[pressure]

Would implementing this further increase security?

I mean, as far as I can tell, if someone were to acquire someone's password (and 2SV), they would be able to: change the user's associated email, password, and 2SV, therefore taking full control over the user's account.

 

[s q u r e l]

doesn't the 2 step verification require an email code in the first place?

 

[pressure]

Yes, it does.

I'm just pushing forward the scenario where someone acquires that 2-step verification by any possible means.

 

[s q u r e l]

It's sent to your email, if they can get access to your email for the 2 step verification part, then they can email verify themselves in as well lol

 

[pressure]

I know that.

What if, for example, that information (2SV) was given to a friend and/or family member for limited-time access?

 

[s q u r e l]

So you somehow manage to give your friend/family member a 6 digit code sent to your email that says "runemate verification code" within 15 minutes of attempting to log in? AND this friend/family member knows your password? Sounds like you need more to worry about than just email verification

 

[pressure]

What are you talking about?

You're making assumptions I can't be bothered dealing with.

Look, it's simple. Say a person decides to voluntarily give that information (2SV) in order to give another person access to their account. That person can now change the privacy settings (e.g. e-mail, 2SV) and take full control over that account if they wish to despite not having access to the primary owner's e-mail.

That's one scenario.

Another scenario would be, that an unknown person gains access to your e-mail by any possible means, and proceeds to take full control over your runemate account by changing the privacy settings.

Now, e-mails are generally easy to recover, but even if, the e-mail was recovered, the rune mate account would be compromised (as it has now been associated to a different e-mail).

 

[s q u r e l]

1. No one should be giving access to their account out. That's the user's fault right there

2. Your suggestion is useless in this scenario

 

[pressure]

Why not and how would it be useless?

The user would be able to recover the account via e-mail, since the "unauthorized" person would not be able to change the privacy settings without access to the owner's e-mail.

 

[s q u r e l]

Your account, your responsibility.

Did you read your own post?

"Another scenario would be, that an unknown person gains access to your e-mail by any possible means"

"The user would be able to recover the account via e-mail, since the "unauthorized" person would not be able to change the privacy settings without access to the owner's e-mail."

??????????????????????????????????????????????????????????????????????????????????????

 

[pressure]

That's the second scenario.

The first scenario can play out without the second scenario needing to.

Are you reading and thinking about my posts or just impulsively reacting?

Stop wasting my time.

This is just a means to minimize risk should either scenario play out.

In fact, even in the second scenario, once the user has recovered his/her e-mail address, they would be able to recover the runemate account if there was such a mechanism in place.

 

[s q u r e l]

???????????
"they would be able to recover the runemate account if there was such a mechanism in place"
"mechanism" being email verification... which has nothing to do with recovery after your email has been changed

lol, it's obvious you haven't applied an ounce of thought into this or any of your posts, goodbye

 

[pressure]

Recovery based on the creation e-mail *not* the changed e-mail address.

This isn't a competition of who's right or wrong, dude. Maybe if you didn't treat it as such (leading you to attempt to dominate others) you'd be able to actually follow what others are saying.
 
This moron with a nasty attitude can't seem to get it through his head that in the first scenario, the user which has received the 2VC did not do so via access to the owner's e-mail, but simply being transferred the information (2VC) from the owner himself who has sole means of access to an associated e-mail, therefore, putting a limit (i.e. e-mail verification) on changing privacy settings (e.g. e-mail change, password, 2SV) would be a rational safety mechanism.

Then he can't even imagine the second scenario where even if an "unauthorized" user gained e-mail through a compromised e-mail (which is associated with runemate), and changed the e-mail associated to runemate, that the original creator may recover the original [e-mail] creation account and request a password reset.

After all that, he proceeds to belittling, personal attacks, and parental-type accusations because he's too arrogant and retarded to accept and recognize the fact that he was incorrect, and goes forth projecting that onto others.

If you're not interested in helping others, or having a rational discussion with them on the matter in question, and just need to express an arrogant, judge-like character, because you are unable to control your own emotions, then FUCK OFF, and don't ever comunicate with me again.

Or this will be how it play out:

To view this content we will need your consent to set third party cookies.
For more detailed information, see our cookies page.

Accept third party cookies

 

[s q u r e l]

how do i add a laughing react to a post?

 

[pressure]

You don't.

You simply laugh at yourself. It would be easier in the time being than feeling shame or admitting error which your type would be incapable of, being a narc.

Now, do yourself a favour and stop replying to this thread.