Articles

2FA or Not 2FA

One of those pictures where a padlock is overlaid with a pattern vaguely resembling a circuit board, to make it look digital.
Image by Jan Alexander from Pixabay

Over the weekend I did a little work on the site, using a plugin that allowed my Patreon Subscribers to log into Eviscerati.Org using their Patreon account. The intent is to allow them to download specific types of Patreon rewards from here, rather than over there, because content archives on Patreon are terrible.

It mostly worked: generally speaking, thanks to a WordPress plugin, it was possible for Patreon subscribers to log into my site using their Patreon account, go to a special Patreon “area” on the site, and download stuff. However, during the process I discovered that apparently anyone signing up for an account over here was being forced to set up 2-factor Authentication.

Now, I’m a big proponent of 2FA in most cases, but I don’t think it’s necessary for a user account on this site. All a site subscription does is let you customize a profile, select a gravatar, and edit your own posts for a limited amount of time. For that reason, I thought I’d turned 2FA off at the subscriber level (privileged accounts still need to use it). However, there was an additional switch I was supposed to throw that I didn’t, so it looks like even though 2FA wasn’t _required_ it was still prompting you to enable it during account creation.

I have now turned that off as well. If you want to enable 2FA on your account (which I can understand, a certain amount of paranoia is healthy these days) you should still be able to do so by going into your Account Profile, scrolling down to “Two Factor Authentication Options,” and enabling the one you want to use.

For those of you who have been frustrated by the presence of 2FA on such a relatively trivial website, my apologies. I didn’t realize it was happening! Should be fixed now, though for those of you who already went through the account creation process, you might need to go into your user profile and disable 2FA if you don’t want to use it any more.

Related posts

What the Hell?! Con 2011!

C. B. Wright

Preserving Our Precious Artistic Resources

C. B. Wright

How Science Fiction and Fantasy Helped Me Conquer My Inner Demons

C. B. Wright

2 comments

notStanley 11 July 2023 at 3:03 PM

While multi-factor is a good idea, keeping it convenient for everyday use can be a challenge. Many accounts I have to lookup in my vault since not used frequently enough to be memorized. Then add getting a code. In addition to simple texts, I have 3 authenticators on my phone to remember which accounts use which one :{

Reply
C. B. Wright 11 July 2023 at 3:16 PM

Yeah, it was never my intention to force it on people making an account on this site, of all places.

Reply

Leave a Comment