Jump to content
  • Sign Up

Clearly I don't want to sign up for SMS

Metaljaw.6437

By Metaljaw.6437
in Guild Wars 2 Discussion

 Share

Recommended Posts

Abnaxos.4305

Abnaxos.4305

Posted
Posted (edited)
13 hours ago, Gibson.4036 said:

Why make it optional, but forever pester people who don’t choose it?

They probably don't consider it optional. As I wrote, I'd simply prevent people from playing until they enabled it. This is my technical perspective, but from a customer service perspective, you can't do this. So, ANet does the next best thing: they let you play, but keep nagging reminding you to enable 2FA every single time you log in.

 

FFXIV has (again) a wave of compromised accounts due to people re-using their passwords on multiple sites. The attackers are using passwords fished from other sites to take over FFXIV accounts, often successfully. Not only is this annoying for all players (those accounts aren't people you wanna play with, they're gonna spam, RMT, steal in-game assets, ruin the economy, etc), it's also expensive for Square Enix because of the additional support volume. All these accounts need to be manually checked and blocked by SE, and when the player contacts support, they need to be re-checked and restored again. SE even states: "Should we continue to experience rising numbers of unauthorized access attempts, a password reset for all Square Enix accounts may be initiated." That would be more than 20 million accounts reset because some players can't keep their account secure.

There's a simple way to avoid such situations: have all players use 2FA. This is what ANet tries to achieve.

Edited by Abnaxos.4305
  • Like 3
  • Thanks 1
  • Confused 3
Link to comment
Share on other sites
Vayne.8563

Vayne.8563

Posted
Posted
20 hours ago, Abnaxos.4305 said:

Let me speak plainly: when it comes to 2 factor authentication, "no" is not an acceptable answer. Not having it enabled is reckless. If it were up to me, I'd lock everyone without 2FA out, period. In 2022, passwords alone just don't cut it anymore.

I perfectly understand that you don't want the give your phone number to ANet, neither do I. Therefore, I use Google Authenticator. It's a one-time thing: enable 2FA, log in once and mark your computer as trusted. After that, it won't ask for the second factor on this computer again. You'll just start the game as you do now, the only difference being that behind the scenes, your account is now secure.

Just enable it already.

I get a code. I just get it email instead of on my phone.  I can lose my phone. It's less likely I lose my email.

  • Like 4
  • Confused 1
Link to comment
Share on other sites
Freya.9075

Freya.9075

Posted
Posted
11 hours ago, KrivukasLT.3507 said:

Set up authenticator so they dont have to sms you every time...  Plus mark your pc and ip as trusted.. 

may I ask what you mean by sending sms every time? I’ve only gotten sms one time. It never asks me to verify or send texts when I log in. 

Link to comment
Share on other sites
HnRkLnXqZ.1870

HnRkLnXqZ.1870

Posted
Posted

The SMS is part of an enhanced security measurement to make sure that someone who may have learned your password cannot access your account directly. As long as you are in possession of your phone, you can still prevent abuse. This is necessary, because cracking passwords became significantly easier over the years. There is also still a trend of using utterly weak passwords, which are just easy to keep in mind. Like the own phone-number, birth-date or the famous 12345.

Nobody cannot be that reckless? >Have a look<

I fear that a certain percentage of GW2 accounts uses passwords from that list. Which makes the 2FA a neccessary measurement.

  • Like 2
  • Confused 2
Link to comment
Share on other sites
Padrion.7382

Padrion.7382

Posted
Posted

2FA is a double-edged sword from a user's perspective. It makes it more difficult to hack your account but also more likely to lock yourself out if you lose or can't access your second factor. Depending on implementation and user habits it may also be less convenient. For a low value asset like a game account I strongly prefer just using a strong password instead. Also, if it was in your best interest they wouldn't offer you a compensation for signing up. Same thing with the Newsletter...

  • Like 4
  • Confused 1
Link to comment
Share on other sites
kharmin.7683

kharmin.7683

Posted
Posted
28 minutes ago, Padrion.7382 said:

 Also, if it was in your best interest they wouldn't offer you a compensation for signing up. Same thing with the Newsletter...

I don't think that the newsletter sign up is necessarily in the players' best interest.  What will Anet do with that list?  You can't see them selling it, can you?

  • Like 1
  • Confused 3
Link to comment
Share on other sites
Khisanth.2948

Khisanth.2948

Posted
Posted
On 10/21/2022 at 6:21 AM, Freya.9075 said:

may I ask what you mean by sending sms every time? I’ve only gotten sms one time. It never asks me to verify or send texts when I log in. 

