Account guard too suspicious?



  • Hi,

    Clearly I do not know much on the topic, but it looks like the account guard feature is currently based on cookies only, i.e. every time they are purged (when I close my browser) I am prompted to check my email for the code the next time I log back into the website.

    I know this is for our own protection, but would it not be more sensible (and perhaps less annoying) to trigger the verification when more suspicious logins are attempted (e.g. from an unusual IP/region or after many failed attempts)?

    And yes, of course making the browser save Fractured cookies is the easy fix, but still...


  • TF#12 - PEOPLE'S HERALD

    would be nice but it isn't here.

    even a combo of IP and hardware ID would be nice.



  • Do you mean that it is not possible or just not implemented?

    Any word from the developers/admins on future plans for this?


  • DymStudios - CEO

    Hi @Fraxav, the account guard uses cookies indeed. It's kind of a standard implementation for such a system - it's not only people in faraway places that can get hold of your password 😉 The control on multiple failed login attempts also exists, but it serves another purpose (preventing brute force attacks).

    If it annoys you, you can disable it completely from your account menu! 🙂


  • TF#12 - PEOPLE'S HERALD

    @Prometheus said in Account guard too suspicious?:

    Hi @Fraxav, the account guard uses cookies indeed. It's kind of a standard implementation for such a system - it's not only people in faraway places that can get hold of your password 😉 The control on multiple failed login attempts also exists, but it serves another purpose (preventing brute force attacks).

    If it annoys you, you can disable it completely from your account menu! 🙂

    i forget, is there a non-email 2FA like the google authenticator?
    some people have put 100-10k cash into the game, having email as a 2fa is pretty bad when those get compromised pretty quick.
    my blizzard auth has saved my account from attempts from china.


  • TF#12 - PEOPLE'S HERALD

    @Jetah said in Account guard too suspicious?:

    @Prometheus said in Account guard too suspicious?:

    Hi @Fraxav, the account guard uses cookies indeed. It's kind of a standard implementation for such a system - it's not only people in faraway places that can get hold of your password 😉 The control on multiple failed login attempts also exists, but it serves another purpose (preventing brute force attacks).

    If it annoys you, you can disable it completely from your account menu! 🙂

    i forget, is there a non-email 2FA like the google authenticator?
    some people have put 100-10k cash into the game, having email as a 2fa is pretty bad when those get compromised pretty quick.
    my blizzard auth has saved my account from attempts from china.

    2step google auth would be nice, although I have 2 step on my email linked to my mobile so provided I never lose my number wich iv had same one for 15 years now, it should be safe.

    Just make your email more secure is a solution.

    I use a different password on my email to anything else and have 2 step mobile authentication. Only ever had my league account hacked, when loads of accounts where leaked, but got it back because email is secure


  • TF#12 - PEOPLE'S HERALD

    Yeah 2 step would be really appreciated by the time we go live.

    I am already getting terrible nightmares of what those pesky "foreigners" could do to my lovely Erwydra.



  • @Prometheus Thanks, I was not aware of that!

    Not gonna lie, it can get a bit annoying at times for me, but I suppose that is mainly because of the cookie policy I have. It is also hard to say no to protection, and the possibility of different authentication measures suggested above seems interesting, too.


  • TF#12 - PEOPLE'S HERALD

    @Xzoviac

    you're asking for the average person to secure their own stuff.


  • TF#12 - PEOPLE'S HERALD

    @Jetah said in Account guard too suspicious?:

    @Xzoviac

    you're asking for the average person to secure their own stuff.

    I'm not telling them what to do lol they can do what they want, I was just saying what I do. And what others could do as well.

    In built 2step would be nice but its certainly possible to do it your self and no less complex then a built in one


  • TF#12 - PEOPLE'S HERALD

    @Xzoviac said in Account guard too suspicious?:

    @Jetah said in Account guard too suspicious?:

    @Xzoviac

    you're asking for the average person to secure their own stuff.

    I'm not telling them what to do lol they can do what they want, I was just saying what I do. And what others could do as well.

    In built 2step would be nice but its certainly possible to do it your self and no less complex then a built in one

    problem is 2fa is better than email because emails can get compromised. unless you change your email pass weekly, it can still happen.
    once the gold sellers learn about fractured they'll start using the existing email/pass on the this game.

    i actually hate that the username is still your email. it's like using your federal ID number (social security number in the US) as your credit card number.


  • TF#12 - PEOPLE'S HERALD

    @Jetah said in Account guard too suspicious?:

    some people have put 100-10k cash into the game

    The highest option was $5k. Where are you getting $10k from?


  • TF#12 - PEOPLE'S HERALD

    @Pwnstar said in Account guard too suspicious?:

    @Jetah said in Account guard too suspicious?:

    some people have put 100-10k cash into the game

    The highest option was $5k. Where are you getting $10k from?

    easier typing. and just because the package was listed at 5k, doesn't mean you couldn't offer more when you selected it!


Log in to reply
 

Copyright © 2021 Dynamight Studios Srl | Fractured