Top 10 Security Features that Must Be Added to TheTopTens

There might be multiple flaws in terms of security in this site, making some registered users somewhat vulnerable to hacking even with a relatively strong password; therefore, here are the following 10 major & minor features that elevate not only account security but the site overall that should be prioritized implementing to TheTopTens.

The Top Ten Security Features that Must Be Added to TheTopTens

1 Two-Factor Authentication

Honestly is there a reason that there needs to be added security, this is just a random rating site after all, you don't use this site to buy stuff, to put personal information on, really no one even knows who anyone is on this site unless that individual actually decided to give another user that information outside of that user like Nintendo games or Marvel movies and maybe politic standing if there so inclined to make political ranking lists which are just plan weird list to make for a ranking site that makes entertainment ranking. and if another person has your password it isn't a flaw in their security put a flaw within that individual giving out their password to people or making passwords that are so easy for a person to guess, if they added a two password system what would prevent that person from just giving out both those passwords or just making 2 really simple passwords to be hacked.
Honestly a far more effective security measure would be to prevent political topics on ...more - germshep24

This is the most recommended feature to implement to the site. How this works if the user attempts to login to its account successfully, a secret code must be provided consisting of preferably several or more random letters & numbers before having full access to that account; an email message will be sent to the following verified email associated to the account, opening the email message will reveal the code. This is just like when you register an account on this site as it requests the code that is sent to the specific email address before account creation, but instead the major difference logging in to the account; however, this should be an optional feature for certain users who find this tiring and in cases might be considered too much effort. - illusion

And a handful of users will quickly get bored of this circus and disappear like camphor. Make it optional at least - Alkadikce

Only optional please. I don't have my address and credit card codes in my private messages, so why should I be so insecure about someone logging in. How many times did an account get hacked, excluding the Demon_Kitty incident where she made her password public? What information or datas do you have on this site that you are afraid of others seeing? - Alkadikce

That however means less people would go on this site and less each time will go, then it might become discontinued.

No it wouldn't. Make 2FA optional and the users who find it annoying won't have to use it. - shadomatrix

2 Suspicious Login Detection

If a hacker somehow gains access your account with a different IP address, the site should be able to detect a suspicious login that restricts full access to the following account, an email would be also sent to the account's associated email address stating if you want or not to provide access of the account to that IP address; this might be a little problem for VPN users but it should be preferable. - illusion

He's talking about security features, not about banned accounts. Can you at least point where the author states he's talking about bans in this list? - aqua84

If this existed I'd still have Demon_Kitty - BananaBrain

<open-file-NOTAVIRUS> - Ashes

3 Security Questions

Customized security questions preferably up to three questions are also ideal for increasing protection in user accounts, you could put any type of question and answer wanted. If a suspicious user somehow logins your account, the security questions will be brought up and need to be answered before having full access to the account, it should be quite effective for countering those who guess passwords. - illusion


No way, this is ruining my time here. I am simply unable to make a list from now on because the same damn hideous image appears every second that makes me click on boxes for minutes. When I can finally get back to writing my list draft, the whole thing starts again from the beginning. If this Captcha thing goes on, I can hardly make any lists in the future - Alkadikce

A ReCAPTCHA system would be a viable addition in order to stop the mass amounts of vote/comment/like bots. The feature should be strictly enforced to visitors, but SHOULD be no more to registered users; when they comment or perform any action(s) done on the site, the user or visitor needs to check or solve a simple ReCAPTCHA puzzle first before performing a specific action. - illusion

They could of tweaked it and have it be for the visitors, and not us to suffer to. How much more difficult it is to just save, and submits lists and at times glitched remixes that don't go through all the way. - htoutlaws2012

This should be a visitor-only thing to keep bots from spamvoting. Users shouldn't have to deal with this. - shadomatrix

5 Special Characters in Passwords

Currently; only letters, numbers, hyphens and underscores are allowed in passwords. Allowing more variety of special characters are an effective way for account protection and should be preferable so passwords are harder to crack. - illusion

This one I'm down with every site should allow you to be able to make whatever password you like, not allowing special characters is taking away an individual rights, since passwords should only be known to that individual and have no affect on another person - germshep24

I think a 40-letter sentence that makes sense is hard to hack but easy to remember, whereas an 8-letter hierogliph rubbish is hard to remember but easier to hack - Alkadikce

This is one of the few reasonable items here. Special characters are allowed in passwords in almost all websites. It needs to be added here, but that’s pretty much it. - Leafeon

6 Pending for Account Deletion

Registered accounts are immediately deleted when account deletion is initiated requested by the user; instead, the account would be disabled and should wait until up to a week or more preferably before account deletion is initiated; not only this stops an unauthorized user from doing such damage via deletion of targeted user account, the user should be also able to revoke the request during its pending state just in case the user changes its mind. A reminder stating pending deletion & stating the account is deleted should be also sent to the email associated with the user account. - illusion

7 Suspicious Activity Notification

Just in case the site is somehow unable to detect suspicious login activity, or the individual somehow gains unauthorized full access and does damage to the user account via a major flaw in the site or other specific methods, a feature such as a noticable red banner should notify you that suspicious activity has been detected, this would let the user immediately know that someone accessed their account; clicking the red banner would bring you to the changing password & sign out of all sessions sections, helping the user immediately take action before damage is done. - illusion

8 "Sign out from all sessions" button

Sure, this suggestion may have or not been already implemented via changing account password; having a button where you can sign out from a device or multiple devices at different locations simultaneously could save a lot of time, and users should feel much safer with the feature implemented. - illusion

9 Security PIN

If Two-Factor Authorization or security questions are considered too much by certain users, a security PIN is optional, but it's a minor but effective feature under conditions just in case an unauthorized user gains access and tries to change/add content associated with a registered account such as profile page, editing comments, or any activity. Security PINS typically consists of several numbers or more and numbers are entered by user choice. Security PINs do not have to be triggered every time the user performs an action but it should be toggled. - illusion

10 Login History

Having able to view a list of login entries on your account should be considered; you may never know a hacker may have stealthily accessed your account secretly editing your content without knowledge; therefore, having to view a login history listing IP addresses, location, time of login, browser type is a considerable feature for helping detection of unauthorized entries. - illusion

This is a good list - BorisRule

I'd like to see this feature - BananaBrain

I'd want to see that. - Luckys

BAdd New Item