Board Thread:General Discussion/@comment--20150810171627/@comment-310-20150810215416

DaNASCAT wrote: First and foremost, there are a lot of suggestions included on this thread about how to mitigate this particular exploit. They are very good solid ones. However, each one would require a good amount of engineering time and each have a fallback. For instance, 2FA is totally something that would strengthen security. But it would also cause more log in issues and maybe detract some people from joining Wikia. The more steps you put in the registration process, the more likely it is for someone to feel it's not worth it (and joining Wikia is worth it!)

I don't ever recall a 2FA system that was mandatory at registration. In the scope of Wikia's interests, 2FA is useful, but only to a comparatively small handful of people (such as staff), for whom have extensive permissions across Wikia's network; it should be optional, but certainly not mandatory at registration.