Abnaxos.4305 Posted October 21, 2022 Share Posted October 21, 2022 (edited) 13 hours ago, Gibson.4036 said: Why make it optional, but forever pester people who don’t choose it? They probably don't consider it optional. As I wrote, I'd simply prevent people from playing until they enabled it. This is my technical perspective, but from a customer service perspective, you can't do this. So, ANet does the next best thing: they let you play, but keep nagging reminding you to enable 2FA every single time you log in. FFXIV has (again) a wave of compromised accounts due to people re-using their passwords on multiple sites. The attackers are using passwords fished from other sites to take over FFXIV accounts, often successfully. Not only is this annoying for all players (those accounts aren't people you wanna play with, they're gonna spam, RMT, steal in-game assets, ruin the economy, etc), it's also expensive for Square Enix because of the additional support volume. All these accounts need to be manually checked and blocked by SE, and when the player contacts support, they need to be re-checked and restored again. SE even states: "Should we continue to experience rising numbers of unauthorized access attempts, a password reset for all Square Enix accounts may be initiated." That would be more than 20 million accounts reset because some players can't keep their account secure. There's a simple way to avoid such situations: have all players use 2FA. This is what ANet tries to achieve. Edited October 21, 2022 by Abnaxos.4305 3 1 3 Link to comment Share on other sites More sharing options...
Vayne.8563 Posted October 21, 2022 Share Posted October 21, 2022 20 hours ago, Abnaxos.4305 said: Let me speak plainly: when it comes to 2 factor authentication, "no" is not an acceptable answer. Not having it enabled is reckless. If it were up to me, I'd lock everyone without 2FA out, period. In 2022, passwords alone just don't cut it anymore. I perfectly understand that you don't want the give your phone number to ANet, neither do I. Therefore, I use Google Authenticator. It's a one-time thing: enable 2FA, log in once and mark your computer as trusted. After that, it won't ask for the second factor on this computer again. You'll just start the game as you do now, the only difference being that behind the scenes, your account is now secure. Just enable it already. I get a code. I just get it email instead of on my phone. I can lose my phone. It's less likely I lose my email. 4 1 Link to comment Share on other sites More sharing options...
Freya.9075 Posted October 21, 2022 Share Posted October 21, 2022 11 hours ago, KrivukasLT.3507 said: Set up authenticator so they dont have to sms you every time... Plus mark your pc and ip as trusted.. may I ask what you mean by sending sms every time? I’ve only gotten sms one time. It never asks me to verify or send texts when I log in. Link to comment Share on other sites More sharing options...
HnRkLnXqZ.1870 Posted October 21, 2022 Share Posted October 21, 2022 The SMS is part of an enhanced security measurement to make sure that someone who may have learned your password cannot access your account directly. As long as you are in possession of your phone, you can still prevent abuse. This is necessary, because cracking passwords became significantly easier over the years. There is also still a trend of using utterly weak passwords, which are just easy to keep in mind. Like the own phone-number, birth-date or the famous 12345. Nobody cannot be that reckless? >Have a look< I fear that a certain percentage of GW2 accounts uses passwords from that list. Which makes the 2FA a neccessary measurement. 2 2 Link to comment Share on other sites More sharing options...
Freya.9075 Posted October 21, 2022 Share Posted October 21, 2022 22 minutes ago, HnRkLnXqZ.1870 said: Nobody cannot be that reckless? >Have a look< Aww I’m disappointed. there is no hunter2 on the list 1 Link to comment Share on other sites More sharing options...
Padrion.7382 Posted October 24, 2022 Share Posted October 24, 2022 2FA is a double-edged sword from a user's perspective. It makes it more difficult to hack your account but also more likely to lock yourself out if you lose or can't access your second factor. Depending on implementation and user habits it may also be less convenient. For a low value asset like a game account I strongly prefer just using a strong password instead. Also, if it was in your best interest they wouldn't offer you a compensation for signing up. Same thing with the Newsletter... 4 1 Link to comment Share on other sites More sharing options...
kharmin.7683 Posted October 24, 2022 Share Posted October 24, 2022 28 minutes ago, Padrion.7382 said: Also, if it was in your best interest they wouldn't offer you a compensation for signing up. Same thing with the Newsletter... I don't think that the newsletter sign up is necessarily in the players' best interest. What will Anet do with that list? You can't see them selling it, can you? 1 3 Link to comment Share on other sites More sharing options...
Padrion.7382 Posted October 24, 2022 Share Posted October 24, 2022 9 minutes ago, kharmin.7683 said: I don't think that the newsletter sign up is necessarily in the players' best interest Me neither. That's why I haven't signed up. And the more bag space they add the lesser the chances to convince me otherwise. 2 3 Link to comment Share on other sites More sharing options...
