We have detected that cookies are not enabled on your browser. Please enable cookies to ensure the proper experience.
Results 1 to 8 of 8
  1. #1
    Join Date
    Jun 2012
    Posts
    7

    If developing Two Factor Authentication system is going to take too long,

    then SSG should consider at least using e-mail authentication when changing the address in myaccount.standingstonegames.c om.
    I know it will increase workload because of players who lost their previous e-mail account, however it will alleviate damage from hacking, scam and phishing.

    Just like this one.
    https://forums.lotro.com/forums/show...tivity-in-game

    Because then the hacker should know an account password and also an e-mail password to completely rob someone's account.

    The account authentication is way too vulnerable now.
    If someone just got your account password by any means, then she can change password and e-mail address at once, and the recovery procedure will be tough for many players.
    Last edited by LuminasND; Apr 27 2023 at 11:28 AM. Reason: typo and others

  2. #2
    Join Date
    Feb 2007
    Posts
    1,927
    Star Wars the old repiblic, "One time verification" is what drove me to quit it ( that and losing character names )
    I woudl try to play with my nephew, on sketchy internet, which kept dropping the game, and reloading... was another "one time verification" ... over and over and over....
    I dont want it, so if it is ever added, it needs to be optional.

  3. #3
    Join Date
    Oct 2011
    Posts
    459
    Quote Originally Posted by LuminasND View Post
    then SSG should consider at least using e-mail authentication when changing the address in myaccount.standingstonegames.c om.I know it will increase workload because of players who lost their previous e-mail account, however it will alleviate damage from hacking, scam and phishing.Just like this one.https://forums.lotro.com/forums/show...tivity-in-gameBecause then the hacker should know an account password and also an e-mail password to completely rob someone's account.The account authentication is way too vulnerable now.If someone just got your account password by any means, then she can change password and e-mail address at once, and the recovery procedure will be tough for many players.
    Quote Originally Posted by Hoppa_Joel View Post
    Star Wars the old repiblic, "One time verification" is what drove me to quit it ( that and losing character names ) I woudl try to play with my nephew, on sketchy internet, which kept dropping the game, and reloading... was another "one time verification" ... over and over and over....I dont want it, so if it is ever added, it needs to be optional.
    E-mail verification is good, but I think that app verification is better:

    0. From your SSG profile ( https://myaccount.standingstonegames.com/index.php ) you add a phone verification field (with international dial code).

    1. You open the launcher, do the log-in and press "phone link" or something, a code appears (or a QR code to be scanned by using the phone camera, extra security and far more simple!).

    2. You keep the launcher open and the code has a timer. Also there is a "server code" that changes randomly.

    3. You install an app in a phone. Open the app and asks the code. The window asking the code ALSO HAS the "server code" somewhere (so you can avoid fake apps).

    4. When the code is sent (with the phone number), the timer in the launcher disappears and says "OK".

    5. User is added to the app, you can have multiple users in the app (by setting the same phone number).

    6. Phone number is verified each time the app is used (so in case of illegal phone image mirroring with a simple SIM code replacement can be avoided).

    7. After an app is linked to an account it is needed for accessing to your SSG profile ( https://myaccount.standingstonegames.com/index.php ), also you get a restore unique set of codes (8 of 8 characters each) to keep written down somewhere if the phone is no longer available. Not as a photo in that phone!

    Later SSG can add things to that app that enhances the game (lotro store, manage characters, kinship options, satellite worldmap, hobbit presents...).

    EDIT: Added a bit more of security in case of fake apps appearing as LOTRO's one.
    Last edited by Carallot; May 01 2023 at 04:29 PM.
    Dear reader, I tend to edit my posts A LOT, sorry. Please don't be hasty, thank you!

  4. #4
    Join Date
    Jan 2019
    Posts
    1,937
    Believe it or not, some people do not have phones, so 2FA would effectively lock them out of their accounts.
    Also, I'd assume that you wouldn't be able to use the same phone for multiple accounts - and there are people with 6+ accounts.

  5. #5
    Join Date
    Oct 2011
    Posts
    459
    Quote Originally Posted by Pewpewmidget View Post
    Believe it or not, some people do not have phones, so 2FA would effectively lock them out of their accounts.
    Also, I'd assume that you wouldn't be able to use the same phone for multiple accounts - and there are people with 6+ accounts.
    1. Is optional (you can have what we have now: none) plus you may also use the e-mail one (but I discourage it, is unnerving how many people leave their email accounts open in the wild).

    2. Please read the point 5 of my previous post .
    Dear reader, I tend to edit my posts A LOT, sorry. Please don't be hasty, thank you!

  6. #6
    Join Date
    Apr 2015
    Posts
    4,112
    2FA was rumored part of new game launcher, we don't see it until all functions from new launcher will be ready.

  7. #7
    Join Date
    Jul 2011
    Posts
    45
    I hope there won't only be SMS method.

    I don't know the proper terminology because it's been a while but the authenticators I know (and like) are those where a phone can scan a QR code, or a code can be typed in, which then sets some kind of system where an authentication code frequently changes and the other side knows it because it is based on system time.
    There is also some standardised system among those so the apps can be different but the same codes work, so one does not have to use a specific app.
    No SMS, no sim card required, with those. I wouldn't really like using a phone number for authentication purposes for a game, or anything else really. I don't use a lot of things on the internet so I don't know what is going on these days but to me a two factor auth is the QR code thingy.

    About constantly logging in:
    I have played a game where every time logging in, or even if something happened to connection one had to always authenticate again. This gets frustrating.
    Another game lets an IP range to be remembered so one can just log in if the IP remains same, or at the same range. I don't know if there are other methods but I hope there will be something that lets authentication be remembered.
    Sunshine

  8. #8
    istvana is offline Legendary forums 1st poster
    Join Date
    Nov 2007
    Posts
    2,356
    Whatever they do should be optional. Many people have good reasons not to want it.

 

 

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

This form's session has expired. You need to reload the page.

Reload