Let's say you lose access to your d2jsp account and need to use the contact feature, but you've never donated and you're not well known. Random Example: https://forums.d2jsp.org/topic.php?t=85264545&f=34

My suggestion is when you are in control of your account, add an option in account settings to create a recovery key. Perhaps, a long string of randomly generated digits or phrases. Then if you ever need to use the contact feature, it'll ask you for your unique recovery key. It would help with proof of account ownership.

Also, to mitigate an issue with multiple accounts and illegal black market sales, perhaps make it possible to create a recovery key only once unless an admin personally resets the option.

Also, maybe add enhancements to this idea for verified accounts?

Edit: FYI, I always null my vote if I'm the OP.

This post was edited by Superman on Jul 1 2021 08:00pm

I do like this. Or even key questions that only the owner of the account will know!

A randomly generated key is good. And key questions that you can set that only you would know the answer to is a good idea too.

Yes, all are very good options. Voting yes here.

While having two passwords is a good two way security, security questions would be extremely helpful in reducing the waiting period and reduce stress on Kevin for account recovery.

how do you access the "unique recovery key"? just by being logged in, without having to enter any of your passwords?
i mean the description itself seems paradox. you cannot be "in control of your account" just by being logged in but not knowing
your password/s. that could be any person. if i got you right here then integrity = zero and authenticity = unknown which is horrible in terms of security.

and if this ^ part is wrong because i got your description wrong, then i got another question.
if someone forgot their password, do you really think they will know their unique recovery key?

so yeah one of both will apply to your suggestion and that's enough for a no-vote from me.

This post was edited by bhasinse on Jul 2 2021 05:17am

Voted yes. I think a 16 or 32 length alphanumeric string would work, like a security PIN.

Sorry, I enjoy the idea of having an extra layer of security sure, but I don't see this needing to be implemented and for the primary reason you mentioned.

As is the account Recovery and more works well and as intended, and I'm happy with that. Additionally, we are a Community here and in that sense we have one another to help each other out if something doesn't really add up.

In addition to all this the following quotes applies to your idea here in the sense of asking questions / getting answers that only "you" would know.



Additionally to that, the Contact tool is really the last choice needed for an account recovery, and at that point it is more or less just that. Contact Feature. That can turn up evidence of an owner owning an account more than a simple authentication code or something that may have been heard over some smart devices and more.

Another thing to consider is the amount of work, time, volume, chatter, and more that would take place to update this feature to all accounts on the site. I don't think anyone here wants to sit through the experience required to actually see this site suggestion through as it is now, as I don't see other sites having such a feature that is not automated.
It seems this just does not seem like a reasonable manner that is good for everyone on the site, regardless if they just started or been here 10 Years. Last but not least if someone has forgotten all security values here then it may become more difficult for those users to be validated to the account they had.

However with all this being said, I could see some people wanting an additional layer of security and not just as a sign in, but as a general principal of use. Since the current system seems to work well as is and when it come to recovering an account, I don't see any real use to this besides putting a major update on the site, increasing business with companies like PayPal or other authentication system and more. However if the site was able to do major updates with some of the current or past running site suggestions, then I could see the idea of another layer of security being supported by the majority.

In the end I don't think this is that important right now to really consider having to do, and if it was then I would feel right wanting to know if my account was signed in from a new device or IP address too, as that would be the first step in stopping or recovering something yourself and before it is lost.

This post was edited by Kyhle on Jul 2 2021 09:26am

Voted yes.

This would make it easier to verify who you are and tie up less admin time. Most any real world account already implements this for the same purpose the OP stated and is a step I have had to use to verify who I am. This would also alleviate multi accounts due to not wanting to deal with the process/or the processes being flawed/time consuming.

The intention and idea of this is not bad, but the reality is that if a user cannot keep a copy of their password somewhere, keeping a copy of another security key seems even less likely. Furthermore, this also opens another door into potential account security breaching, in the event that someone is able to acquire your "security key", even further defeating it's purpose. Security questions also pose the same risk, and are notoriously easy to bypass.

While our manual account recovery isn't perfect, it is still well beyond what any other social network currently offers for users to recover their account in the event they are unable to use the automated recovery methods. We take much diligence to ensure it is never misused, and place a high priority on your account security.

Thank you for the suggestion. but there are no plans to implement something like this.