What is the status with implmenting 2FA? I will not be purchasing a Chess.com premium account and will not be spending a single penny on this website until 2FA has been implemented. I'm not going to spend money just for my account to be hacked and I lose everything I spent my money on. Fix this and act like it is 2023 please, thank you!
It's not going to be added to the site for regular members based on the last discussions I've seen about it.
... Not to mention if site administrators get compromised, imagine if you have full edit rights on the site and your account is taken over? Quickly all these "risks" add up to a likelihood of something very bad happening to become credibly possible. ..
That can't happen as privileged accounts (such as staff and moderators) have 2FA.
... Not to mention if site administrators get compromised, imagine if you have full edit rights on the site and your account is taken over? Quickly all these "risks" add up to a likelihood of something very bad happening to become credibly possible. ..
That can't happen as privileged accounts (such as staff and moderators) have 2FA.
I did not know that when posting (but an admin also DM'ed me to confirm that is the case). Which is great news! It means the mechanism for 2FA is available on this platform.
I too would like to better protect my account. And anyone who is paying a subscription for the service should also be thinking to protect theirs.
The primary point is that the risks to users are significantly reduced with 2FA and that reduction in risk translates to a benefit, that I would argue that outweighs the cost of support.
I would argue that they should remove the setting fields such as first, last name, country etc. until they decide to implement 2FA for general users.
Its not a ton. But if someone is able to compromise an account with someone's username(not email address) and password and obtain that information it could easily lead to other account compromises due to said personal identifiable information.. with the correct resources that hackers generally use. Even the fact that the email address is partially visible is a problem. because the first and last name combination could be used to identify the full email address if its out there.
Then its just a matter of checking to see if that email address has been pwned... and thats just a single scenario i can come up with in 5 minutes..
Sure its up to each user if they want to fill that information out and id guess its not a huge amount of people that do. But I guarantee that there are people that do fill that info out. The email address shouldnt be visible at all on the account and there should be absolutely zero personal information stored thats visible to the account holder while not having some form of 2FA.
And yes I am aware that 2FA can be circumvented but it makes it a great deal harder to compromise an account.
With a site as large as this its irresponsible to not have it or to have any personal identifiable information attached to the account that users can see when they are logged into the account..
BRUH and THEN if you go to the membership and payments tab in settings it literally just shows the email address of the account used to purchase the membership. but yes go ahead and say there is nothing so personal and sensitive it needs to be protected.
what a joke
MrTacos gets it! Thanks for lining out the issues clearly. Agreed on all points. If Lichess can do 2FA there is no reason chess.com can't
And my considerations dont event take into account what happens if Chess.com suffers a data breach and user account information is leaked.. if a form of 2fa is implemented your user base at least doesnt have to fear losing their accounts. Especially your high profile end users. Though ill bet you have it enabled for those accounts 
Its required for staff such as me; I can ask to see if we can make it possible for regular accounts as well.
Wow! The staff warrants protection of 2FA but not the users!
Its required for staff such as me; I can ask to see if we can make it possible for regular accounts as well.
Wow! The staff warrants protection of 2FA but not the users!
Staff have more rights and a compromised staff account could do a lot of harm on site.
lichess.org offers Two-factor authentication… Reasons why chess.com should implement it and also a site you guys could use it you really wanted Two-factor authentication.
Staff have more rights and a compromised staff account could do a lot of harm on site.
Staff should use those "rights" to maintain the integrity of the Chess.com brand on an international and professional level. If Chess.com does not protect this platform, it will simply turn into another social media cesspool.
To satisfy both parties' needs, just give 2FA to ones who demand it. Unfortunately, this might not work.
Chess.com doesn't care if someone else accesses the clients accounts. This is a matter of security for the users. I'm not using chess.com until 2FA is implemented.
If chess.com is worried about the inconveniences caused to the users, simply give 2FA as an option, and not make it mandatory for everyone. Or maybe they are just lazy? Is there a way to make a feature request?
If chess.com is worried about the inconveniences caused to the users, simply give 2FA as an option, and not make it mandatory for everyone. Or maybe they are just lazy? Is there a way to make a feature request?
It's been requested and staff posted in this topic that it's not going to be added. As far as I'm aware, that stance hasn't changed.
If chess.com is worried about the inconveniences caused to the users, simply give 2FA as an option, and not make it mandatory for everyone. Or maybe they are just lazy? Is there a way to make a feature request?
It's been requested and staff posted in this topic that it's not going to be added. As far as I'm aware, that stance hasn't changed.
Based on your last posts, you seem to be defending this behavior, instead of pressing the chess.com team to change their point of view and see that the users want the feature. Why is that?
Please, everyone, keep pressing the chess.com team, they need to understand we users want this feature, we think our accounts are important and we need our accounts secure. These days, a password is just not enough for secure accounts.
I can't pressure on the team to do anything. @erik is the CEO and posted the answer here.
If chess.com is worried about the inconveniences caused to the users, simply give 2FA as an option, and not make it mandatory for everyone. Or maybe they are just lazy? Is there a way to make a feature request?
It's been requested and staff posted in this topic that it's not going to be added. As far as I'm aware, that stance hasn't changed.
In this particular thread, who exactly is "staff"? A minimum-wage employee who sits in a cubicle? The manager of Chess.com X-Division? How far up the corporate ladder did this suggestion really go? If @Eric responded, then I must have missed it.
Where do these suggestions go to? Does the buck stop with you, or someone else? Are you the gatekeeper who decides if anything makes it out of this forum or not? Do chess.com employees ever sit around the conference room table and discuss the merits of suggestions from the Beta Club, or is it just an up/down vote by one person who causes each suggestion to see the light of day – or be cast into darkness?
What is the status with implmenting 2FA? I will not be purchasing a Chess.com premium account and will not be spending a single penny on this website until 2FA has been implemented. I'm not going to spend money just for my account to be hacked and I lose everything I spent my money on. Fix this and act like it is 2023 please, thank you!