I know it doesn't really seem necessary for something like scratch but i think it would be more secure if there was an option for two step authentication when signing into scratch.

YES! Especially for Email 2 Step Authentication. It could work as you need to verify log in using email when you log in on a new device, and then you can unauthorize certain devices when you don't need them.

Hmm I could swear this is a duplicate of a topic I’ve seen, but I can’t find an open one

Anyways, I’d be fine with this if it was an option. I sign into other accounts frequently, and having to do this every time would probably get annoying

Well, since I lost my old Roblox account due to this I semi-support it. But only if it's an option.

(edit:I only support it like, 35%. I have a bad taste with intense security things like this, a good password is enough.)

Scratch_Attacker wrote:

Well, since I lost my old Roblox account due to this I semi-support it. But only if it's an option.

(edit:I only support it like, 35%. I have a bad taste with intense security things like this, a good password is enough.)

I would propose it as just being an option so if you didn't want it, you could just not use it. I think there would be quite a lot of people that would like this though (but I understand why you wouldn't)

Support. 2 factor authentication will increase account security. Also, That means that users who accidentally reveal their password (It could happen) will still have another layer of security. (This would also protect against things like scams, like “Give me ur password and I will give u 1000000000 views on all ur projects.”)

venyanwarrior wrote:

“Give me ur password and I will give u 1000000000 views on all ur projects.”

Really! :O My password is (insert fake password here)

But in all seriousness I totally agree with all points made above, and I think that this should be optional, as people have stated, and it will stop a lot of hacking and, as venyanwarrior said, scams for account stealing through passwords. (honestly I don't know why we don't have 2 usernames like Display name and actual Username so that people don't just know your account login username…)

I do not support this suggestion; Two step authentication is a cancer that has done more bad than good.

badatprogrammingibe wrote:

I do not support this suggestion; Two step authentication is a cancer that has done more bad than good.

How so? I think it is a good thing, as it increases account security.

Semi-Support- Would it happen every time? It's secure and all, but kind of annoying.

Semi-support for always 2-step.
Full-support for optional 2-step because reasons stated earlier in this thread.

venyanwarrior wrote:

badatprogrammingibe wrote:

I do not support this suggestion; Two step authentication is a cancer that has done more bad than good.

How so? I think it is a good thing, as it increases account security.

This has happened to myself and to others I know:
Once you say lose your phone:
(A) You no longer had access to many services that required two step authentication.
(B) If someone finds your phone, they will be able to reset your password, as most services allowed use of phone to reset password.

badatprogrammingibe wrote:

venyanwarrior wrote:

-snip-

This has happened to myself and to others I know:
Once you say lose your phone:
(A) You no longer had access to many services that required two step authentication.
(B) If someone finds your phone, they will be able to reset your password, as most services allowed use of phone to reset password.

That's why Email verification is better. Since all scratch users have emails, but not phones.

StrangeMagic32 wrote:

badatprogrammingibe wrote:

venyanwarrior wrote:

-snip-

This has happened to myself and to others I know:
Once you say lose your phone:
(A) You no longer had access to many services that required two step authentication.
(B) If someone finds your phone, they will be able to reset your password, as most services allowed use of phone to reset password.

That's why Email verification is better. Since all scratch users have emails, but not phones.

In many cases you can lose access to email addresses, and similar things happen as result.

badatprogrammingibe wrote:

StrangeMagic32 wrote:

badatprogrammingibe wrote:

venyanwarrior wrote:

-snip-

This has happened to myself and to others I know:
Once you say lose your phone:
(A) You no longer had access to many services that required two step authentication.
(B) If someone finds your phone, they will be able to reset your password, as most services allowed use of phone to reset password.

That's why Email verification is better. Since all scratch users have emails, but not phones.

In many cases you can lose access to email addresses, and similar things happen as result.

Which is why 2-factor auth. is better because you will need a passcode to reset your password.

venyanwarrior wrote:

badatprogrammingibe wrote:

-snip-

Which is why 2-factor auth. is better because you will need a passcode to reset your password.

wait is 2SA verification through phones? or what… I'm confused now…

venyanwarrior wrote:

badatprogrammingibe wrote:

StrangeMagic32 wrote:

badatprogrammingibe wrote:

venyanwarrior wrote:

-snip-

This has happened to myself and to others I know:
Once you say lose your phone:
(A) You no longer had access to many services that required two step authentication.
(B) If someone finds your phone, they will be able to reset your password, as most services allowed use of phone to reset password.

That's why Email verification is better. Since all scratch users have emails, but not phones.

In many cases you can lose access to email addresses, and similar things happen as result.

Which is why 2-factor auth. is better because you will need a passcode to reset your password.

That is not how 2 step authentication works.

2 factor authentication is usually effective however there is not really a need for it on Scratch because there is no money/personal information which can be found by breaking into an account so it's not really necessary…

Can't you just make a really secure password? I don't see how someone could guess your password anyways if you make a really secure one.
Also, I'd like just a little bit of clarification, sorry if I'm just confusing with something else, but doesn't 2FA imply using a physical device on you, and those weird “token” things that change every 30 seconds?

This is an interesting idea.
I feel it could be quite annoying, but this could perhaps be optional? I know Amazon has a similar option when you sign in it will send you a text with a “pass” number, which you will need in order to even successfully sign in.

I think this could be great for someone who is quite weary of their account and wants to make sure no one magically gets in