The 234 million or so unique Reddit users are finally getting the option of setting up 2-factor authentication for their account(s).
Why is that important?
With over 540 million monthly visitors, social news aggregator Reddit is one of the top ten most popular websites in the world.
You don’t need to open an account to peruse its content, but if you want to participate in discussions on one of its countless subreddits, you’ll have to create one.
Many users enjoy the relative anonymity that the site offers, but have created a recognizable persona via their username and active interaction on the site, and would hate to see their accounts taken over by attackers.
A long, complex, and unique password does a lot to keep one’s online accounts safe, but 2-factor authentication means that even if the user is tricked into sharing his or her password (or the password has been compromised by malware), an attacker won’t be able to access the account without the second authentication factor.
Reddit 2-factor authentication
The feature can be enabled from the password/email tab in the account’s Preferences menu.
Users have to enable two-factor authentication, verify their email address, enter their password and set up an account on an authenticator app (that supports the Time-based One-Time Password protocol) such as Google Authenticator or Authy.
The whole enrolment process is explained in detail here.
The option of creating backup codes is also offered, in case users lose their smartphones and therefore can’t enter the required code/second authentication factor on login.
The feature has been already tested by beta testers, moderators, and third-party app developers, and most of the bugs are likely to have been splatted by now. Still, some users have taken upon themselves to point out some things that could be done better or could become a problem.
Others have lamented the lack of a “remember this device” option. As things stand now, users who enable 2FA will have to enter the second factor each time they log into the account – and that can become tiresome enough to make them forego that additional security measure.