I don't have any particular incident but just come to realize we should probably beef up security. Can be done multiple ways -- Multifactor authentication (MFA) or two-factor (2FA).
@powskers How can you receive SMS without a phone?
I'm not opposed to increased security, but I'm VERY opposed to anything that requires use of a phone. Some of us (odd ducks that we are) don't actually want to be available to the world 24/7. My phone stays off unless I'm leaving the house. If I have to get a text or push notification EVERY time I log in to Zazzle (which is every time I sit down at my computer to work) it means I have to go find the phone, turn the thing on, hope that it's charged, wait for it to boot, and hope I didn't miss the text or notification (which seems to happen when they come in while my phone is off.) It's generally at least a 15 minute ordeal whenever some entity wants to verify my identity.
If I could do it once and then tell it to remember me on this computer like my bank does, then that's fine. But if I have to deal with that nonsense on a regular basis like my security camera company requires, I will be a very unhappy camper.
@Cat - Any cellphone can receive SMS, not just smart phones.
I do understand some people will not like the hassle and that is why this feature if Z chooses to do it should be disabled by default. People can opt to not use it.
@powskers I guess I'm one of the few dinosaurs left who still uses a landline - which, as far as I know, cannot receive SMS. I think there are many designers here who are in the same boat.
Anyhow, as I said, I'm not opposed to security measures for those who really want them, but my security camera company went this route, and it's been nothing but hassles ever since. I really don't understand why they think that the camera watching my feral cats requires more security than my bank does! (That's what everybody uses their security cameras for, isn't it? 😃)
As long as I don't have to fight with the stupid phone multiple times per day, I'm fine with whatever.
It's definitely a lot safer to optionally allow some form of 2FA for people's Zazzle account. Seeing a lot of social media accounts, and other accounts, get hacked the current form of username/email and password isn't very secure in this age.
For those that prefer only password, it could be optional. But IMO the simple extra step of adding a code received to email/ SMS or using the Google Authenticator app gives a lot more peace of mind. You wouldn't want to think about people breaking into your account.
