Having it optional defeats the purpose

  • I appreciate that you want to find ways to make some money from your hard work, but I think you’ve made the wrong choice.

    Allowing the user in the free version to be able to turn it on & off at will completely defeats the purpose of installing 2FA.

    The free version should allow me to make the requirement for it compulsory.

    Oh, one other thing – the user’s 2FA settings should be in their profile, rather than a separate page, as I often allow users to access their profile, but deny access to the dashboard in general.

    Other than that, it seems to work well.

Viewing 1 replies (of 1 total)
  • Plugin Author David Anderson

    (@davidanderson)

    Hi Peter,

    > completely defeats the purpose of installing 2FA

    Not really. Only if you have multiple users, and you require your users to use TFA at all times, and those users cannot be trusted to obey your policy unless it’s enforced at a technical level. That, from our research, is very much a minority use case. (The great majority only have a single user on their sites – the admin who looks after the site).

    If you have untrusted users, then that’s a reasonable place for a free/paid split, in our view. Producing maintained plugins costs time and money, and the split has to fall somewhere reasonable, in relation to the spread of real-world users, for a maintainable model in the long run. You can see from our stats that several thousand people are happily using the free version, and we’re glad to provide them with it.

    David

Viewing 1 replies (of 1 total)
  • The topic ‘Having it optional defeats the purpose’ is closed to new replies.