Jump to content
Sign in to follow this  
BigMama

Add 2 step verification ?

Recommended Posts

2 minutes ago, Lethys said:

Care to elaborate?

your a ruby founder right and that is expensive so how would you feel if someone stole your account and fucked everything for you. like your reputation or destroying your origination. you just go to think about it man. i said "reason" because most of it is the obvious reasons 

Share this post


Link to post
Share on other sites

Hi there,

 

Even though I do support a correct two-factors authentication (ie: using standard applications, not SMS and secure the whole connexion, not like other games ahem...), we first need a game before trying to secure it ;).

In other words, think about it, think how to do it right, but it is not a priority, for now.

 

Side note: if you are using a strong and dedicated password (16+ random letters and numbers) and never give it to anyone, two-factors authentication would only prevent the theft of your password if your computer was compromised, maybe. So, if you are worried about the security of your account, use a strong password and never use it on another application, that's the first and main measure to take.

Hint: Nobody knows my DU password (not even me). It is a random string of 30 characters stored encrypted in my KeePass database (as all of my other passwords) which I copy/paste when needed. I'm using two-factors authentication for only one think: my main google account which has a "weaker" password which I do remember (still 16 characters long).

 

Regards,

Shadow

 

Share this post


Link to post
Share on other sites
5 hours ago, BigMama said:

your a ruby founder right and that is expensive so how would you feel if someone stole your account and fucked everything for you. like your reputation or destroying your origination. you just go to think about it man. i said "reason" because most of it is the obvious reasons 

Gl trying to hack a 22 character pw. Everyone who uses less than 10 characters these days is just plain stupid. 

So yeah, if they do it: hooray

If they don't do it: hooray

Share this post


Link to post
Share on other sites
39 minutes ago, Lethys said:

Gl trying to hack a 22 character pw. Everyone who uses less than 10 characters these days is just plain stupid. 

So yeah, if they do it: hooray

If they don't do it: hooray

I am so proud of you.

I wept.

Share this post


Link to post
Share on other sites

Hacking your email account (used to reset your password) is more likely than hacking your password. 2-factor would help in that event, but you really want to make sure your email is secure and maybe use 2 factor on it, if available. Just in case you mess up and fall for a phishing scam.

Share this post


Link to post
Share on other sites

I think Dual-Email (hehe) would be great. Requiring both emails if you want to change your password, post, ect.; You can use your primary email just to view.

 

Mini-RDMS maybe?

Share this post


Link to post
Share on other sites

If implemented please ensure there is a way to change the phone number used for two step verification.One game I play the only way to change the phone number is to enter a code sent to the old phone number....

Share this post


Link to post
Share on other sites
18 hours ago, Lethys said:

Gl trying to hack a 22 character pw. Everyone who uses less than 10 characters these days is just plain stupid. 

So yeah, if they do it: hooray

If they don't do it: hooray

 

As long as that password is also unique across sites, your email isn't compromised and as long as you are not exposed to some phishing technique or whatever.

Length in this case only matters in case if someone is trying to brute force.

 

The 2 step verification on Steam saved me just recently which was surprising for me since I also trusted in my long really scrambled password. 

Share this post


Link to post
Share on other sites

A 22 char password isn't gonna stop some dude with a botnet from brute forcing you XD

 

It may take a month, but it'd be pretty inconvenient to have to change your password every month

 

2-Step Verification makes you essentially "brute force proof" in that they would have to have access to your text messages/e-mail/authenticator in addition to the brute force to get in. That, or figure out what your IP is and spoof it so the server thinks you're connecting from the same place you usually do (2-step usually only kicks in if you log in from a new or unusual location).

 

But imo it won't matter till the game is out. I mean, what are they going to do if they hack you right now? Make forum posts? Join an org? XD There isn't much they could do at this point.

Share this post


Link to post
Share on other sites
1 hour ago, Vellnn said:

A 22 char password isn't gonna stop some dude with a botnet from brute forcing you XD

 

It may take a month, but it'd be pretty inconvenient to have to change your password every month

 

2-Step Verification makes you essentially "brute force proof" in that they would have to have access to your text messages/e-mail/authenticator in addition to the brute force to get in. That, or figure out what your IP is and spoof it so the server thinks you're connecting from the same place you usually do (2-step usually only kicks in if you log in from a new or unusual location).

 

But imo it won't matter till the game is out. I mean, what are they going to do if they hack you right now? Make forum posts? Join an org? XD There isn't much they could do at this point.

 

With strong authentication, you indeed cannot brut-force the password.

Though, even the largest botnet won't find a 22 chars password before a very long time:

-> Combinations amount for a 22 long password with numbers, lower and uppercase characters are about (10+26+26)^22

-> Divide by 60*60*24*365 and you obtain something like 9 x 10^30 years (at ten requests per second).

-> Even with thousands of machines, it will take ages... and that's not even counting special chars.

-> Anyway, you will DDOS the game faster than you will find a correct password.

 

2FA (two factors authentication) does prevent you from phishing attempts and is a good security practice.

However, 2FA or not, you should never give your password to anyone, even if a verified NQ employee requests it.

The only exception is if a US customs officer asks you to unlock your account (you may refuse, but it is probably not a good idea). In this case, make sure to change all your passwords whenever possible (yes, I said "ALL").

 

Regards,

Shadow

Share this post


Link to post
Share on other sites
1 hour ago, Shadow said:

The only exception is if a US customs officer asks you to unlock your account (you may refuse, but it is probably not a good idea).

 

My plan is this: wipe phone/tablet before going through customs. Go ahead and give them access to the blank phone/tablet. For anything else just say "I don't have my passwords memorized, they're saved on my computer at home." :ph34r:

Share this post


Link to post
Share on other sites

Actually this is better for the community , because the people who have invest ALOT of money may not feel safe , maybe 2 email verification would be appropriate , or even phone security idk but security should increase somehow i approve with you

Share this post


Link to post
Share on other sites
1 hour ago, Lenux said:

Actually this is better for the community , because the people who have invest ALOT of money may not feel safe , maybe 2 email verification would be appropriate , or even phone security idk but security should increase somehow i approve with you

Image result for office conspiracy meme

Me trying to find out my own password after not writing it down

*Yes, I still know my password. It's kinda long :wub::wub:

Share this post


Link to post
Share on other sites
8 hours ago, Shadow said:

 

The only exception is if a US customs officer asks you to unlock your account (you may refuse, but it is probably not a good idea). In this case, make sure to change all your passwords whenever possible (yes, I said "ALL").

 

 

I would never let US Customs onto my computer, nor would I give them my password ever. I would deal with the consequences and miss my connecting flight and every other ordeal that they would put me through (jail even), but there is no way they would ever get me to just give up my password to them willingly. There are just some things I am too principled about to give up over threats of incarceration 

 

When I go overseas, I always fly with a heavy dose of encryption and obfuscation so that there are very few people on the planet who are getting access to my data. 

 

Share this post


Link to post
Share on other sites
On 12/09/2017 at 1:27 AM, yamamushi said:

 

I would never let US Customs onto my computer, nor would I give them my password ever. I would deal with the consequences and miss my connecting flight and every other ordeal that they would put me through (jail even), but there is no way they would ever get me to just give up my password to them willingly. There are just some things I am too principled about to give up over threats of incarceration 

 

When I go overseas, I always fly with a heavy dose of encryption and obfuscation so that there are very few people on the planet who are getting access to my data. 

 

 

 

If you really don't want people to get your data... (have fun)

 

 

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...