You’re right, but it might save people from themselves. Meaning those who use the same email address / password combo at multiple sites.
1 Like
Can you see your payment info if you login to TR? Not see what type of payment you used and the last 4 of the CC, but the full payment info so someone could take that data and buy other stuff with it. If yes, TR should fix that, if no, then there isn’t much incentive to hack TR. Sure some people may have fun hacking your account, but the main draw of hacking is money and if you deprive them of that there is little incentive.
I’m not against 2fa, just want to be realistic about what it gives.
2 Likes
Possibly not, but what if one of our accounts could then be used infiltrate TrainerRoad further?
I don’t know how separate internal platforms are from customer facing - they could be in totally different cloud platforms for all I know but hackers are some of the cleverest tech people out there - if there’s a way they’ll find it. I’ve never been asked to change my TR password once, I work in IT so have what I believe to be a secure password, but unless there is tech in place to control poor password usage there is bound to be one user using password123 as their password!
Agreed 2FA wouldn’t help in the Garmin attack, but I believe 2FA should now be standard for any company who provides public login
If TR could integrate into the app they could make it as simple as possible to use
+1 for optional 2FA, or less disruptive - additional email verification if you’re looking in from a new device/ip address.
Sadly I don’t yet tresure TR high enough to actually want 2FA hassle for my own account, but this will come with time as I build up more training history.
-1 if it’s not optional
I don’t want to type more stuff every time I open the app. There is nothing I have that I worry about other people finding out.
2 Likes
+1 for 2FA
Also implemented the “privacy zone” like someone already mentioned. It would be nice to hide home area when doing outdoor activities.
1 Like
But what if someone gaining access to your account ends up granting an attacker wider access? Security should be taken across the platform, not just on an individual basis. It’s not just about you.
3 Likes
Ifs and buts.
If it’s anything more than a fingerprint, I will hate it and most likely not use it.
Just live with the fact that in the internet era there is no privacy.
Privacy and security are two different things. 2FA is annoying, agreed, but it should be mandatory. I would expect we wouldn’t have to log into Trainerroad very often. It shouldn’t be that intrusive. SMS 2FA is not great, but it is simple to use and would be better than nothing. The option should be SMS or a token based, not 2FA or nothing
2 Likes
2FA as an optional security measure is a great idea. I see some weird ideas in here though that somehow having some users not using it weakens the whole platform: ie, confusing quthentication with data security. If that were the case, first that’s a big TR security problem if end user accounts can compromise the internal security. Second, it 2FA wouldn’t help because hackers would just buy an account (eg. Stolen credit card) and then compromise the entire network.
I log into trainer road at least 5 times a day. 20 if the forum counts.
The forum already has 2FA. I use 2FA to log into the forum.
Definitely recommend getting 2FA if possible.
1 Like
If trainer road start 2nd factor authorization whatever and it means I have to login, then wait for a BS text or email or something, dig that out, then go back and login a second time, I’ll just find a competitor to use that isnt trying to turn a cycling workout into an IT gymnastics exercise.
This attitude is exactly why the likes of myself and @bazcurtis are always going to be busy…
3 Likes
What am I missing? Why would I care if anyone else logs into my account?
They could cancel your subscription, delete your account. Send you a fake email saying that Trainerroad needs your credit card information and send you to a fake site.
You may not fall for this, but plenty do. Look at the Twitter Bitcoin attack two weeks ago. People who are clever enough to use Bitcoin sent money thinking they would get twice as much back
I don’t think it’s that big of a deal. I seriously doubt anyone wants to take the time to hack into your trainer road account and find out your ftp. Lmao.
True, hackers don’t care about FTPs 
However, most large scale hacks are not trying to get the underlying data associated with a service, but rather use the information as part of a larger phishing or social engineering campaign.
There is valuable location and language data associated with ride files that would allow an attacker to easily profile targets for future investigation.
1 Like