Remove these ads. Join the Worldbuilders Guild

Go back to the Voting Board

Two-Factor Authentication

User Interface (UI) / User Experience (UX) · Api · Created by Arborisyl

closed

security 2FA

As we all know, security is an ever concerning issue on the internet. And I've noticed World Anvil has no 2FA feature available. While I realise that some people do not want to get locked out of their account accidentally or just simply despise 2FA, it would be of great benefit to have it as an optional feature. Some further uses could be if an article needs to be deleted (or maybe if a few articles were being deleted), or the deletion of a world. 2FA could trigger to make sure no one had gotten into the account to wreak havoc. That's just an additional suggestion, my main concern would be adding 2FA to the login process. Here are some possible options; Email: The code is sent to the account email upon attempted login, forcing the person to have access to the email account as well. SMS: The code is sent as an SMS, forcing the person to have access to the SIM-card. Authenticator: A code generator on your smartphone/electronic device. Forces the person to have access to the device. I truly think that no matter how much you hate 2FA, it would benefit the site as a whole if it were added as an optional feature.

The Team's Response

2FA one way or another will certainly be handled at some point. This request though did not receive enough support to, at this point, counter the time required / difficulty of implementation of the task. Note: As you can see even above the opinions of the little amount of people that asked for it are quite different on what the implementation should be.

Current score

152/300 Votes · +25930 points

Votes Cast

+300

by HunterChristmas1247
on 2021-09-21 03:48
+100

by MachFarcon
on 2021-09-21 01:24
+300

by Chrispy_0
on 2021-09-20 03:11
Email authentication at a minimum is a must. SMS is good too. I don't care for Authenticator apps because most of them are device specific, and what happens if your phone breaks? I guess it's good for those that want it, but I'd rather this part not be mandatory.
+20

by BackworldTraveller
on 2021-09-19 07:29
+100

by coffeeshark
on 2021-09-19 05:59
+20

by Mylittlegranny
on 2021-09-18 10:07
+50

by Jontaro
on 2021-09-17 17:42
+300

by Bladeswillfall
on 2021-09-17 10:36
+50

by Silent Cinema
on 2021-09-17 01:46
+10

by Kyltotechnis
on 2021-09-16 23:44
+100

by Bassen_Hjertelos
on 2021-09-16 19:46
+50

by Alex Kochetov
on 2021-09-16 19:12
+300

by MrGunn
on 2021-09-16 13:51
-100

by rgpil
on 2021-09-16 11:50
-50

by Walicia
on 2021-09-16 10:19
+300

by ZackTheGreat
on 2021-09-16 02:33
+300

by Nekosmash
on 2021-09-16 01:09
-50

by GMSeth
on 2021-09-15 09:51
+300

by DocGonic
on 2021-09-15 04:48
+50

by zunami
on 2021-09-15 01:20
+10

by Joxic
on 2021-09-14 19:31
+50

by redbeardcreator
on 2021-09-14 18:22
+20

by swampowl
on 2021-09-14 09:14
+300

by TheRPGFoundry
on 2021-09-14 05:01
+300

by Reaper89
on 2021-09-14 04:14
+300

by mistwalker
on 2021-09-13 11:45
Using Google Authenticator, like a lot of sites already do, would be a good choice.
+300

by AromaticSponge
on 2021-09-13 11:44
+300

by rstyms
on 2021-09-13 11:27
Big fan of 2FA, but please not an SMS! A TOTP token or similar?
+300

by Ezurak
on 2021-09-13 10:36
+300

by Guyra
on 2021-09-13 10:29
+50

by nnie
on 2021-09-13 10:09
Opt-in 2FA sounds like a good addition. Personally I prefer authenticator or email for 2FA. SMS 2FA is the least secure option, especially in the US, but I mostly dislike it because I'm super jumpy and text noises spook me
+300

by melior64
on 2021-09-13 09:59
+300

by Crossarius
on 2021-09-13 09:17
+300

by tjmichaels
on 2021-09-13 06:50
+300

by SierraKomodo
on 2021-09-12 15:29
-300

by Mullanphy
on 2021-09-12 10:38
Optional is fine - but how long before someone in the White Tower decided it should be mandatory? The real world is 'security' conscious enough as it is, and none of the reasons given warrant added security at any level. Anyone putting up information they don't want other's to have probably shouldn't be here. WA is a game, not a gold reserve.
+100

