Jump to content

Thomas K.

  • Posts

  • Joined

  • Last visited

1 Follower

About Thomas K.

Recent Profile Visitors

1,298 profile views

Thomas K.'s Achievements

  1. I'd like for automatic topic locking to be logged in Moderation Actions > Moderation History. It could say something like "Auto-Locked by System" and it could say who it was set by.
  2. I'm trying to setup a bug tracker, and I have reviews turned off for it in the database settings: However, if you go to someone's reputation activity page, for example, it shows "Bug Reviews". How can I hide this?
  3. I think I tried that once, but it didn't work properly (still appeared broken). Does anyone know if it works for sure? It would be really nice if there was a way to retire emoji in the ACP.
  4. I'd like to retire an emoticon so users can't use it. However, deleting it will result in broken images across the forum. Is there a way to make it unusable?
  5. I'll admit that I should have been more clear. I am comparing them in a way that simply shows one is a better security measure than the other. On the other hand, you use a comparison that seems to imply that one option does not necessarily combat user ignorance more than the other, which I don't necessarily believe is true. Here is what I'm saying: The availability of security questions puts account security at risk more than I'd ever be comfortable with. The concerns outweigh the benefits. While 2FA is rarely used by people (I believe less than 8% of Google users use it), it's at least there. It's harder to compromise, and its benefits outweigh the cons. The existence of 2FA itself isn't a problem, while the existence of security questions is a problem. I'll try not to keep on re-iterating my points from now on though. I don't want to turn into an annoying broken record.
  6. Simon Woods: Security questions are opt-out, while 2-factor is opt-in (as far as I know). You're comparing them when they shouldn't be compared. Look at it this way: Based on current research, security questions are a poor form of security (Google doesn't even use them anymore). If a user wants to be safe, it's the user's responsibility to not use the security questions. You could very easily argue that an account is more insecure if their account has security questions enabled, and if they're ignorant and don't opt-out, they're left being more insecure than if this feature didn't exist in the first place. With 2-factor authentication, it's opt-in, so it can't be compared on the same level. It's simply an added bonus to make your account safer. Charles: That's a good point. I definitely respect it and can see why the company chose this course of action, but I don't necessarily agree that it's a good enough excuse. Perhaps you need to "pull an Apple" and forge ahead against the resistance. Social engineering is becoming more and more common; I've seen personal lives and companies severely damaged due to social engineering. For example, it's all too common to hear of AWS accounts being compromised by simply tricking Amazon. Imagine if a forum is compromised in some form or another, and suddenly unencrypted personal details (answers to security questions) are out in the wild, putting people at risk across the web with their other accounts that use security questions. There are obviously ways for forum administrators to customize this feature and make it more secure, but at the end of the day, it puts way too much responsibility on the administrators and users, and it's a poor security measure to begin with for the reasons I listed above.
  7. Many sites are moving away from security questions because they're found to be unreliable or unsafe. It's curious that IPS is adopting this instead of 2-factor authentication. Perhaps 2-factor is coming later, but the implementation of security questions should be raising eyebrows. I know there's an option for users to opt-out, but this puts security responsibilities on the user, and the user may be ignorant. http://research.google.com/pubs/pub43783.html https://security.googleblog.com/2015/05/new-research-some-tough-questions-for.html
  8. Adblock Plus uses this as one list: https://easylist.to/easylist/easylist.txt It blocks the share buttons for IPS forums. Can anyone find the line in that file that blocks the share button? I want to block most share buttons on the web, but not on my forum. I'm trying to make an exception.
  9. If you can't maintain your community, then shut it down. Your members don't deserve to be on a website that is not as secure as it can be. Have you considered it may not be feasible to offer free updates, or that the software is still written by developers who need to feed themselves?
  10. That is definitely a more insightful reply than I ever thought I would get, Joel. I never thought about reputation like that. I actually agree that it would involve more thought and will admit that I now partially revoke my original suggestion. Since there are so many components to the suite, I think the entire reputation system needs a good review. I would at least modify my suggestion to say that IPS should implement settings to allow forum administrators to fine tune where reputation is eligible across the various components of the suite.
  11. We have discovered that a favorite way to commit reputation abuse is via profiles. Reputation should be given to high-quality content that deserves it. It's hard to track it on profiles, and there is hardly ever content on profiles (statuses) deserving of reputation. Therefore, we should have the ability to disable the possibility to earn reputation for status updates.
  12. Do notifications take a long time to load for anyone else on this site? It routinely takes 5-7 seconds for notifications to load after clicking the button. It's not like that on my site (almost instant). Clicking the Messages button right next to it works fine.
  13. I would rather have this than the other options. Most forum users paste their junk formatting and don't remove it, for some annoying reason. Very seldom will users actually want to keep their formatting.
  • Create New...