x
  • IP Copied!
    Click to Copy IP
    0 Players Online
  • Join our Discord!
    0 Users Online
  • Tapatalk has no 2FA Prompt

    Discussion in 'Reports' started by pre, Oct 1, 2016.

    Thread Status:
    Not open for further replies.
    1. pre
      Offline

      pre Well-Known Member

      Joined:
      Oct 3, 2015
      Messages:
      1,302
      Likes Received:
      384
      I'm not sure that this belongs in this subforum, but I'm posting it in here because I'm not sure which one to post it in. I guess this subforum is a better place for it anyways, because users will not be able to see this thread unless they are subscribed to this subforum, a problem explained in my last thread. Even then they will only be able to see the title and that pretty much just gives it away.

      Anyways, Tapatalk has an issue: they don't prompt for 2FA. Why is this bad? Well in case you haven't already caught the issue, this would allow an intruder to log into a user's account and post, as well as read messages sent to this user.

      An example of a situation that this would be bad were if someone were to get a moderator's password. Now, they'll be able to freely post, view the moderator's messages, and if Tapatalk has this ability, moderate.

      A suggested fix would be to require moderators to use a password that they DO NOT use anywhere else. If they were to have their password leaked by a database breach, it could probably be searched up on Leaked Source, a site talked about in another one of my threads.
      Another fix would be to contact Tapatalk about the issue and recommend they add 2FA to their app, as well as disable Tapatalk support until such is done.
       
    2. kinsey_kid
      Offline

      kinsey_kid Developer Developer Premium

      Joined:
      Aug 4, 2014
      Messages:
      11,217
      Likes Received:
      778
      Thank you for this, we will tell Cypriot as soon as he gets back.

      - kinsey
       
    3. Dyna_Mighty
      Offline

      Dyna_Mighty Retired Head-Mod

      Joined:
      Oct 13, 2014
      Messages:
      9,095
      Likes Received:
      1,274
      We have spoken with Cypriot about this and he is not interested in removing the Tapatalk at this time. Closing for that reason.
       
    Thread Status:
    Not open for further replies.

    Share This Page