by ThirdDwarf
on 2021-09-12 10:18
+20

by xluminaheart
on 2021-09-11 20:00
+300

by Re_Shinobi
on 2021-09-11 14:51
+300

by [email protected]
on 2021-09-11 14:40
+10

by SlipshodSliver
on 2021-09-11 13:10
+200

by Bento Mav
on 2021-09-11 12:58
+100

by BasicDragon
on 2021-09-11 04:27
+300

by CraniumBeaver
on 2021-09-10 10:30
I agree with people saying that this is a must. The amount of work that I have stored in WA is, to me, immeasurably valuable. I think the best option wold be to use some 3rd party authentication app, e.g. Google Authenticator.
+300

by ComicXero
on 2021-09-10 10:11
+200

by jarn-argence
on 2021-09-10 04:00
+300

by Tobus
on 2021-09-10 02:06
+20

by esongbird24601
on 2021-09-10 01:42
I want to support those who are interested in protecting their work on WA. However, I personally have absolutely no interest in having 2FA for my account. If this feature is implemented, and there's good reason for it to be, PLEASE make it optional.
+300

by Dalf32
on 2021-09-10 00:17
+300

by Hanhula
on 2021-09-09 14:40
PLEASE. I'm genuinely begging here. 2FA is so important.
+100

by lthomas224
on 2021-09-09 14:15
+300

by MoonRaven
on 2021-09-09 12:23
+100

by Risthearth
on 2021-09-09 08:53
+300

by Uglub
on 2021-09-09 07:51
Please prioritise this feature, robust security is essential, I would prefer to see this implemented as an option over any other features on this voting list
-10

by A Rambunctious Dryad
on 2021-09-09 06:47
+300

by Stormbril
on 2021-09-09 03:00
+20

by LoneRonin
on 2021-09-09 02:53
+100

by brian.eilber
on 2021-09-09 01:13
+50

by elsondwarf
on 2021-09-09 00:40
+10

by WinterYellow
on 2021-09-08 21:56
+10

by Danceworld
on 2021-09-08 21:45
+50

by Inkypig
on 2021-09-08 20:07
+300

by Aelin Ninthalor
on 2021-09-08 18:39
+100

by Everwild
on 2021-09-08 17:33
+200

by Gigaclown
on 2021-09-08 13:44
+20

by FictionFan1995
on 2021-09-08 13:43
+300

by DarthGaymer
on 2021-09-08 12:55
+100

by Rhemar
on 2021-09-08 12:29
+300

by Hexomanya
on 2021-09-08 12:23
+300

by Justin Hamersly
on 2021-09-08 09:36
+300

by itmePhil
on 2021-09-08 08:57
+10

by Conwant
on 2021-09-08 08:42
+300

by Sweet101052
on 2021-09-08 07:35
+50

by ReaverArklight
on 2021-09-08 04:39
+50

by nomady69
on 2021-09-08 03:10
+10

by Jonathan.Nemo.Doe
on 2021-09-07 23:45
+200

by Delagard
on 2021-09-07 19:12
+300

by kc0mlp
on 2021-09-07 02:32
+300

by njbrig89
on 2021-09-07 01:07
+300

by zekompozer
on 2021-09-06 21:47
Authenticator option would be especially nice.
+50

by Mookelele
on 2021-09-06 20:41
+200

by Sluggy Art
on 2021-09-06 16:08
+50

by aerista
on 2021-09-06 15:53
+300

by zoranac
on 2021-09-06 15:25
+50

by A Filthy Velociraptor
on 2021-09-06 13:05
I disagree that SMS should be an option for 2FA as it is more vulnerable due to SIM swapping attacks. However I do think we should have 2FA and would like support for apps like google or microsoft authenticator.
+300

by ka_jan
on 2021-09-06 12:36
+20

by KnightTobyas
on 2021-09-06 10:20
As someone who works in information security, this is a must.
+10

by CorduroyKoala
on 2021-09-06 05:46
+20

by Xras7
on 2021-09-06 03:13
+100

by Neverdusk
on 2021-09-06 01:46
+20

by genraven
on 2021-09-06 01:35
+300

by Krylitech
on 2021-09-05 19:11
+100

by ZookAleslosh
on 2021-09-05 18:23
+100

by Vantaj
on 2021-09-05 14:25
+20

by killermenpl
on 2021-09-05 13:07
+300

by SoulLink
on 2021-09-05 08:05
+200

by play2imagine
on 2021-09-05 05:51
+20

by davi_danger
on 2021-09-05 04:51
+300

by BCGR_Wurth
on 2021-09-05 02:43
+300

by Nyxa
on 2021-09-05 02:40
+300

by A Sneaky Ooze
on 2021-09-05 00:18
+10

by A Rambunctious Mlem
on 2021-09-04 21:24
+300

by Jikar
on 2021-09-04 17:31
+100

by timetunnel
on 2021-09-04 16:34
+300

by ArcEpicus
on 2021-09-04 15:08
Almost feels like a must have nowadays. Another layer of security is always better
+300

