Two Factor Authentication for PoE Accounts

"
sman0330 a écrit :
Hi!

Why don't you link your account with steam? Steam have 2 factor authentification
Its only two factor if you use the steam client. You can download the normal client and completely bypass steams two factor by simply logging in as you normally would.

Also i agree with Mano, after having my shit jacked a week before breach and still having not clue as to how they gained access, or even got my email (because my email is completely private, no mail goes in or out that to anyone other than GGG, the email i use for POE is strictly for POE).

I didnt lose as much as i thought i did in the breach but they took several irreplaceable items, literal 1/1 items, not to mention sentimental items like my first dropped Mirror.

Im good enough at the game and trading to get back old legacy items or mirrored gear fairly easily but thats all irrelevant compared to the irreplaceable items they took such as Demigods or Alternate Art items.

Path of Exile accounts are high value targets to RMTers looking to make money, 2FA is needed.
Harvest sucks! But look at my decked out gear two weeks in!

Labyrinth salt farm miner.

"But my build diversity" , "Game is too hard!" - Meta drone playing the same 1-3 builds for years.
Upvoting. It should has been done past years already, i saw enough forum thread from players that lost everything. And i wouldn't this happenning to my account specialy when GGG's policy is " no refund ".

Not doing anything is kinda a double penaltie.
Hf :)
for a start they could implement an ingame option for streamers to hide their email addresses. seens so many streams where those guys openly show their email ... while at the same time support is very behind modifying posts of users posting their mail in a forum post.
age and treachery will triumph over youth and skill!
"
vio a écrit :
for a start they could implement an ingame option for streamers to hide their email addresses. seens so many streams where those guys openly show their email ... while at the same time support is very behind modifying posts of users posting their mail in a forum post.


Actually what they should do here is show only a few characters after the email field has been filled out. For example:

zig***@gmail.com

rather than the full email (e.g., ziggyd@gmail.com).

That way the user still knows which account they are signed in with but at the same time, their full email address isn't published. I sympathize with people who stream the game because that field is instantly displayed when a player is booted and that happens outside of the player's control.
Deliver pain exquisite
"
_Tiem a écrit :
"
vio a écrit :
for a start they could implement an ingame option for streamers to hide their email addresses. seens so many streams where those guys openly show their email ... while at the same time support is very behind modifying posts of users posting their mail in a forum post.


Actually what they should do here is show only a few characters after the email field has been filled out. For example:

zig***@gmail.com

rather than the full email (e.g., ziggyd@gmail.com).

That way the user still knows which account they are signed in with but at the same time, their full email address isn't published. I sympathize with people who stream the game because that field is instantly displayed when a player is booted and that happens outside of the player's control.


yep, good idea showing the first chars only.

but the complaint about that security hole is as old as their twitch implementation.
age and treachery will triumph over youth and skill!
"
vio a écrit :
"
_Tiem a écrit :
"
vio a écrit :
for a start they could implement an ingame option for streamers to hide their email addresses. seens so many streams where those guys openly show their email ... while at the same time support is very behind modifying posts of users posting their mail in a forum post.


Actually what they should do here is show only a few characters after the email field has been filled out. For example:

zig***@gmail.com

rather than the full email (e.g., ziggyd@gmail.com).

That way the user still knows which account they are signed in with but at the same time, their full email address isn't published. I sympathize with people who stream the game because that field is instantly displayed when a player is booted and that happens outside of the player's control.


yep, good idea showing the first chars only.

but the complaint about that security hole is as old as their twitch implementation.


Ya sometimes you realize just how small a company these guys are. Like even shitty games back some 15 years ago had some kickass CGI cutscenes. This game, they barely just threw in nice splash art while you wait for the map to load. Not that the game needs it, but it's just another thing towards polish and player immersion.

PoE feels a ton like GD in how basic it is a lot of times. But security and rollbacks are a pretty big deal tho.
Deliver pain exquisite
"
_Tiem a écrit :
Ya sometimes you realize just how small a company these guys are.

they were small.
going from 40 to 90+ people that fast is huge as it requires alot of changes to company structures and processes.
dunno how long this takes for a nz based company. probably depends if they got professional external help.

"
_Tiem a écrit :

Like even shitty games back some 15 years ago had some kickass CGI cutscenes. This game, they barely just threw in nice splash art while you wait for the map to load. Not that the game needs it, but it's just another thing towards polish and player immersion.

PoE feels a ton like GD in how basic it is a lot of times. But security and rollbacks are a pretty big deal tho.

in the end the overal time they made it on the market will tell how successful their decisions were.
age and treachery will triumph over youth and skill!
"
DoubleU a écrit :
What about a hardware firewall?
After all you are a cyber security guy.


there are plenty of ways to get compromised where a firewall doesn't help.
My Shop: http://www.pathofexile.com/forum/view-thread/1338089
to bump the issue, i also would like to have additional security, some account specific code like the first 5 characters of the credit card i supported with would be a good start.

age and treachery will triumph over youth and skill!
"
vio a écrit :
to bump the issue, i also would like to have additional security, some account specific code like the first 5 characters of the credit card i supported with would be a good start.



Or, like any sane company, send a code to your e-mail or use your smart phone's Google authenticator app to generate a code. Don't overcomplicate it. Also make sure you don't fall into common traps to lose your password, since that's the only way you get 'hacked'

Signaler

Compte à signaler :

Type de signalement

Infos supplémentaires