News Ding Dong, Mandatory 2FA is Dead (Important new notes/answers about 2FA)

[Reach4theSky]

sadly... not Super AIDS free

 

[Jesus X]

Do we have to turn off the 2fa on our settings now? @JayPettryMMA

 

[chinarice]

Do we have to turn off the 2fa on our settings now? @JayPettryMMA

Yes

 

[Blanqa Blanqua]

Do we have to turn off the 2fa on our settings now? @JayPettryMMA

No, you can turn it off if you want now.

They said they may reinstate it in the future, but is optional for now. It's stated earlier in thread somewhere

 

[Aluminati]

If you guys are going to be redesigning the login/2FA approach, may I suggest following a passwordless authentication pattern? Fulfills any regulatory MFA requirements and is not vulnerable to basic account takeover attacks as long as you mandate email address and not phone number be the primary ID. Doesn't have to be anything as serious as FIDO, but would be more secure and modern.

 

[Lord Pyjamas]

Or you could do it like me and never ever put anything of value for them to find. This is Joe at our donkey named Robs funeral. Or is it?
I sure hope it is, since it took me 5 minutes to even fit him in there with the Sherdog forum tools.

 

[Mask Of Winters]

this is like when the us gov (and probably govs around the world) stoked and manufactured fear and pandemonium in its citizens about COVID 19 and how the people worldwide were going to die, then nothing happened... life just went on, and they were all, "oh, whoops. anyways"

FIFY

I've decided to keep my two-step verification (for now) because to me a password reset is even MORE of a bitch. Every time I've been asked to reset my password on any other site I'm always told the next time I log in that the password I've JUST CHANGED TO is "incorrect" and end up having to waste more time and energy doing it all over again. With my luck I'd end up getting locked out of Sherdog altogether. Not to mention modern dientity theft has nothing to do with yoru passwords anyway, and everything to do with companies selling your data to pretty much anybody who wants it without your knowledge or permission.

About Stoned Lemur, it's ironic that a woke poster ended up leaving because he DIDN'T want to comply and just do what he was told. Especially since two-step verification is a LOT less of a hassle than being forced to wear masks 24/7 and then get a double jab and booster shots and "vaccine passports" and all that crap. Which I never did so I still retain my non-sheep label.

 

[Crash Lance]

Why does Sherdog keep asking me for two-step verification? Is this option something that I have to adjust in my settings?

 

[Dillydilly]

Why does Sherdog keep asking me for two-step verification? Is this option something that I have to adjust in my settings?

Yes go into your "password and security" and click disable/change two step.

 

[oscerthegrouch]

i wasn't worry about 2FA if they wanted to see inside the trashcan i was going let them heh

 

[chimpoehurricane]

As most expected, the Sherdog forum staff in accordance with the parent company, Tech team and Xenforo collaborators, were going to implement mandatory Two Step Verification on the forum, also known as Two Factor Authentication ("2FA"). I am pleased to to tell you now that this has been canceled.


We sincerely apologize for any issues caused from this looming request. Please understand that we were acting in accordance with professionals who have dealt with these kinds of issues before. The process was a complicated one with a lot of interjecting opinions, and we the forum staff made our voices heard any time we could. To combat the problems we encountered, we have instead put together a package of internal fixes on the administrator and forum structure side of the equation to protect you all from these bad actors. We hope that these fixes, updates and plugins will be able to solve the problem without needing to resort to forcing 2FA. We also expect that you should not experience a disruption of services with these fixes. We won't need to migrate, take this rig down to update it or otherwise get in the way of forum life. We realized that it would be better for everyone to try these other fixes first, with 2FA a final tool at our disposal if absolutely necessary.


We should note: it is possible that we will need to push a one-time only password reset on accounts. It is an option we have considered, depending on how the other tweaks and alterations go.


Anyone who freaked out about the initial announcement and suicided their accounts will not have them restored. That's on you.


I want to again thank the forum staff for working hard on this ordeal with me, and to you, the community, thank you for being patient as we work on this.


TLDR: Go about your business, nothing to see here.

It's just a problem and a security concern. This isn't our bank or crypto.

 

[Slobodan]

If you guys are going to be redesigning the login/2FA approach, may I suggest following a passwordless authentication pattern? Fulfills any regulatory MFA requirements and is not vulnerable to basic account takeover attacks as long as you mandate email address and not phone number be the primary ID. Doesn't have to be anything as serious as FIDO, but would be more secure and modern.

Do you mean passkeys? That's actually a feature now!

 

[Marko Polo]

I nearly lost my account to this, it’s still asking for a code now and then and I’m running out of them. Is there any fix

 

[Dillydilly]

I nearly lost my account to this, it’s still asking for a code now and then and I’m running out of them. Is there any fix

go into your "password and security" and click disable/change two step

 

[Marko Polo]

go into your "password and security" and click disable/change two step