I think that Byte should have a lot of security options for your account. Instagram has almost none and Twitter is almost just as bad. Here are some ideas I’ve had that can help better protect your account.
One of the things that I think should be implemented is Email verification every time you login on a new ip to your account. Every time you want to login on a new ip, you would need to first verify it in your email. (Example of what Discord has: https://imgur.com/a/lz6xrJz) Having this extra layer of security can be helpful if someone has your Byte password but not your email password.
A lot of times when people are hacked its due to password reuse, when signing up people should be prompted too create a unique password for Byte and make sure they have a strong enough password. Adding on too this, Byte should blacklist extremely common passwords from use (Like password, qwerty, 12345 etc so people don’t try to use those)
Something else I see rarely is login via email (The forums already has this https://imgur.com/a/jxQ2MfT ) Basically how this works, you get an email sent to you and it has a link that automatically logs you in. It can be helpful because you don’t necessarily need to remember your password to login
2fa is a must. But I think you should be required to use something like Google Authenticator or Authy, and not your Phone Number. Phone numbers can be stolen too surprisingly (https://en.wikipedia.org/wiki/SIM_swap_scam) and this is how a lot of the time celebrities get hacked, they have their phone number connected to all of their accounts and then someone steals their number. I think phones should also be an option, since almost everyone uses them, but the app should recommend to use an authenticator instead of your phone.
Active login on one device at a time. This would make it so you can only be actively logged in at one location at a time, making it impossible for a hacker to login to your account while you’re currently logged in. It could be toggled in security settings, so you could allow multiple devices to be logged into your account at once. This could be a pain, like if you lose your phone for example, so after a month of inactivity I feel like it should reset, so you would be able to login if you bought a new phone.
Detailed login alerts. Whenever there is a login to your account you should get an email saying what device, ip, and location the login was in so people can see if there is any suspicious activity on their account.
Make it so when people are changing their email in settings they need to first verify with email
(Or 2fa if they have it enabled). If somebody hacks into your account but can’t change your email, they can’t really steal your account without also having your email or somehow having your 2fa.
Backup keys in case you lose access to your 2fa account. A lot of services provide this, if you lose access to your 2fa you would be able to use one of the backup keys to login/edit your 2fa options. You would get your backup keys only when you first enable 2fa and you would have to screenshot/write them down somewhere to remember them
That’s all the ideas I have for now, If I think of anymore I will edit them in to this
Also i’m open to criticism, if there’s something I suggested and you don’t think it would be good for the app, please reply with how you might think it could be improved or why you don’t think it should be implemented