Feature Request - 2 Factor Authentication and Account Security Improvements
So I just realised this when editing my account settings,
And I'd like there to be an update to fix this, because I believe this is a glaring account security risk.
There is currently no authentication process for changing your account password, and no 2 factor authentication. This means, all someone needs to do in order to steal your 7 Cups account - is know the email you're using.
To change your password, you should be required to verify your current one - which leads me to the next problem:
There needs to be an optional 2-factor authentication - this feature is standard for most social media accounts, and even though 7 Cups is not a social media - I'm surprised it doesn't have 2FA.
This 2-Factor Authentication, when setup and enabled - should require you to verify your 2FA when logging into 7 Cups on a new device, and changing any security related account settings such as your password and deleting/de-activation. (for both Listener and Member accounts, if linked to the same email)
I also want to point out that this 2-Factor authentication method should only be for "Authy" or other 3rd-party authenticator apps, while authentication via email should still be available - SMS based authentication should not, as it is vulnerable to social engineering and SIM hi-jacking which can compromise any account (not just 7 Cups) associated with the user's phone number.
@GnomedBinary
something @Jon7cups and @Heather225 might wanna add on?
@GnomedBinary
I am retagging @Heather225 as there does not seem to have been a response here.