Two Factor Authentication for PoE Accounts

I know we have the code for when you log into your account from a different location but my account is important to me and I want to make sure I have as many layers of protection as possible.

Yes, I have a strong passphrase for both my PoE and Email account, but with the constant breaches happening to sites that host email services I'm starting to get more paranoid.

Would this ever get implemented?

Hi!

Why don't you link your account with steam? Steam have 2 factor authentification

"

Manocean a écrit :

Yes, I have a strong passphrase for both my PoE and Email account, but with the constant breaches happening to sites that host email services I'm starting to get more paranoid.

It's the Breach league, after all.

Apart from that, linking to Steam seems to be your best option.

+1. Offloading the feature to Steam is not nearly as secure as GGG actually rolling it out. And considering the fact that if your account does get hacked, they won't restore it anyway. You'd think this would be a slight priority for them. There are so many free authentication clients out there they could use.

Especially now with the public stash tabs, anyone can pretty much have a look at your entire inventory.

Have always been nervous about the lack of security...

My wifi goes down for a few seconds and I have to use an unlock code every single time I log on. Its super annoying, but amusing reading which random town within 20 miles of me PoE thinks I magically teleported to in every email.

There is literally no other account I've ever had that does that, as they remember things like ip address, my devices, and that password I already enter every time but sure make actually logging on a pain in the ass every time. That will teach those hypothetical hackers to try and gain access to my account.

Meanwhile my email, FB, etc. all use 2 factor security.

"

sman0330 a écrit :

Hi!

Why don't you link your account with steam? Steam have 2 factor authentification

Because I don't use Steam!

"

_Tiem a écrit :

Especially now with the public stash tabs, anyone can pretty much have a look at your entire inventory.

Have always been nervous about the lack of security...

Yea, a single item I have is worth 900ex it makes me nervous to be targeted.

Ya man I feel you. When I first started playing I did a lot of googling for info about builds and items because the learning curve is huge. On the first page, sometimes even first hits, were RMT sites. It's so bad that I thought GGG actually condoned RMT and thought they were like D3s old AH before coming here finding out that RMT would get you banned. Then I read a post from Chris saying those RMT sites get most of their stuff from hacking accounts and was like :0. Made me totally nervous after that that some kid could just basically delete my entire inventory and GGG would be like oh well sorry about that.

Not that I really have any crazy mirror gear or anything anyone couldn't get for a few exalts, but I'm always worried about linking things knowing that if I did get hacked, GGG wouldn't do a damn thing.

And I mean it's pretty trivial to plug in the technology. Blizzard has their own authenticator but there are tons of free ones, which is kind of better because then you can use your own client. I have one for things like Github and Dropbox, like if they can do it...

What about a hardware firewall?
After all you are a cyber security guy.

"

Manocean a écrit :

I know we have the code for when you log into your account from a different location but my account is important to me and I want to make sure I have as many layers of protection as possible.

Yes, I have a strong passphrase for both my PoE and Email account, but with the constant breaches happening to sites that host email services I'm starting to get more paranoid.

Would this ever get implemented?

Copy and Paste your password into a secure folder. Then link to Steam if you use it. Then never type your password or email into the login bar ever again. I haven't been compromised yet (knock on wood).

"

_Tiem a écrit :

+1. Offloading the feature to Steam is not nearly as secure as GGG actually rolling it out. And considering the fact that if your account does get hacked, they won't restore it anyway. You'd think this would be a slight priority for them. There are so many free authentication clients out there they could use.

Especially now with the public stash tabs, anyone can pretty much have a look at your entire inventory.

Have always been nervous about the lack of security...

They don't restore it because getting your account 'hacked' is 100% the fault of the user. You did something to lose your password, whether its choosing a bad one, using fishy websites, or having a keylogger. Botting, RWTing, sharing accounts are all bad risk factors too.

Be smart, scan often and don't fall for scams as old as Runescape Classic. If GGG ever did get compromised, I have faith they'd announce it and tell us all to change our passwords.