Hi there! Not sure if this was suggested before, but I would like to have an extra security layer when using the platform. Right now, in the event an attacker gains access to a Patreon account, the attacker can not only access all the patron-exclusive posts that the victim has access to, they can also subscribe to as many creators as they want for free, at the victim’s expense.
There are scenarios where the attacker could gain access to the account without knowing the password and without entering any 2FA code. These are just two examples:
- Cookie stealing: The web browser stores some small bits of data to keep the user logged in, if this data is retrieved by the attacker it could be used to access the victim’s account. No login required.
- Stolen phone/laptop: If the account is logged in, they can access it without any login prompt.
In order to mitigate the first scenario, Patreon should link every session cookie to a particular IP Address, Device and Web Browser. If any of these 3 change, the cookie should be rejected and Patreon should require a login. But this won’t help to mitigate scenario 2, that’s why I’m suggesting this feature.
The idea is to add an optional security option that, if enabled, it would require a password prompt and/or a 2FA code when the user performs any operation to the memberships (Subscribing, Cancelling, Upgrading Tier, etc). With this feature in place, the attacker in scenario 2 would still have access to the patron-exclusive posts, but will not be able to subscribe to hundreds or thousands of creators, and potentially ruin the victim’s life financially.
Obviously there’s no salvation for those careless individuals who have the passwords written in a post-it and don’t even care to enable 2FA. But for the average user (not security savvy but not that much careless) this feature could save some people out there. I think it would be worth to implement it.