2-Step Authorization at Login Feature

Hello,

Unless I have overlooked this feature, I would like to see a beta version of this here.

Why

This is a suggestion not a bug

Its required for staff such as me; I can ask to see if we can make it possible for regular accounts as well. 

We are never going to add this for members. Why? Because there is nothing so personal and sensitive that needs that level of protection, and the hassles of new phones, etc - it's just a TON of work. 

Adding to this thread. The problem is if someone hacks into the account they can fraudulently spend and gift memberships using your account.

I vote to implement this feature as well because it's pretty much a standard for most websites.

Especially if you actually spend money on your accounts on this site, or want to protect your one and only account against someone else taking it over and doing something bad with it.

I also vote for the implementation of this feature. It's a security feature any site storing payment details should provide. Also chess accounts may be target of social engeneering just becuase of player popularity or rating and 2FA would lower the risk of something like that! The "hassles" of new phones etc mentioned by erik are only for people that use mobile authentificators bound to the phone number. But this isnt the only way to 2FA. A lot of people use the 2FA through their Password Manager and dont have that "hassle" that is apparently reason not to implement 2FA. Btw a certain other free chess page does provide any kind of regisitered user with the opportunity to 2FA

Edit: In case thats an argument. Even if the payment details are outsourced and sandboxed in paypals subscription system, ppl can still spend money on your behalf if it has been breached.

Much of the hassle is in the added support needed involving problems associated with helping members set up the process, troubleshoot it, move it to a new device, etc 

Seems about time. Chess.com community has grown.

This feature needs to be implemented as soon as possible! It is irresponsible if a website would provide such a useful security feature

It would be great to have MFA as an option at least. Those who do not want to use it, can choose not to. Having an extra level of security should be a norm everywhere

Thanks, this is a GREAT way to ensure I never become a premium member.

I am never going to spend a single penny on a website that doesn't support 2FA. We are not living in 2005.

Simple: If you want me to consider spending money here, you should consider implementing 2FA.

Most of the work comes in supporting the feature, People losing their phone, replacing them, 2FA breaking, etc.

This is honestly such a bad take. It really isn't and there are ways to alleviate this sort of support requirements. An example would be to require both Email and SMS/Authenticator app to be registered when someone opts into 2FA. This would make it so that if someone loses their phone or something like this they are able to get in with the backup 2FA method and reset the part connected to their phone.

Its pretty wild that a platform that saves payment information for subscriptions refuses to implement such a necessary security feature. This really NEEDS to be implemented..

This is a pretty irresponsible take, and I can almost guarantee that at some point in the future this will come back to bite the developers.

The users of this site invest quite a lot of time and money in this platform. Additionally, there is personally identifiable information contained in a chess.com account. Friends, emails, and potentially more. As the leading/ highest grossing chess website out there, it's a pretty bad look.

Please add 2 factor authentication for the worlds largest chess gaming platform as FIDE rated players also play here. So, I guess this should be a concern for the whole chess community as sometimes I am not able to log into my account due to constant hacking of my account. Infact, sometimes my ratings have fraudulently decreased from 900 to 800. We put lot of brain and time into upgrading our ratings but all the efforts remain futile. Therefore, kindly apply 2 factor authentication as soon as possible.

Regards

chess.com unhappy user

tbh i kinda agree

Please reconsider and add 2FA. It's not just a matter of privacy, but also of security. It's our account, whether it's a free subscription or a paid one. Today there are many ways to implement this, but nobody can't take a website serious if it refuses to enable 2FA, these days.

Another benefit of two factor is that when a user is banned for cheating their 2nd factor can be banned as well, raising the cost of cheating/getting caught. If chess.com is as serious about preventing cheating as they claim to be, then this feature would be already implemented.
To those who claim "your chess.com" account simply isn't worth compromising, that is a really bad take. Attackers frequently attack any and all accounts in an automated systematic way. If they obtain the password of one site say chess.com... odds are it the PW will work on other sites (yes,yes I know use different passwords for different sites, but what if you didn't?). Now when you have paying customers the risk of financial loss goes up. Not to mention if site administrators get compromised, imagine if you have full edit rights on the site and your account is taken over? Quickly all these "risks" add up to a likelihood of something very bad happening to become credibly possible. When chess.com has a user breach incident (or a series of breaches), the cost of repair/mitigation/reputation/loss of advertisers, will quickly outweigh the cost of support.
Brute forcing passwords is trivially easy today and no matter which way you slice the argument, it is a bad look for chess.com.
All said, it is 2023, the cost of doing business on internet is securely managing user access. Not having 2nd factor is like not having HTTPs, it needlessly exposes users to security risks and frankly is a solved problem.