I hope you’re doing well.
SH is getting bigger everyday and I wanted to write and raise concerns about the security of the platform. As now I can only see that SH rely solely on passwords for user authentication without a multi-factor authentication in place.
( I came to know that SH have checks in place to block unauthorized login attempts and also send codes via email to verify new devices that were not verified by the users before. But I still think that it’s not enough and adding a multi-factor authentication is a must ).
Given the fact that SH now has a large number of accounts, As well as the fact that users may have funds in their account balances that are withdraw-able or can be used to buy domain names from the marketplace, It is crucial to have robust security measures in place to protect against potential attacks.
Passwords are a common target for hackers, and if they are the only line of defense for a platform, it can be relatively easy for a determined attacker to gain access.
By requiring more than just a password to access an account, MFA can make it much harder for an attacker to gain unauthorized access, even if they have obtained the user’s password through a data breach or other means. For this reason, I believe that platforms that do not offer MFA are more vulnerable to attack and less secure overall.
In accordance to the above, I strongly recommend and ask SH to implement multi-factor authentication as soon as possible. MFA adds an additional layer of security by requiring users to provide two or more forms of identification in order to access their accounts.
By implementing MFA, SH can significantly reduce the risk of unauthorized access to user accounts and the sensitive information they contain. Additionally, I recommend that you regularly perform security audits and vulnerability assessments to identify and address any potential security issues before they can be exploited by attackers.
In conclusion, I urge SH to take immediate action to reinforce the security of the platform and protect the privacy and financial information of users. Failure to do so could have serious consequences for both users and SH as a business.
Thanks for your consideration.