes users without being logged in can see this page.
If you’re already logged in without MFA set up, you cannot access any part of the site at all, even General. You could log out to view the site, but if a user who has no clue what’s going on can’t even view the rules or DM an admin for help, they’re not going to know to log out to look for the answers. They’re probably just going to close the tab and not come back.
5 Likes
I’m going to investigate this. That would be valuable feedback that could go under Site Feedback
Yeah I don’t like that. It’s hard-coded into discourse. I can’t change it or the message that’s displayed without changing the source code.
It may be able to be overridden by a theme component. Would have to investigate further.
Opened a thread on the meta:
Edit:
I have added a help message above the MFA enroll page with recommended MFA tools that are free and opensource.
1 Like
It is possible to make a passkey with Windows Hello in win10 and with google account in android. I installed google Authenticator extension in Brave for totp and made a couple of passkeys for easy login on phone and desktop. No extra installs beside a browser extension.
Site may be more secure now, but I am worried about new users who are just curious being scared away by the extra hoops you have to jump through just to get in the door.
Well said. It’s ridiculous overkill but it’s admin’s rodeo.
Now the only things in my life that I need an authenticator app for are my work accounts and my robot masturbator forum.
3 Likes
This did not work for me
I couldn’t dm admins or access any other part of the site