View Single Post

Kilora's Avatar

03.13.2013 , 06:27 AM | #508
Quote: Originally Posted by Bomyne View Post
The sooner the better to be honest. Having to call Support to remove the authenticator is an overly costly and time consuming process.

I'm still not convinced this is a good idea. Everything I know about security tells me that every single piece of login information (Username, Password, authenticator info, secret questions) should be kept 150% secret. Since the usernames are used on the forum, that's a piece of login information that is being unnessercarily exposed.
With all due respect, you must not know much about security...

There's a funny thing that happens when dealing with a lot of fields such as security -- in which those who know almost nothing are confident in their knowledge and think they know quite a bit, while those who are extremely knowledgeable question their intelligence regularly.

I certainly don't mean this to be rude -- but many of the people posting on here probably don't know ANYTHING about security, or understand that -- as has already been said -- a username/email should NEVER be used as a safety measure. There are dozens of security checks that no user will ever see, and will never become public knowledge (for good reason).

TL;DR -- Professionals in security are explaining to people that this change has NO effect on security -- but is allowing them to implement other changes to increase security. I'm inclined to agree, because I'm not a security expert. However, should my account be hacked (or if many accounts are hacked), I may change my tune.