Suggestion Removing the 30 days limit from 2FA logins

matpower

Messenger from Zero
OP
Member
Joined
May 5, 2012
Messages
1,108
Trophies
2
Age
24
Location
Best state in Brazil
XP
2,788
Country
Brazil
Last time I used 2FA, it was a bit of a chore to use due to this little feature, it feels pointless to have it there if you have toggled "keep logged in".
I understand that it helps with security a bit more since you need to prove that you are yourself every 30 days, but it is really unnecessary since you are already trusting that computer to be safe, and it is a non-standard behavior for 2FA implementation (I believe only Twitch has that 30 days limit). It seems like a small thing but it might put people off from using 2FA since it is annoying for them, and we should be obviously trying to make people use better security methods to avoid incidents like leaked databases (often with shared passwords since people refuse to use a password manager due to distrust or lack of know-how).
 

shaunj66

GBAtemp Administrator
Administrator
Joined
Oct 24, 2002
Messages
12,117
Trophies
5
Age
40
Location
South England
Website
www.gbatemp.net
XP
28,184
Country
United Kingdom
I really don't see any reason to change this except for it being a minor inconvenience. I feel the security it provides far outweighs the extra time it takes to login once a month.

Of course I'd like to invite other members to give their opinions as we're open to change if the demand is there.
 
  • Like
Reactions: Sicklyboy

Pedeadstrian

GBAtemp's Official frill-necked lizard.
Member
Joined
Oct 12, 2012
Messages
3,966
Trophies
2
Location
Sandy Eggo
XP
3,917
Country
United States
Last time I used 2FA, it was a bit of a chore to use due to this little feature, it feels pointless to have it there if you have toggled "keep logged in".
I understand that it helps with security a bit more since you need to prove that you are yourself every 30 days, but it is really unnecessary since you are already trusting that computer to be safe, and it is a non-standard behavior for 2FA implementation (I believe only Twitch has that 30 days limit). It seems like a small thing but it might put people off from using 2FA since it is annoying for them, and we should be obviously trying to make people use better security methods to avoid incidents like leaked databases (often with shared passwords since people refuse to use a password manager due to distrust or lack of know-how).
Plenty of sites/programs use a 30 day limit (or even lower) regardless of it being 2FA. If anything, nowadays a site that leaves you logged in permanently seems to be the non-standard behavior. Of course, if you wanna get rid of the "chore" of relogging in every month you could just turn the feature off. Why do you need such strong security for this site, anyway? There's no address/credit card info stored here. Are you afraid someone will hack your account and post something stupid? Or maybe become Margen 3.0 and like everything?
 
  • Like
Reactions: Minox

matpower

Messenger from Zero
OP
Member
Joined
May 5, 2012
Messages
1,108
Trophies
2
Age
24
Location
Best state in Brazil
XP
2,788
Country
Brazil
Plenty of sites/programs use a 30 day limit (or even lower) regardless of it being 2FA. If anything, nowadays a site that leaves you logged in permanently seems to be the non-standard behavior. Of course, if you wanna get rid of the "chore" of relogging in every month you could just turn the feature off. Why do you need such strong security for this site, anyway? There's no address/credit card info stored here. Are you afraid someone will hack your account and post something stupid? Or maybe become Margen 3.0 and like everything?
Pretty much every service where I use 2FA (Discord and Steam to name a few) doesn't do that, sadly this is anecdotal evidence, so I can't really argue against that. Also there is no argument against having strong security, if my account gets hacked and someone spams using it, use it for slandering other members, etc, it will be my own fault, I am sure that saying "I was hacked!" won't clear any warnings or bans. Right now the only reason I don't have 2FA active right now is because I didn't have a phone until recently.
 

Chary

Never sleeps
Chief Editor
GBAtemp Patron
Joined
Oct 2, 2012
Messages
12,465
Trophies
4
Age
27
Website
opencritic.com
XP
133,008
Country
United States
I did have 2FA on once upon a time, but I had to have Bortz disable it for me, because it wouldn't send me an email code on those 30 day increments. I suppose there's the google auth app thing now that I have a phone, though.
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
    SylverReZ @ SylverReZ: Just have a laugh and everyone is happy, like me. :D +1