2FA or other options: good. Mandatory email: not good. Caps lock: please no.- stolen from A Thundering Dimensional Horror, full agree
2FA or other options: good. Mandatory email: not good. Caps lock: please no.
Seems like way more effort for the developers and users than it is worth...
A confirmation email would be a good addition. Optional two-factor authentication would be nice-to-have, especially for those using WA for their commercial projects. But I don't think a Google accounts integration is necessary. (Also, I agree about the capslock. The text is very hard to read.)
Alrighty, so, I think this is not entirely necessary. I understand your zeal in wanting to improve security, and I think its admirable. However, I do think that you should be able to do one big thing: you send an email to the previous email giving them the opportunity to lock out the account from the previous email. From there, in order to regain access to the account, you would need to contact WorldAnvil Support to verify the identity of the main user. This is how most large tech companies handle the email switch on accounts (if its allowed). Also, Dear OP, please turn off the Caps Lock key, then take a knife, stick it under your Caps Lock key and pry it up, and then throw it in the trash. Ugh, there's nothing I hate more than a huge amount of Caps in a Paragraph. Seriously, we're writers. We can create *emphasis* without using CAPS LOCK.
As someone who literally lost their email address with no warning due to a screw up with Rogers, and a system issue where it was literally just scrubbed (or that's what they told me) this idea is a big huge no from me! Cause if this was how it worked, I would have been locked out of my account when that happened to me!! (I trust if I'd emailed the proper channels the lovely team of WA would have helped me forthwith as best they could but still). Given the discord connectivity and the other means of communicating with the team we have, and the tightknit circles of this community in various other forums, that all communicate well with each other, this is a non issue in my mind. I do not doubt if someone did that nonsense I'd have my account back within the week, as could any of us, as we have at least 2-5 other channels informal and formal that can be utilized to place our grievance to the WA team, and no one is gonna be able to change the personal information on any of our creative writing fast enough, or wipe the account history thoroughly enough to avoid getting caught, the account being basically seized by WA, using a new email address you provided in your communications with the team. Yes they may delete some things we could never get back and that would be a tragedy. Yes we may need to switch a bank card or credit card after said hypothetical scenario. But that's it. This isn't medical records. It isn't personal information like our home addresses, or the personal information of our loved ones, or any stuff like that. the original poster here needs to relax and realize what this space is. Its a community. We also watch out for each other through here and discord and anywhere else. Especially those a take over would hurt most, those whom do also use this platform for marketing/supplementary income. If your accounts started behaving oddly, if stuff started disappearing without reason, never mind if you all just started screaming bloody murder on discord, we'd notice and we'd all help you get the WA team on it ASAP. I get its a lot of users, yet I do not think this is necessary or even a good idea. I'll change that tone if Dimi and the tech side of the team come out of the woodwork and speak on the matter and they think its reasonable or necessary, but right now I don't see it, I can't bridge that gap at all.
I don’t really know much of this but what if someone no longer has access to their email address? Making it more tight could cause unnecessary issues for both the users and potential the staff having one more thing to deal with. Like many others have said, this is not a site that holds extremely valuable information about people’s private lives. There’s not much for hackers to get from here other than potential usernames and passwords. And if that happens then just change your password and make sure you don’t reuse that password. I love extra security but this seems unnecessary for this site
The two-factor authentication is the point I disagree on. I don't think tightening security would be bad, but this is a site for hobbyists, roleplayers, and story writers, so I can't imagine two-factor authentication is totally necessary. Also, that caps lock hurt my eyes really bad, please consider not using it in the future
The capslock was totally unnecessary. In fact, it was deterimental (capslock is difficult to read for some of us). It seems like shouting, and I happen to think that the WA dev team does a good job. Please no automatic or mandatory Google integration. I already have enough major corporations who have too much control over my accounts and personal data. Improving security is good, but how you do it should be carefully considered.
Soft disagree. As mentioned, why would a scammer go after your WA? Most of the people on here are hobbyists. Confirming through existing email would be a nice addition, but two-factor authentication seems a bit much. I love that WA allows you to change your email. Most websites don't. Please don't take that away.
Not sure how much danger there is here - even if scammers did get your password, why would they have any reason to access your world anvil account?
Agreed, the integration of googl accounts should be optional. I hate when it's forced. But otherwise, I also agree the security should be improved.
Yes, yes, and yes. Although I believe Google account integration should be optional. Other than that, once again: yes.