by Ondo
on 2021-09-04 14:12
More security is always a good idea.
+200

by NightShift
on 2021-09-04 13:20
+100

by Modimo
on 2021-09-04 12:32
+300

by Amancham
on 2021-09-04 08:49
Optional and more than one way to authenticate would be amazing, yes.
+300

by Capri
on 2021-09-04 08:13
+10

by iamthetot
on 2021-09-04 04:16
Everyone should use 2FA for as many things as they can. 10 seconds of annoyance when you log in in exchange for massive security reassurances. Authentication app would be my preference but 2FA would be better than none.
+300

by Snapps
on 2021-09-04 01:55
+300

by dbgoodin
on 2021-09-04 00:43
+300

by Vulthuryol
on 2021-09-04 00:33
The first implementation should use the industry standard of ISO-6238 Time-Based One Time Passwords. This way, any basic authenticator can be used to generate tokens. There will also need to be a way to unlink the two-factor auth for people who lose or get new devices.
+20

by YikosCastle
on 2021-09-04 00:01
+300

by Master_Zephyr
on 2021-09-03 23:33
+300

by GrinWithoutaCat
on 2021-09-03 22:52
+300

by Earendill
on 2021-09-03 18:58
+100

by Ironskink
on 2021-09-03 12:58
+10

by TheeReaper
on 2021-09-03 11:49
+300

by Woods825
on 2021-09-03 09:52
+300

by Dremag Kest
on 2021-09-03 08:59
+300

by Maddoc-the-Wayfarer
on 2021-09-03 07:07
+50

by A Lusty Dimensional Horror
on 2021-09-03 07:00
I'm all for it, as long as it's optional and you can choose from multiple different methods. Speaking of code generators, devices like a YubiKey may be a nice option as well, but I have no idea if that is feasible or not.
+300

by Bound
on 2021-09-03 06:57
+300

by Snake__Venom
on 2021-09-03 05:42
+300

by A Fierce Mimic
on 2021-09-03 03:32
+100

by vysimael
on 2021-09-03 03:26
+100

by AvalonArcana
on 2021-09-03 00:24
+100

by Loliket
on 2021-09-02 22:47
+300

by Imp_King
on 2021-09-02 16:44
+300

by Mayren
on 2021-09-02 15:34
+50

by WillyBGames
on 2021-09-02 15:32
Preference would be an authenticator app/email, but either way, this is a good idea. Optional though, as OP stated.
+100

by NuclearWill14
on 2021-09-02 13:44
+300

by Merecraft
on 2021-09-02 13:17
+50

by Demo2811
on 2021-09-02 11:55
+300

by johanfk
on 2021-09-02 11:27
Considering the value of what your account has - good feature.
+300

by eccbooks
on 2021-09-02 10:39
+300

by Bonus Action
on 2021-09-02 08:35
+100

by Shadow Malachi
on 2021-09-02 07:54
+300

by anna_b_meyer
on 2021-09-02 05:36
+300

by A Frightened Kitten
on 2021-09-02 03:47
+50

by xSpazztic
on 2021-09-02 02:07
+100

by A Roaring Dryad
on 2021-09-02 01:49
This could be especially important for those who publish/earn money from their work that they plan on World Anvil (ex: Authors) or those who are otherwise worried about their accounts being compromised.
+100

by buckwelles
on 2021-09-02 01:26
+50

by nolantarik
on 2021-09-02 01:12
-50

by M.G. Lyman
on 2021-09-02 00:23
+10

by Sebron
on 2021-09-02 00:13
+100

by Keniisu
on 2021-09-01 21:09
+100

by gajusmaximus
on 2021-09-01 20:45
+300

by Rahjar
on 2021-09-01 20:06
+10

by A Revolutionary Hobbit
on 2021-09-01 18:39
+300

by Arborisyl
on 2021-09-01 18:31

Find your way!

Resources

WHO WE ARE

LEGAL

Get the news

Listen to our Podcast

Our Allies

Two-Factor Authentication

Two-Factor Authentication

The Team's Response

152/300 Votes · +25930 points

Votes Cast

+300

+100

+300

+20

+100

+20

+50

+300

+50

+10

+100

+50

+300

-100

-50

+300

+300

-50

+300

+50

+10

+50

+20

+300

+300

+300

+300

+300

+300

+300

+50

+300

+300

+300

+300

-300

+100

+20

+300

+300

+10

+200

+100

+300

+300

+200

+300

+20

+300

+300

+100

+300

+100

+300

-10

+300

+20

+100

+50

+10

+10

+50

+300

+100

+200

+20

+300

+100

+300

+300

+300

+10

+300

+50

+50