Why does the forums have different sign-up, and MORE security than Replit?

When I made an account on the forums, I wasn’t logging in with Replit. Very odd, as Replit has Repl Auth and surely that would be easier to implement?

As an extra bonus however, the forums accounts actually have more security than Replit. 2FA exists here but not on Replit, and even though you can sign up on Replit with something like a Google account that has 2FA, if you signed up using a username and password you are locked with that and no-2FA as a login method indefinitely, so one password will always be a method to hijack the account. Seriously, this needs to be changed.

These forums use discouse and the sign up settings have not been changed other than adding a field for your Replit username. The stuff like 2FA are already built in and has not been disable. Replit auth has been brought up many times before and it has been said they are working in it. @lena any updates?

2 Likes

Yeah it would make sense to actually validate the entered Replit usernames as well, I could just say my Replit account is amasad and there would be no validation.

Hi @CodingCactus yes it is currently just a text field which wouldn’t be required if we used Replit usernames as SSO.