As owners and creators of (personal/hobby) websites, our #1 concern isn't about the content of our sites, the look of our sites, or that we have to be concerned that other people may come and steal our stuff and credit themselves for it. Our #1 concern should always be about keeping our sites safe and secure from hackers and unruly script kiddies out there. This, most especially, applies heavily on community-heavy sites, such as the WDC.
As part of the security features of this forum, I have added the following:
- Signup/Login using your Twitter.
- Signup/Login using your GitHub.
- Signup/Login using your Steam.
- Signup/Login using your Discord.
Remember, you are responsible for keeping all your Twitter/GitHub/Steam/Discord accounts secure, so if any of these gets hacked somehow, the WDC has got nothing to do with it, so please keep this in mind.
There is also an option on making your forum account much more secure: the (somewhat famous?) 2FA (two-factor authentication). Flarum's 2FA extension though does not involve your mobile phone number (I rather not have anybody's phone numbers included anyway), but it will involve a TOTP (time-based one-time password) via Google Authentication. The 2FA feature is also optional too, so you as users will have to set the 2FA feature in your Settings section yourselves if you want to log into the forum using this feature.
The extension requires a few extra steps. I will also have to edit the
.htaccess file too. If I didn't move back to the former host, I wouldn't be able to add this feature as I would have to wait for my current host's tech support permission (which can take long) just for me to do this. Yeah, not much freedom there.
Generally, I would just go ahead and add this feature, but because I already got the ReCAPTCHA and everything else set up just for registration and logging in, I thought it's best I post this in here first and ask for your thoughts.
What do you guys think? Should we have this for WDC? Or are we okay with the current setup right now? Let me know!