Suggestion Removing the 30 days limit from 2FA logins

matpower

The Mad Scientist
OP
Member
Joined
May 5, 2012
Messages
1,083
Trophies
1
Age
22
Location
Best state in Brazil
XP
2,158
Country
Brazil
Last time I used 2FA, it was a bit of a chore to use due to this little feature, it feels pointless to have it there if you have toggled "keep logged in".
I understand that it helps with security a bit more since you need to prove that you are yourself every 30 days, but it is really unnecessary since you are already trusting that computer to be safe, and it is a non-standard behavior for 2FA implementation (I believe only Twitch has that 30 days limit). It seems like a small thing but it might put people off from using 2FA since it is annoying for them, and we should be obviously trying to make people use better security methods to avoid incidents like leaked databases (often with shared passwords since people refuse to use a password manager due to distrust or lack of know-how).
 

shaunj66

GBAtemp Administrator
Administrator
Joined
Oct 24, 2002
Messages
11,622
Trophies
2
Age
38
Location
South England
Website
www.gbatemp.net
XP
18,173
Country
United Kingdom
I really don't see any reason to change this except for it being a minor inconvenience. I feel the security it provides far outweighs the extra time it takes to login once a month.

Of course I'd like to invite other members to give their opinions as we're open to change if the demand is there.
 
  • Like
Reactions: Sicklyboy

Pedeadstrian

GBAtemp's Official frill-necked lizard.
Member
Joined
Oct 12, 2012
Messages
3,960
Trophies
1
Location
Sandy Eggo
XP
3,546
Country
United States
Last time I used 2FA, it was a bit of a chore to use due to this little feature, it feels pointless to have it there if you have toggled "keep logged in".
I understand that it helps with security a bit more since you need to prove that you are yourself every 30 days, but it is really unnecessary since you are already trusting that computer to be safe, and it is a non-standard behavior for 2FA implementation (I believe only Twitch has that 30 days limit). It seems like a small thing but it might put people off from using 2FA since it is annoying for them, and we should be obviously trying to make people use better security methods to avoid incidents like leaked databases (often with shared passwords since people refuse to use a password manager due to distrust or lack of know-how).
Plenty of sites/programs use a 30 day limit (or even lower) regardless of it being 2FA. If anything, nowadays a site that leaves you logged in permanently seems to be the non-standard behavior. Of course, if you wanna get rid of the "chore" of relogging in every month you could just turn the feature off. Why do you need such strong security for this site, anyway? There's no address/credit card info stored here. Are you afraid someone will hack your account and post something stupid? Or maybe become Margen 3.0 and like everything?
 
  • Like
Reactions: Minox

matpower

The Mad Scientist
OP
Member
Joined
May 5, 2012
Messages
1,083
Trophies
1
Age
22
Location
Best state in Brazil
XP
2,158
Country
Brazil
Plenty of sites/programs use a 30 day limit (or even lower) regardless of it being 2FA. If anything, nowadays a site that leaves you logged in permanently seems to be the non-standard behavior. Of course, if you wanna get rid of the "chore" of relogging in every month you could just turn the feature off. Why do you need such strong security for this site, anyway? There's no address/credit card info stored here. Are you afraid someone will hack your account and post something stupid? Or maybe become Margen 3.0 and like everything?
Pretty much every service where I use 2FA (Discord and Steam to name a few) doesn't do that, sadly this is anecdotal evidence, so I can't really argue against that. Also there is no argument against having strong security, if my account gets hacked and someone spams using it, use it for slandering other members, etc, it will be my own fault, I am sure that saying "I was hacked!" won't clear any warnings or bans. Right now the only reason I don't have 2FA active right now is because I didn't have a phone until recently.
 

Chary

Never sleeps
Chief Editor
Joined
Oct 2, 2012
Messages
11,784
Trophies
3
Age
25
Website
opencritic.com
XP
108,699
Country
United States
I did have 2FA on once upon a time, but I had to have Bortz disable it for me, because it wouldn't send me an email code on those 30 day increments. I suppose there's the google auth app thing now that I have a phone, though.
 
General chit-chat
Help Users
  • No one is chatting at the moment.
    susbaconhairman @ susbaconhairman: what