the byte community forums

Security of your byte account

#1

I think that Byte should have a lot of security options for your account. Instagram has almost none and Twitter is almost just as bad. Here are some ideas I’ve had that can help better protect your account.

One of the things that I think should be implemented is Email verification every time you login on a new ip to your account. Every time you want to login on a new ip, you would need to first verify it in your email. (Example of what Discord has: https://imgur.com/a/lz6xrJz) Having this extra layer of security can be helpful if someone has your Byte password but not your email password.

A lot of times when people are hacked its due to password reuse, when signing up people should be prompted too create a unique password for Byte and make sure they have a strong enough password. Adding on too this, Byte should blacklist extremely common passwords from use (Like password, qwerty, 12345 etc so people don’t try to use those)

Something else I see rarely is login via email (The forums already has this :smiley: https://imgur.com/a/jxQ2MfT ) Basically how this works, you get an email sent to you and it has a link that automatically logs you in. It can be helpful because you don’t necessarily need to remember your password to login

2fa is a must. But I think you should be required to use something like Google Authenticator or Authy, and not your Phone Number. Phone numbers can be stolen too surprisingly (https://en.wikipedia.org/wiki/SIM_swap_scam) and this is how a lot of the time celebrities get hacked, they have their phone number connected to all of their accounts and then someone steals their number. I think phones should also be an option, since almost everyone uses them, but the app should recommend to use an authenticator instead of your phone.

Active login on one device at a time. This would make it so you can only be actively logged in at one location at a time, making it impossible for a hacker to login to your account while you’re currently logged in. It could be toggled in security settings, so you could allow multiple devices to be logged into your account at once. This could be a pain, like if you lose your phone for example, so after a month of inactivity I feel like it should reset, so you would be able to login if you bought a new phone.

Detailed login alerts. Whenever there is a login to your account you should get an email saying what device, ip, and location the login was in so people can see if there is any suspicious activity on their account.

Make it so when people are changing their email in settings they need to first verify with email
(Or 2fa if they have it enabled). If somebody hacks into your account but can’t change your email, they can’t really steal your account without also having your email or somehow having your 2fa.

Backup keys in case you lose access to your 2fa account. A lot of services provide this, if you lose access to your 2fa you would be able to use one of the backup keys to login/edit your 2fa options. You would get your backup keys only when you first enable 2fa and you would have to screenshot/write them down somewhere to remember them

That’s all the ideas I have for now, If I think of anymore I will edit them in to this :slight_smile:
Also i’m open to criticism, if there’s something I suggested and you don’t think it would be good for the app, please reply with how you might think it could be improved or why you don’t think it should be implemented

19 Likes

#2

I believe byte would benefit from having two-factor authentication. It would be a lot safer to access app data with double security.

13 Likes

#3

This is great and extremely detailed! These ideas should be implemented for the safety of Byte :blush:

8 Likes

#4

Love the amount of detail this topic has! To see more about login verification, check out these topics I made about a year ago:
Login Verification on byte || Immediate Login Verification on byte

P.S. - Login verification has already been confirmed by @cami_p to be a feature on byte. However, immediate login verification hasn’t been confirmed by any staff members or TL4s yet.

7 Likes

#5

i’m glad to hear that there’s gonna he login verification :slight_smile: hope more stuff gets added to make our accounts even more secure

4 Likes

#6

yes absolutely

4 Likes

#7

for iOS, if possible i would love if the Byte staff could integrate Apple’s security features into the Byte app. They are the top privacy company in the world, I like how their 2 Factor Authentication works—frankly I dislike Facebook and Google a lot—if you try to login into iCloud.com or Apple ID etc etc., it sends a code to your iPhone not your iPhone’s phone number.

4 Likes

#8

I like iOS security features also, I would like to see features like face id implemented

3 Likes

#9

Really good points. Being able to login in one device at a time is a good securuty meassurw yet it could cause some trouble. At least for me that I use different devices most of the time, it would be a problem.

4 Likes

#10

it would be optional in settings to turn on and off. The setting would be off by default so people don’t accidently get confused when they try to login on something else

2 Likes