2FA or Not 2FA

Over the weekend I did a little work on the site, using a plugin that allowed my Patreon Subscribers to log into Eviscerati.Org using their Patreon account. The intent is to allow them to download specific types of Patreon rewards from here, rather than over there, because content archives on Patreon are terrible.

It mostly worked: generally speaking, thanks to a WordPress plugin, it was possible for Patreon subscribers to log into my site using their Patreon account, go to a special Patreon “area” on the site, and download stuff. However, during the process I discovered that apparently anyone signing up for an account over here was being forced to set up 2-factor Authentication.

Now, I’m a big proponent of 2FA in most cases, but I don’t think it’s necessary for a user account on this site. All a site subscription does is let you customize a profile, select a gravatar, and edit your own posts for a limited amount of time. For that reason, I thought I’d turned 2FA off at the subscriber level (privileged accounts still need to use it). However, there was an additional switch I was supposed to throw that I didn’t, so it looks like even though 2FA wasn’t _required_ it was still prompting you to enable it during account creation.

I have now turned that off as well. If you want to enable 2FA on your account (which I can understand, a certain amount of paranoia is healthy these days) you should still be able to do so by going into your Account Profile, scrolling down to “Two Factor Authentication Options,” and enabling the one you want to use.

For those of you who have been frustrated by the presence of 2FA on such a relatively trivial website, my apologies. I didn’t realize it was happening! Should be fixed now, though for those of you who already went through the account creation process, you might need to go into your user profile and disable 2FA if you don’t want to use it any more.