Khisanth.2948 Posted October 24, 2022 Share Posted October 24, 2022 On 10/21/2022 at 6:21 AM, Freya.9075 said: may I ask what you mean by sending sms every time? I’ve only gotten sms one time. It never asks me to verify or send texts when I log in. That will depend on a couple of factors. Depending on how your ISP assigns IP or if you play relatively in frequently then you might get it every time. 1 hour ago, Padrion.7382 said: Me neither. That's why I haven't signed up. And the more bag space they add the lesser the chances to convince me otherwise. You can just turn it on then off again and end up with the same result. 1 hour ago, kharmin.7683 said: What will Anet do with that list? You can't see them selling it, can you? They already have the list without you doing anything ... 2 Link to comment Share on other sites More sharing options...
kharmin.7683 Posted October 24, 2022 Share Posted October 24, 2022 1 minute ago, Khisanth.2948 said: They already have the list without you doing anything ... List of what? Active players? Players who are more inclined to sign up for give-aways? 2 Link to comment Share on other sites More sharing options...
Khisanth.2948 Posted October 24, 2022 Share Posted October 24, 2022 2 minutes ago, kharmin.7683 said: List of what? Active players? Players who are more inclined to sign up for give-aways? Your email and associated spending habits. 3 Link to comment Share on other sites More sharing options...
TheQuickFox.3826 Posted October 24, 2022 Share Posted October 24, 2022 You can also use an authenticator program. For smartphones Google Authenticator is a popular choice, and for desktops you can use a compatible implementation like JAuth: https://github.com/harvardinformatics/JAuth Link to comment Share on other sites More sharing options...
Mistwraithe.3106 Posted October 25, 2022 Share Posted October 25, 2022 (edited) On 10/21/2022 at 2:28 AM, Abnaxos.4305 said: Let me speak plainly: when it comes to 2 factor authentication, "no" is not an acceptable answer. Not having it enabled is reckless. If it were up to me, I'd lock everyone without 2FA out, period. In 2022, passwords alone just don't cut it anymore. I perfectly understand that you don't want the give your phone number to ANet, neither do I. Therefore, I use Google Authenticator. It's a one-time thing: enable 2FA, log in once and mark your computer as trusted. After that, it won't ask for the second factor on this computer again. You'll just start the game as you do now, the only difference being that behind the scenes, your account is now secure. Just enable it already. I'm not sure you have thought through the cost of having to use MFA for everything... Virtually every MFA system I have run into only trusts the computer for a period of time, usually 1-3 months. Then you have to repeat. Some expire the trust if there is just a 1 week gap in usage (eg Apple). I think I have about 300 login systems I interact with. That's everything from bank, work, SAAS services, entertainment (Netflix, local movie chain), travel (airlines, uber, etc), local stores and restaurant's loyalty programs, various online shops, school systems for the kids, etc. I suspect I'm at the light end of the scale and it's a lot more for some people. Let's say each of these requires MFA every 2 months and it takes 2 minutes to do each time. That is 150 a month, 300 minutes per month, 5 hours per month, 60 hours per year. So you think it's a great idea that everyone should have to spend 60 hours a year entering MFA? That's a massive chunk of my life being wasted because these login systems want to put all the risk onto me instead of accepting any themselves. I've never been hacked on any system before. Touch wood, because I'm sure I've been a bit lucky, but also prudent (different passwords for every site, etc). The cost-benefit relationship is just wildly off - 60 hours a year lost to avoid something which has never caused me any loss anyway! Edited October 25, 2022 by Mistwraithe.3106 2 1 2 1 Link to comment Share on other sites More sharing options...
Astralporing.1957 Posted October 25, 2022 Share Posted October 25, 2022 On 10/20/2022 at 9:15 PM, Gibson.4036 said: Why make it optional, but forever pester people who don’t choose it? The only reason it is optional is because originally they used email as their version of 2FA, and they didn't want to lock everyone out when they decided to switch to other, more secure forms of it. On 10/21/2022 at 11:45 AM, Vayne.8563 said: I get a code. I just get it email instead of on my phone. I can lose my phone. It's less likely I lose my email. Considering most of the account breaches likely start with the hacker getting access to someone's email, email 2fa might as well be nonexistent. 1 2 Link to comment Share on other sites More sharing options...
Vayne.8563 Posted October 25, 2022 Share Posted October 25, 2022 2 hours ago, Astralporing.1957 said: The only reason it is optional is because originally they used email as their version of 2FA, and they didn't want to lock everyone out when they decided to switch to other, more secure forms of it. Considering most of the account breaches likely start with the hacker getting access to someone's email, email 2fa might as well be nonexistent. Email has worked for me for a long time. I have relatively good security practices. I don't click on links I don't know. I don't download anything from a suspect site. I don't use the same password for every email addy, and my passwords are complex. I've never had my email hacked or had a keylogger. 4 3 Link to comment Share on other sites More sharing options...
Padrion.7382 Posted October 26, 2022 Share Posted October 26, 2022 On 10/25/2022 at 9:44 AM, Astralporing.1957 said: Considering most of the account breaches likely start with the hacker getting access to someone's email, email 2fa might as well be nonexistent. In this case it would make much more sense to protect you mail account with 2FA than every individual online game that is governed by it. The truth however is, that most hacks occur due to security breaches in the responsibility of the respective service provider. Accordingly they implement 2fA mainly to limit the damage THEY suffer from such attacks, by outsourcing security tasks to their customers. 3 2 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now