Anyone else here recently forced to enable 2FA?
While generally a good practice, I don’t bother setting it up for accounts that do not contain sensitive information. It’s a hassle and it prevents other login options.
Mostly curious about the change and the added friction for creating an account. Have we been seeing an uptick in spam or other unsavory traffic?
We have been absolutely ASSAULTED by spammers in the past month, and none of the other changes I’ve made have done anything to prevent them. To give you an idea, I’ve had to delete 33 users (and posts) since the middle of May, all from different IP addresses.
Thanks for the response, @yochaigal. What a drag! I appreciate what you’re doing to keep this site usable.
That explains the requirement, then. I thought it was a general discourse thing.
Just to let @yochaigal et al know, I had issues after I set up 2FA, which I’ve since solved. After connecting my authenticator app, I logged out to re-log in, but the page wouldn’t refresh properly, staying stuck on my profile’s 2FA page, even though i was logged out. A modal prompting me to refresh would reappear in front of the 2FA page, but would just refresh the same page and modal if I pressed Refresh. I couldn’t just go to https://discourse.rpgcauldron.com without being redirected back to the 2FA page with the refresh modal.
I solved it by logging out, clearing all history related to this site (which was probably not necessary I think), and deleting my cookies via the developer tools (the real fix, I think). Then logging in worked properly.