Post by /deleted/ on Feb 6, 2019 14:55:13 GMT -8
I suggested this before but deleted the thread because I felt like maybe it was a low quality suggestion not worth mentioning.
Discord has a feature the server owner can enable where most/all staff permissions are disabled unless you have 2FA.
My suggestion was, since 2FA is coming soon to V6 anyway, to consider such a feature for ProBoards.
Perhaps, unlike Discord, rather than all staff powers are disabled, just ones that are major that we often see abused to deface or damage forums. It would not only be an amazing security feature but possibly one to reduce those sorts of issues.
As far as who can enable/disable it, probably the root admin and the root admin should have full access regardless if it's enabled - similar to how Discord has it set. That seems like it would make the most sense.
I'm sure there's flaws that I am either not aware of or considering with this but I'm sure the replies to this will point any out. At least it's out here for consideration.
Obviously if someone's gonna abuse even after getting staff and enabling 2FA, they're gonna abuse. But this would still prevent situations that I've seen cause the downfall, defacing, or even completely deletion of many forums of many different "sizes" (in terms of activty/success/etc) and types. (In terms of the variations of what the forum is about or for.)
I'm especially interested in what Peter and the other people who might have some insight into these kind of things.
Thanks for reading. 🌊
Discord has a feature the server owner can enable where most/all staff permissions are disabled unless you have 2FA.
My suggestion was, since 2FA is coming soon to V6 anyway, to consider such a feature for ProBoards.
Perhaps, unlike Discord, rather than all staff powers are disabled, just ones that are major that we often see abused to deface or damage forums. It would not only be an amazing security feature but possibly one to reduce those sorts of issues.
As far as who can enable/disable it, probably the root admin and the root admin should have full access regardless if it's enabled - similar to how Discord has it set. That seems like it would make the most sense.
I'm sure there's flaws that I am either not aware of or considering with this but I'm sure the replies to this will point any out. At least it's out here for consideration.
Obviously if someone's gonna abuse even after getting staff and enabling 2FA, they're gonna abuse. But this would still prevent situations that I've seen cause the downfall, defacing, or even completely deletion of many forums of many different "sizes" (in terms of activty/success/etc) and types. (In terms of the variations of what the forum is about or for.)
I'm especially interested in what Peter and the other people who might have some insight into these kind of things.
Thanks for reading. 🌊
