Two-factor authentication (2FA) is our latest major new feature, releasing today. 2FA helps protect your account against unauthorized access and potentially malicious actions by requiring verification via your account’s registered email address. Configure 2FA for your account here.
2FA is required once per session, and can be set up in two ways:
- Verify your email address, and we will only use 2FA to verify potentially malicious actions. Logging in to the account will NOT require 2FA.
- Or, protect your entire account with 2FA by requiring it for login as well. All further actions after each login will be automatically authorized. The one exception is “Remember me” automatic login. For this, we create a secondary cookie with 30 day expiration that acts as a temporary 2FA login “pass”. The full 2FA process will still need to be done once per session for any potentially malicious action.
Potentially malicious actions are as follows:
- Changing your registered email or password
- Deleting your account, or any sites in your account
- Disabling 2FA login
- Modifying your subscription
A link to set up 2FA is featured prominently on your user homepage, so there’s no way you can miss it!
Bonus feature – we now require a verified email address to post on the forums as well. Spam has historically been a huge problem on our forums. We added recaptcha in February which helped block the bots but some people still post spam manually. This will help further decrease the noise.