Because the TOTP standard that Google Authenticator uses is completely open-source and it's very useful and I don't see any downsides to it.
Posted under Bugs & Features
I mean, I'm being the Devil's advocate here, but there isn't that much here to be protected. There (shouldn't) be any personal data stored in the site, using a different password than anywhere else negates that being stolen. The only thing I can think of would be a vandal using your account until it's banned which could probably be resolved with Admin help. I guess if someone were really pissed they could put in lots of effort to kill your favorites list...
I wouldn't be opposed to it being implemented if a dev felt like doing it, but it's not something I'd call necessary for a site like Danbooru.
BrokenEagle98 said:
The only thing it might be useful for are the Admin accounts... I don't know exactly how Danbooru is setup, but if someone hijacked all of the Admin accounts, would there be any recourse?
Biggest issue I can think of is that hijacker would see users' IP addresses. They could wreck some chaos, like nuking tags, or creating malicious news updates, or banning some IPs, but that's immediately obvious and revertible.
I don't think it's necessary. And if it's ever implemented, it should be optional - I prefer to use old dumb cellphone instead of smart phone, so using Google Authenticator every time to log in would be a pain in the ass.
OOZ662 said:
I wouldn't be opposed to it being implemented if a dev felt like doing it, but it's not something I'd call necessary for a site like Danbooru.
Type-kun said:
I don't think it's necessary. And if it's ever implemented, it should be optional - I prefer to use old dumb cellphone instead of smart phone, so using Google Authenticator every time to log in would be a pain in the ass.
I agree. I currently see no reason to introduce 2FA. We have to remember that the Danbooru server is still serving plain HTTP.
However, in principle, @Insanity_Demon is right. 2FA is a neat (optional) feature and definitely one of the more simple things to implement. Maybe I'll take a look at it later on. Currently I'm just too busy with tag gardening, looking at breasts, bug hunting and more important sec stuff.
BrokenEagle98 said:
The only thing it might be useful for are the Admin accounts... I don't know exactly how Danbooru is setup, but if someone hijacked all of the Admin accounts, would there be any recourse?
As long as @albert is in full control of the server itself, there is nothing to worry about.
That reminds me of a very important question I asked myself a while ago. Is there a trusted person with backup server access that can take over in case of an emergency (admin on holiday or admin vanished / injured / dead)?
reiyasona said:
That reminds me of a very important question I asked myself a while ago. Is there a trusted person with backup server access that can take over in case of an emergency (admin on holiday or admin vanished / injured / dead)?
Type-kun sounds like thqt kind of guy. Also
reiyasona said:
I'm just too busy looking at breasts
tapnek said:
Type-kun sounds like thqt kind of guy. Also
reiyasona said:
I'm just too busy looking at breasts
It's because of topic #12825.... right? ;)
BrokenEagle98 said:
It's because of topic #12825.... right? ;)
Kinda ... (*・∀-)☆