Jump to content
Sign in to follow this  
Cybo01

Two-factor authentication

Recommended Posts

So, EVE did it. Discord did it. My email has it. and many other important programs/services has it too.

 

Today most things have a two-factor authentication and for a good reason imo.

Google authentication should be easy to integrate into most things so im asking, is this something that has been thought of?

I would certainly like it if you did cause not only does it save alot of hassle for the player/user but it also saves service/support time/money if someone gets hacked.

 

Im sorry if this has been brought up but my google-fu said it hadnt :D

 

 

-Cybo

Share this post


Link to post
Share on other sites

Do you mean verifying your location each time you log in from a new spot? There are games so I have had to stop playing because it becomes too tedious for me to confirm my identity everyday.

 

sure that I am a random outlier but it's still a concern for me

Share this post


Link to post
Share on other sites

Do you mean verifying your location each time you log in from a new spot? There are games so I have had to stop playing because it becomes too tedious for me to confirm my identity everyday.

 

sure that I am a random outlier but it's still a concern for me

 

I mean you only have to use two factor authentication per session. If you log out and back in you might need to use it again depending on how its implemented. Many services lets you tick a box saying "remember me on this computer for 30 days" atleast EVE does and it works well. The idea is if someone or you tries to log in on a computer you dont normally use you would have to use the two factor step. 

 

Its easy to use if you have a smartphone really i cant see any downsides with this at all

Share this post


Link to post
Share on other sites

Do you mean verifying your location each time you log in from a new spot? There are games so I have had to stop playing because it becomes too tedious for me to confirm my identity everyday.

 

sure that I am a random outlier but it's still a concern for me

 

I believe you're thinking of an authentication system where you have to check your email to verify your identity when you login. Steam uses this kind of authentication system.

 

 

Two-Factor authentication is a bit different than that. I think the kind of 2fa that Cybo is suggesting is more like a Google/Authy token system. 

 

With Authy, you would connect your phone app to your online account, and whenever you wanted to log in you would check Authy for a deterministically/randomly generated secret 6-8 digit number that you would enter before being allowed to enter. 

 

Because the number changes every 10 seconds, and the only way to retrieve it is from the app you used, it makes breaking into your account much more difficult as an attacker would need access to your phone and your password to get in. 

 

People who lose their phones or otherwise lose access to the Authy application would have to go through a validation process to remove the Authy system from their account temporarily. 

 

Some games, like Star Wars The Old Republic, have the option of using a hardware 2fa token. The one for TOR looks like this:

 

ED0G75i.jpg

 

 

Where pressing that circle button would display the 8 digit number necessary for logging into your account, and it changes every 30 seconds. 

Share this post


Link to post
Share on other sites

I can't remember if those authenticator were mandatory or not.

 

If they go for making people authenticate per session well I'm neutral. It's good security but annoying procedure every day.

 

I can't remember the games but they seemed to track me by ip and I change ip adresses multiple times a day sometimes. That annoyed me greatly. I didn't understand why it couldn't be a hardware signature over instead.

My friends were good since they were in the same location daily they never got pestered with enhanced security.

Share this post


Link to post
Share on other sites

I can't remember if those authenticator were mandatory or not.

 

If they go for making people authenticate per session well I'm neutral. It's good security but annoying procedure every day.

 

I can't remember the games but they seemed to track me by ip and I change ip adresses multiple times a day sometimes. That annoyed me greatly. I didn't understand why it couldn't be a hardware signature over instead.

My friends were good since they were in the same location daily they never got pestered with enhanced security.

 

 

Usually 2fa isn't mandatory, it's just an option people have if they want it :-) 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...