Top 10 Security Features that Must Be Added to TheTopTens

It's a must on today's internet. Ideally, this would be through offered using the open standard that authenticator apps like Authy and Google Authenticator use, and not just SMS authentication, like some sites require. But of course if it's an option of either of the two, then that would be fine.

This is the most recommended feature to implement to the site. How this works if the user attempts to login to its account successfully, a secret code must be provided consisting of preferably several or more random letters & numbers before having full access to that account; an email message will be sent to the following verified email associated to the account, opening the email message will reveal the code. This is just like when you register an account on this site as it requests the code that is sent to the specific email address before account creation, but instead the major difference logging in to the account; however, this should be an optional feature for certain users who find this tiring and in cases might be considered too much effort.

Honestly is there a reason that there needs to be added security, this is just a random rating site after all, you don't use this site to buy stuff, to put personal information on, really no one even knows who anyone is on this site unless that individual actually decided to give another user that information outside of that user like Nintendo games or Marvel movies and maybe politic standing if there so inclined to make political ranking lists which are just plan weird list to make for a ranking site that makes entertainment ranking. and if another person has your password it isn't a flaw in their security put a flaw within that individual giving out their password to people or making passwords that are so easy for a person to guess, if they added a two password system what would prevent that person from just giving out both those passwords or just making 2 really simple passwords to be hacked.
Honestly a far more effective security measure would be to prevent political topics on ...more

Only optional please. I don't have my address and credit card codes in my private messages, so why should I be so insecure about someone logging in. How many times did an account get hacked, excluding the Demon_Kitty incident where she made her password public? What information or datas do you have on this site that you are afraid of others seeing?

If a hacker somehow gains access your account with a different IP address, the site should be able to detect a suspicious login that restricts full access to the following account, an email would be also sent to the account's associated email address stating if you want or not to provide access of the account to that IP address; this might be a little problem for VPN users but it should be preferable.

If this existed I'd still have Demon_Kitty

Customized security questions preferably up to three questions are also ideal for increasing protection in user accounts, you could put any type of question and answer wanted. If a suspicious user somehow logins your account, the security questions will be brought up and need to be answered before having full access to the account, it should be quite effective for countering those who guess passwords.

Great for peace of mind, and for being sure about whether or not your account has been accessed or tampered with, without your knowledge.

Having able to view a list of login entries on your account should be considered; you may never know a hacker may have stealthily accessed your account secretly editing your content without knowledge; therefore, having to view a login history listing IP addresses, location, time of login, browser type is a considerable feature for helping detection of unauthorized entries.

I'd like to see this feature

This is a good list

Just in case the site is somehow unable to detect suspicious login activity, or the individual somehow gains unauthorized full access and does damage to the user account via a major flaw in the site or other specific methods, a feature such as a noticable red banner should notify you that suspicious activity has been detected, this would let the user immediately know that someone accessed their account; clicking the red banner would bring you to the changing password & sign out of all sessions sections, helping the user immediately take action before damage is done.

If Two-Factor Authorization or security questions are considered too much by certain users, a security PIN is optional, but it's a minor but effective feature under conditions just in case an unauthorized user gains access and tries to change/add content associated with a registered account such as profile page, editing comments, or any activity. Security PINS typically consists of several numbers or more and numbers are entered by user choice. Security PINs do not have to be triggered every time the user performs an action but it should be toggled.

This one I'm down with every site should allow you to be able to make whatever password you like, not allowing special characters is taking away an individual rights, since passwords should only be known to that individual and have no affect on another person

Currently; only letters, numbers, hyphens and underscores are allowed in passwords. Allowing more variety of special characters are an effective way for account protection and should be preferable so passwords are harder to crack.

I think a 40-letter sentence that makes sense is hard to hack but easy to remember, whereas an 8-letter hierogliph rubbish is hard to remember but easier to hack

This is one of the few reasonable items here. Special characters are allowed in passwords in almost all websites. It needs to be added here, but that’s pretty much it.

A ReCAPTCHA system would be a viable addition in order to stop the mass amounts of vote/comment/like bots. The feature should be strictly enforced to visitors, but should be no more to registered users; when they comment or perform any action(s) done on the site, a visitor needs to check or solve a simple ReCAPTCHA puzzle first before performing a specific action.

No way, this is ruining my time here. I am simply unable to make a list from now on because the same damn hideous image appears every second that makes me click on boxes for minutes. When I can finally get back to writing my list draft, the whole thing starts again from the beginning. If this Captcha thing goes on, I can hardly make any lists in the future

I just don’t like this feature at all. It makes sense for visitors sure but as a user it feels so annoying and tedious to have to do this every time you save or edit a list or post or your profile. They need to seriously tweak it to make it less of an inconvenience for users who are actually trying to make high quality content

They could of tweaked it and have it be for the visitors, and not us to suffer to. How much more difficult it is to just save, and submits lists and at times glitched remixes that don't go through all the way.

Registered accounts are immediately deleted when account deletion is initiated requested by the user; instead, the account would be disabled and should wait until up to a week or more preferably before account deletion is initiated; not only this stops an unauthorized user from doing such damage via deletion of targeted user account, the user should be also able to revoke the request during its pending state just in case the user changes its mind. A reminder stating pending deletion & stating the account is deleted should be also sent to the email associated with the user account.