Suggestion: force 2FA usage for staff

Hi, Michael from the Discourse team here.

I saw the announcement of the compromise and wanted to point out a feature we previously added to hopefully prevent this kind of compromise in the future.

In the site settings you can set enforce second factor to staff - that will ensure that any admins & moderators are required to have 2FA of some sort enabled.

Good luck!


Thanks for your suggestion. We are already working on this :slight_smile:


Thanks for the note - I did notice that setting while working thru our issues this weekend and am considering flipping it on shortly. Had to get myself settled first.


2 posts were split to a new topic: Refreshing Github login

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.