You need to type your old/actual password to change it, right? But what if someone logged in on your account? It will know your password already, type it in the box and do bad things on your account.
But if this was implemented, this wouldn't happen!
I suggest that every time that you change a email/password, you receive a token in your email, to type in a box to confirm that YOU are changing the email/password.
Pros:
More security
Guarants that you are the one changing the password/deleting your account/changing your email
If someone gets into a account, would need your email password, Scratch password, and a token
Can be turned on-off by Contact Us
Cons:
Harder email changing for the actual one (email)
Impossible to change email if the first got deactivated Use Contact Us to turn this off, and change email/password without this

First password, then email. Even more protection

PenguinLover1123 wrote:

First password, then email. Even more protection

Hmm, maybe i will add this to the OP

Perfect. This will add extra protection against account “hackers”; Now they need to know both your email AND its password AND your scratch password.
And that's not happening unless somebody got into your email. And even then, in pretty much all scenarios they use it for things other than to “hack” your scratch account.

Yellowsheep43 wrote:

Perfect. This will add extra protection against account “hackers”; Now they need to know both your email AND its password AND your scratch password.
And that's not happening unless somebody got into your email. And even then, in pretty much all scenarios they use it for things other than to “hack” your scratch account.

Yep, that's why i suggested this-
In Account Settings, if a hacker get into your account, they can see your email and delete/change the password. But to do that, a email will be sent to your email (the one you used to confirm your account) with a token like “Af12Cd” saying like “This is a email confirming you are deleting/changing your password. If you didn't request this token, delete or ignore this email. Overwise, copy and paste this token into the bar.”

PenguinLover1123 wrote:

First password, then email. Even more protection

More!:
first password, then email to original (current, non-changed email) email saying "Here's your first stage confirmation url for username: url If you did not request this, ignore this email and contact us“, then after first email, to the changed email saying ”Here's your second stage confirmation url for username: url If you did not request this, please ignore this and contact us"

PenguinLover1123 wrote:

PenguinLover1123 wrote:

First password, then email. Even more protection

More!:
first password, then email to original (current, non-changed email) email saying "Here's your first stage confirmation url for username: url If you did not request this, ignore this email and contact us“, then after first email, to the changed email saying ”Here's your second stage confirmation url for username: url If you did not request this, please ignore this and contact us"

Cool idea! But i already posted something similar to that here-

ScratchCatDoBem wrote:

ScratchCatDoBem wrote:

Title

Edit: Mistyped send
Pros:
More security
Guarants that you are the one changing the password/deleting your account
Cons:
Nothing i can think of

Con:
Harder email changing for real one (Barely a problem)

PenguinLover1123 wrote:

ScratchCatDoBem wrote:

ScratchCatDoBem wrote:

Title

Edit: Mistyped send
Pros:
More security
Guarants that you are the one changing the password/deleting your account
Cons:
Nothing i can think of

Con:
Harder email changing for real one (Barely a problem)

Uhh i posted that accidently but thanks

What if your first email got deactivated?
How would verification happen then?

ItsMe-XTV- wrote:

What if your first email got deactivated?
How would verification happen then?

Hmm… Adding this to the cons

Moist bump

Yellowsheep43 wrote:

Perfect. This will add extra protection against account “hackers”; Now they need to know both your email AND its password AND your scratch password.
And that's not happening unless somebody got into your email. And even then, in pretty much all scenarios they use it for things other than to “hack” your scratch account.

It has never happend. Scratch does not have “hackers” however some people try to brute force their way into someones account. That's not hacking.

9cjames1 wrote:

Yellowsheep43 wrote:

Perfect. This will add extra protection against account “hackers”; Now they need to know both your email AND its password AND your scratch password.
And that's not happening unless somebody got into your email. And even then, in pretty much all scenarios they use it for things other than to “hack” your scratch account.

It has never happend. Scratch does not have “hackers” however some people try to brute force their way into someones account. That's not hacking.

Uhhh it does, but also…

Even if Scratch had no hackers, there would be passguessers, etc.

ScratchCatDoBem wrote:

9cjames1 wrote:

Yellowsheep43 wrote:

Perfect. This will add extra protection against account “hackers”; Now they need to know both your email AND its password AND your scratch password.
And that's not happening unless somebody got into your email. And even then, in pretty much all scenarios they use it for things other than to “hack” your scratch account.

It has never happend. Scratch does not have “hackers” however some people try to brute force their way into someones account. That's not hacking.

Uhhh it does, but also…

Even if Scratch had no hackers, there would be passguessers, etc.

I meant nobody has hacked before.

And passguessing is not hacking.

9cjames1 wrote:

ScratchCatDoBem wrote:

9cjames1 wrote:

Yellowsheep43 wrote:

Perfect. This will add extra protection against account “hackers”; Now they need to know both your email AND its password AND your scratch password.
And that's not happening unless somebody got into your email. And even then, in pretty much all scenarios they use it for things other than to “hack” your scratch account.

It has never happend. Scratch does not have “hackers” however some people try to brute force their way into someones account. That's not hacking.

Uhhh it does, but also…

Even if Scratch had no hackers, there would be passguessers, etc.

I meant nobody has hacked before.

And passguessing is not hacking.

Prevention is always needed.

9cjames1 wrote:

It has never happend. Scratch does not have “hackers” however some people try to brute force their way into someones account. That's not hacking.

That's why I put “Hacker” in quotations. It's the easiest way to send a message without having to explain much. What if I used “Passguessers?” Not many people would know what those are.
I don't need another lecture on this type of thing. I know what I am doing.

Moist bump

Moist bumppp

Maybe turning this on/off? By contact-us-ing.