Opinion Needed: Two Factor Authentication

As someone who works in online payment fraud protection/prevention, 2FA has some pros and cons.

Pro: it’s one of the safest ways to ensure account security and therefore protection for both a merchant and customers. 

Cons: Customer/consumer friction. People don’t want to take the extra time to first set up 2FA, and are also more likely to not want to authenticate/login to whatever the site is. This can result in a drop in signups as well as activity on the site afterwards. You may want to consider that a user who might otherwise login to drop a quick comment, or someone posting from a mobile device may decide that it’s not worth logging in and authenticating to do so.

I appreciate you wanting to take site security seriously and protect people’s accounts on UteHub. But I also wonder how necessary 2FA really is for a website with little personal information and no stored payment information (no saved credit cards, linked PayPal accounts, etc). I don’t anticipate UteHub being the target of a malicious attack, outside of MAYBE a disgruntled individual trying to sour someone elses’ reputation by posting on their account. 

That being said, 2FA would not prevent me personally from coming to or using the site. And again, I want to reiterate my appreciation for you taking security seriously. 

My two cents.

Have used 2FA at my work and don’t think it is a big deal, but I agree with KiYi, seems like overkill for this type of site, and any extra step will likely decrease participation.

There’s not really personal or sensitive information stored on this site that we would need to worry about if it were compromised. Just my $.02 but I don’t think two factor is needed on this type of site.

Great job on making this an awesome site overall!

Cybersecurity professional here, been in the industry for 15+ years. I agree with others that 2FA may be unnecessary on a site like this. It’s awesome that you are concerned about the users’ security, but no one should be posting sensitive personal information on this site.

I would add that I noticed the site is built on WordPress, WordPress is notorious for getting hacked. Pay close attention to updates with wordpress and vet the 3rd party addons.

Some fan sites require a difficult questionaire or 24 hour waiting period.  Personally, I think a 2FA would not dissuade authentic new users away, visitors included.  I will say questionaires or 24 hour waiting period have dissuaded me from a short visit to a fan site to say hello or congrats etc.  

I’ll weigh in as well, if anybody on this site is using the same password for other sites, hmm hmm, banking, retirement accounts, health insurance sites, work logins get a unique password rather than voting for 2FA.

Otherwise like has been said, not much personal data here to exfiltrate, though yes keep an eye out due to using WordPress. I see about two or three cases a year of somebody not patching and getting Pwned due to WP, but I would probably post less with 2FA. I don’t use a personal cell phone, and absolutely hate 2FA to check a news site, or play a quick game online. I often use mailinator for those pesky data leeches, i.e. last night I wanted to see cabins for sale in Idaho, the realtor site wanted an email. SamTHill@mailinator.com and I was in business. Never checked mailinator to see if they sent a verification email. Spam that email address all you want. Muhaaahaaa!!!!!

If this would prevent Moose from showing up like he has been lately I would be very much for this. If it doesn’t then don’t do it.

I’d skip it. Seems to be overkill.