Board Thread:General Discussion/@comment--20150814190019/@comment-26402117-20150816131850

The skin is probably fine with Helios, MediaWiki injection is a problem if abused tho. See, giving sysop accounts the same security as normal ones is not really a good idea and I can't repeat myself enough.

Its not nice knowing my account just needs a run-of-the-mill universal hack to get sysop access/privileges on the backbone of Wikia's architecture. Let alone a staff account. Extraordinary risk requires extraordinary security. If no admins have refused 2FA, then it would be a good idea to force the feature on users with more than one usertag (which would be possibly poweruser), or one of sysop, vstf, codeeditor or staff specifically and cite the risk their account could pose if hacked.

 Speedit   ♞    talk   contribs  13:18, August 16, 2015 (UTC)