I'm not sure that this belongs in this subforum, but I'm posting it in here because I'm not sure which one to post it in. I guess this subforum is a better place for it anyways, because users will not be able to see this thread unless they are subscribed to this subforum, a problem explained in my last thread. Even then they will only be able to see the title and that pretty much just gives it away. Anyways, Tapatalk has an issue: they don't prompt for 2FA. Why is this bad? Well in case you haven't already caught the issue, this would allow an intruder to log into a user's account and post, as well as read messages sent to this user. An example of a situation that this would be bad were if someone were to get a moderator's password. Now, they'll be able to freely post, view the moderator's messages, and if Tapatalk has this ability, moderate. A suggested fix would be to require moderators to use a password that they DO NOT use anywhere else. If they were to have their password leaked by a database breach, it could probably be searched up on Leaked Source, a site talked about in another one of my threads. Another fix would be to contact Tapatalk about the issue and recommend they add 2FA to their app, as well as disable Tapatalk support until such is done.
We have spoken with Cypriot about this and he is not interested in removing the Tapatalk at this time. Closing for that reason.
