2FA / Two Factor Authentication: Are there plans to offer any?

  • 4
  • Idea
  • Updated 5 months ago
  • (Edited)
As per title, are there any plans for 2FA (Two Factor Authentication) for the main IMDb site's login? 

It seems rather strange that even non-commercial sites like Wikipedia offer it, yet IMDb still doesn't, as we begin the year 2020. 

As someone who always enables this feature on any site/service that offers it, I would strongly recommend a TOTP (Time-based One Time Passcode) system, should 2FA be implemented. Perhaps with an additional SMS backup option or similar. 

TOTP is the type of 2FA with a QR code (though can alternatively be manually typed in) that you can scan to set-up inside either your password app (1Password/LastPass/Dashlane/etc.) or authentication app (Google Authenticator/Microsoft Authenticator/Authy/etc.) of choice. 

It works well, and is widespread enough that a great many users on the site would use and benefit from it. 

Whatever happens, IMDB should try to avoid the Ebay method of 2FA, where you have to do so within their mobile apps by selecting "Approve", as this can prove to be more of a pain if, for example, the user doesn't have their mobile phone nearby (eg. at home, having to run upstairs to go and get, or similar!). And it is not as user-friendly as TOTP. 

I doubt I'll get any response here from staff, but at least any of them reading this will confirm for them that many IMDb site users are at least thinking about our own security beyond the current situation. :-)
Photo of jimthing

jimthing

  • 159 Posts
  • 194 Reply Likes

Posted 5 months ago

  • 4
Photo of jimthing

jimthing

  • 159 Posts
  • 194 Reply Likes
I emailed IMDb's Customer Service team, who advised me to post here. So doesn't look like it's available yet, and no info forthcoming on it being implemented in future or not.

Personally, I don't think this is a user "vote on" thing; but rather something site mgmt shows leadership on by taking the impetus of improving their own website's login security. But hey ho.

There's nothing personal in the email, so here it is for the record:
(Edited)