TOTP and/or U2F support would be fantastic, and a great way to improve security.

Right now, all that's needed to compromise an account is access to the owner's email address.

This post was edited by xXZyZXx on Nov 25 2018 05:33am

Yes, if one of the commonly used methods/standards could be implemented.

Google authenticor would be good to use for this
Definitely see use considering some people have enough fg to buy a car

Yeah, that's what TOTP is. Authy, Google Authenticator, etc. all use this.

This post was edited by xXZyZXx on Dec 5 2018 01:36am

is that how you got this account?

Yes, Google auth instead of required gold password. Ty.

Gold passwords aren't leaving for a long, long, LONG time.

Gold password is a million times better, in my books.

2 FA is lame and time consuming... People will have problems when they change emails & phone numbers, etc. I also don't like to rely on google to not charge for this service in the future...

Big and firm No - I don't like to rely on external technique .

That’s fine. Just remove the requirement of having one if you have 2FA enabled.



You have no idea what you’re talking about lmfao. Gold pw is a static password, if someone knows it you’re f’ed. 2FA changes every 30sec which makes it a million times more safe.

This post was edited by Cfwx on Dec 5 2018 08:03am

That is very true! Just as much as if someone got access to your email (which is protected by only one password) they can verify your 2 FA. If you use 2FA on the cellphone you are absolutely protected, but once you lose your
phone number, then you can just imagine the procedure to verify that you are the rightful owner of your d2jsp account.

How are people going to guess two passwords without your computer being compromised? And if your computer is compromised, then they can steal your web-session and use your account without a password. Which means
a 2FA is useless unless you have a gold password combined OR require it every time you send FG.


Does Google 2-step verification protect user from session hijacking?
- Short answer: Yes, the attacker can use session hijacking.

source: https://security.stackexchange.com/questions/56555/does-google-2-step-verification-protect-user-from-session-hijacking