That will depend on a couple of factors. Depending on how your ISP assigns IP or if you play relatively in frequently then you might get it every time.

1 hour ago, Padrion.7382 said:

 Me neither. That's why I haven't signed up. And the more bag space they add the lesser the chances to convince me otherwise.

You can just turn it on then off again and end up with the same result.

1 hour ago, kharmin.7683 said:

What will Anet do with that list?  You can't see them selling it, can you?

They already have the list without you doing anything ...

  • Like 2
Link to comment
Share on other sites
Mistwraithe.3106

Mistwraithe.3106

Posted
Posted (edited)
On 10/21/2022 at 2:28 AM, Abnaxos.4305 said:

Let me speak plainly: when it comes to 2 factor authentication, "no" is not an acceptable answer. Not having it enabled is reckless. If it were up to me, I'd lock everyone without 2FA out, period. In 2022, passwords alone just don't cut it anymore.

I perfectly understand that you don't want the give your phone number to ANet, neither do I. Therefore, I use Google Authenticator. It's a one-time thing: enable 2FA, log in once and mark your computer as trusted. After that, it won't ask for the second factor on this computer again. You'll just start the game as you do now, the only difference being that behind the scenes, your account is now secure.

Just enable it already.

I'm not sure you have thought through the cost of having to use MFA for everything...

Virtually every MFA system I have run into only trusts the computer for a period of time, usually 1-3 months. Then you have to repeat. Some expire the trust if there is just a 1 week gap in usage (eg Apple).
I think I have about 300 login systems I interact with. That's everything from bank, work, SAAS services, entertainment (Netflix, local movie chain), travel (airlines, uber, etc), local stores and restaurant's loyalty programs, various online shops, school systems for the kids, etc. I suspect I'm at the light end of the scale and it's a lot more for some people.

Let's say each of these requires MFA every 2 months and it takes 2 minutes to do each time. That is 150 a month, 300 minutes per month, 5 hours per month, 60 hours per year.

So you think it's a great idea that everyone should have to spend 60 hours a year entering MFA?

That's a massive chunk of my life being wasted because these login systems want to put all the risk onto me instead of accepting any themselves. I've never been hacked on any system before. Touch wood, because I'm sure I've been a bit lucky, but also prudent (different passwords for every site, etc).

The cost-benefit relationship is just wildly off - 60 hours a year lost to avoid something which has never caused me any loss anyway!

 

Edited by Mistwraithe.3106
  • Like 2
  • Haha 1
  • Confused 2
  • Sad 1
Link to comment
Share on other sites
Astralporing.1957

Astralporing.1957

Posted
Posted
On 10/20/2022 at 9:15 PM, Gibson.4036 said:

Why make it optional, but forever pester people who don’t choose it?

The only reason it is optional is because originally they used email as their version of 2FA, and they didn't want to lock everyone out when they decided to switch to other, more secure forms of it.

On 10/21/2022 at 11:45 AM, Vayne.8563 said:

I get a code. I just get it email instead of on my phone.  I can lose my phone. It's less likely I lose my email.

Considering most of the account breaches likely start with the hacker getting access to someone's email, email 2fa might as well be nonexistent.

  • Like 1
  • Confused 2
Link to comment
Share on other sites
Vayne.8563

Vayne.8563

Posted
Posted
2 hours ago, Astralporing.1957 said:

The only reason it is optional is because originally they used email as their version of 2FA, and they didn't want to lock everyone out when they decided to switch to other, more secure forms of it.

Considering most of the account breaches likely start with the hacker getting access to someone's email, email 2fa might as well be nonexistent.

Email has worked for me for a long time. I have relatively good security practices. I don't click on links I don't know. I don't download anything from a suspect site. I don't use the same password for every email addy, and my passwords are complex. I've never had my email hacked or had a keylogger.

  • Like 4
  • Confused 3
Link to comment
Share on other sites
Padrion.7382

Padrion.7382

Posted
Posted
On 10/25/2022 at 9:44 AM, Astralporing.1957 said:

Considering most of the account breaches likely start with the hacker getting access to someone's email, email 2fa might as well be nonexistent.

 

In this case it would make much more sense to protect you mail account with 2FA than every individual online game that is governed by it.

 

The truth however is, that most hacks occur due to security breaches in the responsibility of the respective service provider. Accordingly they implement 2fA mainly to limit the damage THEY suffer from such attacks, by outsourcing security tasks to their customers.

  • Like 3
  • Confused 2
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
GuildWars2.com
ArenaNet

©2020 ArenaNet, LLC. All rights reserved. All trademarks are the property of their respective owners.

ESRB - Teen
×
×
  • Create New...