Avenir SR medal 5432 1 year 6 days ago
Add two factor authentication like a phone number SMS system or Google's authenticator app, as it's very easy to change an accounts email and password once you get into said account without any checks, this is a massive security risk.
Even without the third party authentication a temporary solution could be to force the user to send an email to the current email asking them to confirm if they want to change the email or not.
Please don't reject this idea because I've seen people try to steal accounts like this due to the lack of safety.
The Myth medal 5257 1 year 6 days ago
There's an even easier fix to this massive security risk.
'Do NOT share your account details'.
Avenir SR medal 5432 1 year 6 days ago
its not about sharing the details, its more about if your device is compromised without you knowing it, IGP should have certain security checks like literally every other website.
The Myth medal 5257 1 year 6 days ago
Yes that's valid, but the chances that anyone skilled enough to compromise a device security is after an iGP account is slim at best.
The most common means of losing an iGP account is via account sharing.
The devs could probably note this for the future but I'm certain they have more immediate needs (long standing issues) to attend to.
Bee COFFEE medal 5285 1 year 6 days ago
I get what you mean, however when someone compromises a device they steal pretty much everything and change them, in the hopes of extracting money from the user so its quite possible they would still do it to the IGP account, but yes I agree they should at least note it down
Avenir SR medal 5432 1 year 6 days ago
yeah i agree with both of you
