I just saw in a year-end report that there is a badge for " Security Conscious" listing users who have authorized two-factored authentication.
It seems strange to me that individual user’s security practices (or lack thereof) would be advertised like this. I understand the whole gamification paradigm to try to get user’s to do things.
I don’t know if knowing that a user doesn’t have 2FA on their account could help with hacking them, but it does seem odd to advertise it.
Am I off base?
I would say it is quite dangerous cause we would be exposing information to hackers, here are the “weakest accounts on the forum”
Maybe some sort of private badge for this that is not exposed publicly could make sense.
Just to be sure, there are no such badges in default Discourse? So they would be custom badges from a particular instance?
Can’t find any security-related badges on meta badges page (or directly in the codebase).
There is no concept of “private badge” (badge only I can see) in Discourse at the moment.
I’m not an admin, and thought I would ask here first to see if it really was safe, etc. This is what I see on the badge page:
Yeah, I mean, if this badge was created specifically on a particular forum, you may want to share your concerns with its admins.
Interesting. The forum in question tends to avoid custom things so I’m surprised to hear that this is not part of core Discourse.
I guess I was mainly asking here if there was any justification for this being a security liability.
Thanks all!
