I recently had my email hacked and the hacker was in control for about 1 hour. Long story but it was through Cox and their password reset process. Cox, like so many ISP's, do not have 2 Factor Authentication (2Fa).

After this incident I immediately went to all my other websites I use that offer 2Fa; like Facebook, Google, Twitter etc and set up 2Fa.

Now I began to wonder, wow, our Class website has a treasure trove of classmate information that a hacker may use for social engineering hacking use. What if someone hacked my email again, focused on the classmate website somehow knowing I am administrator and grabbed all the classmate personal information.

So my question, is ClassCreator considering an advanced security like 2fa for at least Administrator logins?

Are you speaking of a security question to answer when you log in? This is not something that we are currently considering, but that does not mean it wouldn't be considered for the future.

I am suggesting a SMS text code sent to a cell phone to verify the user on login or ID/password resets. There are also apps like Google Authenticator, Microsoft Authenticator, Authy and an interesting one called Clef. I use them all for several websites I use.

Adding a security question maybe something that would be better than what we have. If you are resetting a password, a security question would have to be answered to complete the task. However like most people they will answer the security questions correctly and social engineering hackers can sometimes guess the answers. I always answer these question wrong.

Anyway just wondering if you are considering enhanced security for administrators.

I'll forward your suggestion to the team. Thanks.

2Fa as an option would be nice.

Most sites with 2Fa offer that as an option because Not everyone has SMS service. I've reset FB PW more than once and (as I recall - I delete those messages) it was sent to my email address. Only my Bank asks me the security questions again, but no SMS. (I answered one wrong and had to make a call to get back in.)

Did someone hack the email here? (It wasn't clear to me). First suggestion is to make email PW follow the rule of at least one number, minimum length of 8. Pretty much all the sites have that now. I'd suggest TWO numbers, and then minimum length of 8.

Some go to extremes like one upper case, one number, one special character and other things so bad not even I can remember it The worst one is where they force you to change it every three months. Grrrrr. It's a government site of course