Everyone can be an attack vector.
Then ban everyone from uploading. 2FA does not prevent this. All it prevents is people gaining access to “trusted” accounts. As I said multiple times, I have no problem with you requiring it for trusted users. I have a problem with requiring it for users who posses nothing a fresh account doesn’t already have.
There are other measures being used already to prevent bad actors from creating alts and doing this like users get flagged to us when multiple users share an IP. I have mass deleted users before for having clear alt-behavior.
This is just arms race behavior, and I’m sure you already know, but I’ll point it out here: making alts with different IPs and 2FA is not impossible or even hard, you simply raise the barrier of entry. This doesn’t actually make anything more secure, it just makes lazy bad actors quit earlier. Lazy bad actors aren’t bothering to try to infiltrate places like this in the first place. The community is too small to be worth the effort.
Are you going to maintain that list?
Do you not already do moderation? Same shit.
You should be using 2FA everywhere importance of an account doesn’t matter.
Importance of the account absolutely matters. The effort is not worth it when there is nothing meaningful to lose. I am not putting barbed wire fences around every blade of grass in my yard just to make sure nobody steals one.
you become an attack vector for the community
I am no more an attack vector than any other fresh account is, which is the entire point. You stated this was about people leveraging trust within the community to distribute malware. If you set the bar for “trust” as “having an account” 2FA does nothing to actually increase security. It’s just security theater in that sense.
It’s generally unsafe and it’s better to eliminate that vector.
Security is always at odds with convenience. When my account is unsafe, but contains nothing of value, I will trade the convenience for the lack of security. People make these kinds of determinations every day.
I am certain to some extent you have made these choices yourself for you own security. How many locks does your front door have? Surely it’s as many as you can physically fit on it, right? Because otherwise it’s generally unsafe and you should eliminate the attack vector of someone being able to get through n existing locks. Better add n+1.
This is unfortunately just a reason. Not a good one.
I have seen plenty of niche communities die over comments like this. User experience is the most important factor in any niche site. If your site isn’t nice to use, people will simply not use it. When you have few people to lose, losing them matters more.
Whether you like it or not, this enforcement makes the forum safer for everyone
No. It makes you feel like it’s safer for everyone. Requiring it for prominent uploaders would accomplish 99% of the safety with 5% of the pain. Instead, you are pushing the pain out to everyone, trying to squeeze out that last 1% ineffectively.
I’m not sorry for trying to keep everyone safe
The core concept isn’t the issue. The issue is that you’re refusing to acknowledge that you are pushing too far in the direction of inconvenience for the cost-benefit to be worth it. You could make the site perfectly safe by airgapping it and making it so nobody can login at all, but that wouldn’t be very productive either, would it?
I hosted a stream on discord to educate via QnA and 3 people showed up.
Yes, because people don’t care that you think this increases security for them. They care that you’re making their experiernce worse. Most of the issue around 2FA is not about education, it’s about inconvenience. Plenty of people know exactly how MFA works, myself included, and still don’t want it for this for various reasons.
You’re a vocal minority and I’m still trying to help educate and you so you understand.
I already understood from the getgo. I also work in tech. That doesn’t mean I want anything to do with this site on my phone, nor do I have anything worth protecting on this account.
Do you put 2fa on throwaway emails too?
Also, you call it a vocal minority, but you won’t actually know how many people consider 2fa a dealbreaker until you launch it. I won’t be surprised if you find that lots of people simply quietly stop using the site because it’s a pain in the ass. If I, a person who uses 2FA more than most, am not willing to bother, why would random Joe Schmoe want to bother? One of the few things you have going for you is that the community is niche and there aren’t a ton of other places to get this kind of content, but that only goes so far. Like I said, I’ve seen other highly opinionated admins kill their niche communities with their strong opinions before.
Both you and I will never truly understand the number of threats possible due to account hijacking.
No, but we can understand that account highjacking fundamentally relies on the concept that the attackers time is limited and that they, as such, focus on attacking accounts of value. You are far better off focusing efforts on protecting valuable accounts rather than trying to make everyone safer and chasing them off in the process.
This site does not have anything meaningful on it in regards to personal security. The main and only important threat vector is people using stolen accounts to distribute malware, and there are far more effective ways to curb that which don’t negatively impact end users significantly.
I’ve already provided multiple, but here’s more. Require virustotal links for all uploads. Require vetting of users by moderation to be allowed upload permissions. This, and every other suggestion I’ve mentioned previously would give a better return on security to pain ratio than requiring 2fa globally (or something like SSO). Some of them require more work on the moderation front than others, but the onus for keeping a site safe should always be on administration and not on users.
Its your site, and that obviously means you’re free to do what you want with it, but many people have been signaling to you that they find it unacceptable, and those are just the people bothering to interact instead of quietly leaving. Instead of feeling imperious and trying to “educate” people, you should instead focus on the fact that the site isn’t useful if users don’t want to use it.
It sounds like you’re pushing forward either way. We’ll see how many people leave because of it, and we’ll see if that causes you to backtrack or just dig your heels in. Maybe it’ll work out, but frankly I don’t think so, and if much is lost, this community doesn’t seem big enough to weather a large loss. You have to maintain a critical mass of users for a community to sustain itself.