It was always an option it’s just forced now
3 Likes
Most new users will never do MFA for a forum they aren’t invested in. Without new users a forum will stagnate and die a slow death.
Still, I’m happy to be here while it lasts 
7 Likes
If these are legit new users that’s great news
Are they signing up and actively using the site, or are they signing up and then abandoning once they realize they need a 2FA would be the real question. Do you have to activate 2FA as part of the registration process now, or does it only show up once the account is created?
I’ve also posted the daily active users stats before. It hasn’t seen a drop either.
I just tested this myself. You only hit the MFA screen after signing up, verifying your email, and then trying to sign in. So these stats could be entirely misrepresenting the actual situation- people signing up quickly, tyring to log in, and then hitting the MFA wall and not wanting to bother. And this isn’t even considering that these new accounts might just be bot accounts, and that the spike there after MFA might just be bots. The registration API is still very simple, so I can imagine bots trying to signup and then not being able to use the accounts because of MFA.
500+ users signing up every single week? Just doesn’t seem right…
Either way it seems too soon to infer any sort of pattern here just from that one graph.
Zooming in on the exact same graph doesn’t actually clear anything up. It’s still the same vanity metric, just at a higher resolution.
You’re completely ignoring the point: if the MFA requirement only hits after registration, then these numbers are essentially useless for proving site health. You’re counting every bot that hits the registration API and every person who sees the “2FA required” wall and immediately closes the tab.
100+ signups a day for a niche forum is already a massive red flag for bot activity. Celebrating a spike in database entries while ignoring the actual issue is just misrepresenting the situation. The spike in new accounts could even be users coming back, trying to login and not being able to with the new MFA requirements and being forced to create new accounts. (I’ve even seen multiple posts of people who say they had to create new accounts because they were locked out because of MFA.)
2 Likes
People are still underestimating the scale of this forum.
May I remind you the handy 2 sold over 5000 units on just the kickstarter alone.
There’s all the other devices plus software that integrate basic toys like controller vibrators.
I won’t pretend boting doesn’t happen but you seem to be sold on the idea that it’s all/mostly bots.
I don’t think it’s bots because if it were you would see the boting activity but tracking the numbers over a long period of time you can see natural growth.
If it were bots there would be noticeable sudden jumps.
I also tracked the number of account deletions from the past few days and compared them to pre-mfa account deletions and the numbers remained more or less the same. If users were backing out because of MFA that number would rise.
I have been watching the numbers. Even the numbers of stats I can only get from a CSV and count entries (had to do this for account deletions)
If you’re just going to continue goalposting when the numbers disagree with you, I can’t help you.
Here to give my take on this, I obviously don’t mind sites that have no mfa/2fa, but I actually prefer when it’s available, I like the idea of the password not being the only thing someone needs to login to your account. I think it’s much safer and makes the forum look more professional. Now I’m not sure how users feel when it’s mandatory, I wouldn’t care myself since I already use MFA wherever it’s available but some people might not want to use it and that’s fair. But at that point it’s their own laziness and indifference about security, just my opinion…
mfa is not the same as 2fa people would be fine with needing an email link to log in having 2fa forced on us is not popular or wanted it’s like bitlocker…
1 Like
There’s so much wrong with this sentence.
mfa is not the same as 2fa
They are interchangeable. 2fa just means 2 factors. Mfa is multi-factor.
people would be fine with needing an email link
This is not considered a secure 2nd factor for similar reasons as text messages
it’s like bitlocker
MFA has nothing to do with disk encryption, and you should have full disk encryption on devices that have risk of being stolen/lost
Are people really deleting accounts when stop using site? I guess they just not visiting anymore, and account stays “dead”
But it’s still 2nd factor, and that one wouldn’t make people mad when forced, just saying
1 Like