J-Novel Club
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Users

    2FA / MFA - Is there a plan to add this?

    Suggestions & Feedback
    6
    7
    434
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Areos
      Areos last edited by

      Hello!

      As someone who enjoys your site and sees that people might have a lot of purchased books in their libraries, wouldn‘t it be a good thing to enable this extra layer of security?

      Thanks in advance

      Turbofan 0 1 Reply Last reply Reply Quote 1
      • Turbofan 0
        Turbofan 0 @Areos last edited by

        @Areos This is a great idea. It has become a basic security feature for the vast majority of web shops and platforms with money involved.

        1 Reply Last reply Reply Quote 0
        • sorvani
          sorvani Premium Member last edited by sorvani

          Yeah, I'm not happy with not having any MFA available. But the billing is via stripe and nothing is saved by JNC if you are not logged in to stripe (assumption based on using this elsewhere).

          MFA is dead simple to add. I was converting an old VB .net desktop application to a web app for a customer this past week and once I had the web app version working, adding the totp based MFA functionality took like 20 minutes.

          Of course adding search functionality back in that we lost in the web update is also dead simple, but only got done in the last few weeks sometime.

          1 Reply Last reply Reply Quote 0
          • Nutaris
            Nutaris Premium Member last edited by

            I genuinely like 2FA and MFA to keep important stuff safe. However, I can't really see JNC accounts being a target for hacking in any situation. There's simply no financial gain to be had so those people won't waste their time here. In that regard, it doesn't really feel necessary for JNC to add this feature as a priority.

            1 Reply Last reply Reply Quote 1
            • SomeOldGuy
              SomeOldGuy Premium Member last edited by

              You're kidding, right? "No financial gain" is not a defense against attack. Some people attack to find out if there is something to gain, and others attack as practice for attacking somewhere else.

              Even sites that do not have any logins get attacked, probably in hopes that there are other sites on the same network.

              Nutaris 1 Reply Last reply Reply Quote 1
              • Nutaris
                Nutaris Premium Member @SomeOldGuy last edited by

                @SomeOldGuy Definitely not kidding. I won't attempt to downplay your concerns, just providing my own opinion on the subject.

                1 Reply Last reply Reply Quote 0
                • jpwong
                  jpwong Premium Member last edited by

                  Well, one issue is even if MFA is easy to implement, unless the rest of your site is appropriately set up, a hacker could still bypass it. I know one site where someone was able to completely bypass the 2FA and other login protections because they figured out how to get ahold of an admin's session token from a database hack.

                  I wouldn't be surprised if this was on their list of to dos already, but my guess is it's not going to happen until some of their other system overhauls get finished.

                  1 Reply Last reply Reply Quote 0
                  • 1 / 1
                  • First post
                    Last post