PSA: You should enable 2-Factor Authentication on ChiefDelphi (and everywhere!)

Something that you probably ignored when CD moved to Discourse or when you registered in a rush to ask that burning question: CD supports 2-Factor Authentication. This means that someone trying to get into your account not only needs the password, but a six-digit code or a security key you carry. It makes it way harder for someone else to gain access to your account.

Aside: Many other websites support this arrangement, from online banking to social media. Turn it on anywhere you get the opportunity.

To do this, click your user picture in the upper-right photo (where you get notifications) and click the icon of a person directly below.

Then, click Preferences.

Then, in the left-hand menu, select Security.

Now, select Manage Two-Factor Authentication on the page. It may ask for your password first.

The screen you’ll see next is where you control everything. If you don’t have a physical security key (I don’t) but have a smartphone (I do), select Add Authenticator.

It’ll pop up a QR code for your app to scan. Common ones are Authy or Google Authenticator; both are free. Some password managers have it built in too. I’ve started using iCloud Keychain more; you can see a walk-through over here.

You can also enable backup codes; these are strings of text that will also let you in if you’ve lost your device, but only work once. I’d print them off and keep them somewhere safe.

The more places you enable it, the safer you’re going to be. Happy computing!


Thanks Billfred, but no need - I’m already at rock bottom on here, there’s nothing worse these hackers can do on this site.


There’s always a step lower.


Lower indeed.


Is this you?


Thanks for the PSA! I didn’t realize CD supported 2FA. I remember checking after the Discourse transition, but didn’t seeing the option.

Take my account, please!


It might be easy to dismiss the security of your Chief Delphi account. It its compromised it might be just the stepping stone people need to get enough personal information or impersonate you to get some financial gain or walk back to your more trusted accounts.

Its amazing how many times people use similar information for all of their websites and logins.


Is this psa prompted by a recent security issue we should be careful of? (DM scam, etc)

other than the 1 million other hacks and scams going on? its a generally good security habit to get into.

1 Like

As far as I’m aware, there’s not been any recent issues, scams, or CVEs involving Discourse. It’s just good policy.


I didn’t even get a badge for setting it up :angry:

1 Like

I think I set it up correctly, so now I’m not at any risk of being hacked! By the way, I was supposed to send my password and authenticator code to the mysterious email I got from “Chef DeIfy Admin”, right?



Founder of American companys “Ellon” has decided to give away fortune in the form of the “Dog’s Coin”! It is a digital computer coin that many peopel have made grow into a much larger a mount and now it can be you’res! Many say give aways and cryptoes are falsehoods, but this one will go “On The Moon”!


No, I wasn’t actually hacked. But still, don’t send your account info to anyone if you don’t want your account to be posting messages like this!


Our lead mentor’s (my dad’s) email was hacked this morning. So I spent a couple hours figuring out how to get a hold of him (out on fishing trip) and get his password changed and then figure what other changes were made (email forwarding to another account) to get those reversed.

That was among getting numerous messages from students, alumni, other mentors, former mentors, family, friends, church members, etc., asking about the odd emails they were getting (asking for them to buy $150 Sephora gift cards).

Long story short, well recommended to remind people on your team to practice more security on their and team accounts. With more 2fa when you can.


This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.