Jump to content

Two-factor authentication


Cybo01

Recommended Posts

So, EVE did it. Discord did it. My email has it. and many other important programs/services has it too.

 

Today most things have a two-factor authentication and for a good reason imo.

Google authentication should be easy to integrate into most things so im asking, is this something that has been thought of?

I would certainly like it if you did cause not only does it save alot of hassle for the player/user but it also saves service/support time/money if someone gets hacked.

 

Im sorry if this has been brought up but my google-fu said it hadnt :D

 

 

-Cybo

Link to comment
Share on other sites

Do you mean verifying your location each time you log in from a new spot? There are games so I have had to stop playing because it becomes too tedious for me to confirm my identity everyday.

 

sure that I am a random outlier but it's still a concern for me

Link to comment
Share on other sites

Do you mean verifying your location each time you log in from a new spot? There are games so I have had to stop playing because it becomes too tedious for me to confirm my identity everyday.

 

sure that I am a random outlier but it's still a concern for me

 

I mean you only have to use two factor authentication per session. If you log out and back in you might need to use it again depending on how its implemented. Many services lets you tick a box saying "remember me on this computer for 30 days" atleast EVE does and it works well. The idea is if someone or you tries to log in on a computer you dont normally use you would have to use the two factor step. 

 

Its easy to use if you have a smartphone really i cant see any downsides with this at all

Link to comment
Share on other sites

Do you mean verifying your location each time you log in from a new spot? There are games so I have had to stop playing because it becomes too tedious for me to confirm my identity everyday.

 

sure that I am a random outlier but it's still a concern for me

 

I believe you're thinking of an authentication system where you have to check your email to verify your identity when you login. Steam uses this kind of authentication system.

 

 

Two-Factor authentication is a bit different than that. I think the kind of 2fa that Cybo is suggesting is more like a Google/Authy token system. 

 

With Authy, you would connect your phone app to your online account, and whenever you wanted to log in you would check Authy for a deterministically/randomly generated secret 6-8 digit number that you would enter before being allowed to enter. 

 

Because the number changes every 10 seconds, and the only way to retrieve it is from the app you used, it makes breaking into your account much more difficult as an attacker would need access to your phone and your password to get in. 

 

People who lose their phones or otherwise lose access to the Authy application would have to go through a validation process to remove the Authy system from their account temporarily. 

 

Some games, like Star Wars The Old Republic, have the option of using a hardware 2fa token. The one for TOR looks like this:

 

ED0G75i.jpg

 

 

Where pressing that circle button would display the 8 digit number necessary for logging into your account, and it changes every 30 seconds. 

Link to comment
Share on other sites

I can't remember if those authenticator were mandatory or not.

 

If they go for making people authenticate per session well I'm neutral. It's good security but annoying procedure every day.

 

I can't remember the games but they seemed to track me by ip and I change ip adresses multiple times a day sometimes. That annoyed me greatly. I didn't understand why it couldn't be a hardware signature over instead.

My friends were good since they were in the same location daily they never got pestered with enhanced security.

Link to comment
Share on other sites

I can't remember if those authenticator were mandatory or not.

 

If they go for making people authenticate per session well I'm neutral. It's good security but annoying procedure every day.

 

I can't remember the games but they seemed to track me by ip and I change ip adresses multiple times a day sometimes. That annoyed me greatly. I didn't understand why it couldn't be a hardware signature over instead.

My friends were good since they were in the same location daily they never got pestered with enhanced security.

 

 

Usually 2fa isn't mandatory, it's just an option people have if they want it :-) 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...