Jump to content

It's Time To Add A 2nd Authentication For Account Log-Ins on PTCGO


  • Please log in to reply

18 November 2016 - 10:55 PM

#1

OU7C4ST

    Senior Trainer

  • OU7C4ST

It has come to my attention lately, that there have been several fake websites popping up that appear to look like the sign-in portals of Pokemon.com.

This is becoming a real problem, as these fake websites are starting to collect usernames, and passwords of players online, and cleaning out their PTCGO accounts in the process.

I would like to offer the solution of perhaps adding a 2-Factor Authentication system solely to the PTCGO login client.

The 2nd Authentication process could include anything from telling the system your last 4 digits of cell phone, a security password, or an IP checker. (It wouldn't be a bad idea to also have a section dedicated to see where the last place you signed in was. Similar to how RuneScape, or other online games do, based on your IP.)

Why you ask we should have a 2nd Authentication for PTCGO?

People have invested hundreds, if not thousands of real life dollars or other currencies, into their account. This game is F2P of course, but the game does persuade you at times to spend IRL money. Such as spending $1 a piece on Tournament Tickets, or spending $30, and up on Gems for you Canadian players out there.

I feel if PTCGO is going to request their player-base to spend their hard earned IRL money, there should be more protection for them. If not the money, the sheer time some of us have invested into the games should be seen as valuable as well.

I hope to see an implication of added security in the near future.

Thank you for your time!


EDIT: This was originally created in 2016, & it's more relevant than ever. Please PTCGO Staff, help us protect our accounts as much as possible!


Edited by OU7C4ST, 20 February 2018 - 05:14 AM.

OU7C4ST - /r/ptcgo Head Moderator
Twitch's #1 PTCGO Streamer
Founder of OU7C4ST's Card Value Guide

Check out my YT for Deck Reviews, & More!

  • 13

19 November 2016 - 03:28 AM

#2

awesome_guy

    Elite Trainer

  • awesome_guy
I'm not sure if i understood what you said right, but if i did, wouldn't the phishers just need to edit their page to mimic ptcgo asking for your last four digits of phone number? In that case they'd just end up with more information about you (which they wouldn't have got in the first place)

Alternatively if you could combine both your suggestions (OTP-like verification whenever you log in from a new location) that'd really decrease the number of incidences of these phishing attacks.

Or putting up an open warning on the home page after opening ptcgo would probably make players more alert as to the kind of stuff to watch out for (especially since these attacks are made under the claim that you can get either free packs or free tokens- something that seems very tempting to the ears)
  • 3

19 November 2016 - 05:00 AM

#3

graywh

    Elite Trainer

  • graywh

I think you're confused about multi-factor authentication.  A second piece of information isn't sufficient.  You generally need 1) something you know (a password or PIN) and 2) something you own (a debit card, mobile phone, or security key).  You prove ownership of the item be physically presenting it or using it to generate a one-time password (e.g., receiving a txt message).


Forums Rules
  • Stay on Topic
  • Search, then Post
  • Be Constructive
  • Play Nice
  • Be Honest
  • Keep Your Private Life Private
  • Keep Your Links Official
  • Discipline is Private
http://forums.pokemontcg.com/index.php?app=forums&module=extras&section=boardrules
  • 2

19 November 2016 - 05:06 AM

#4

OU7C4ST

    Senior Trainer

  • OU7C4ST

I'm not sure if i understood what you said right, but if i did, wouldn't the phishers just need to edit their page to mimic ptcgo asking for your last four digits of phone number?

No, the extra security needs to be on the PTCGO sign-in client. Not the website.


OU7C4ST - /r/ptcgo Head Moderator
Twitch's #1 PTCGO Streamer
Founder of OU7C4ST's Card Value Guide

Check out my YT for Deck Reviews, & More!

  • 3

19 November 2016 - 05:51 AM

#5

graywh

    Elite Trainer

  • graywh

No, the extra security needs to be on the PTCGO sign-in client. Not the website.

 

Ah, that might work.

 

The problem would be setting or changing that "secondary password".  You couldn't allow doing it through the website.


Forums Rules
  • Stay on Topic
  • Search, then Post
  • Be Constructive
  • Play Nice
  • Be Honest
  • Keep Your Private Life Private
  • Keep Your Links Official
  • Discipline is Private
http://forums.pokemontcg.com/index.php?app=forums&module=extras&section=boardrules
  • 1

19 November 2016 - 05:55 AM

#6

ForgottenTime

    Novice Trainer

  • ForgottenTime

2FA might work, I think it would be easier for the dev team to give us options to trade lock our cards.


  • 1

19 November 2016 - 11:15 AM

#7

OU7C4ST

    Senior Trainer

  • OU7C4ST

2FA might work, I think it would be easier for the dev team to give us options to trade lock our cards.

That sounds interesting. Maybe a "bank" feature in the game, kinda like RuneScape, where you have to enter a 4 digit pin or whatnot to unlock those cards. That may be too crazy, but would help.


OU7C4ST - /r/ptcgo Head Moderator
Twitch's #1 PTCGO Streamer
Founder of OU7C4ST's Card Value Guide

Check out my YT for Deck Reviews, & More!

  • 1

19 November 2016 - 07:40 PM

#8

Tom029193

    Rookie Trainer

  • Tom029193

Two factor would really put my mind at ease. I've recently started getting really invested in the game and I would hate to log on one day and find out someone brute forced their way in my account and I've lost everything.  Giving us the option to receive a text, email or a code from an Authenticator application would be a great way to secure accounts or even just let us know that someone is trying to get in. 


  • 2

20 November 2016 - 12:39 AM

#9

Adhir1995

    Elite Trainer

  • Adhir1995

You want to make it like steam with verification don't you? :o I  would agree this is a good plan

 

also looks like someone people here has seen Mr.Robot :D 


  • 2

20 November 2016 - 08:38 AM

#10

settlers25

    Expert Trainer

  • settlers25
I agree

Dear Mode
Will you pleas forward to dev?
In the last 4-5 weeks there have been a big number of cases of hack on Pokemon accounts. With use of phishing. There are players that have cards for many many $$$ In this game and i suggest that the dev implement a 2 factor security. When players login on a new device.
Mail/SMS/App just something to protect your customer. Like the system Steam, Origin and Blizzard have.
Thanks


- 100% Perfect Complete, 42 set completed. BETA Tester from 2011 -- Total Game played: 21.835.- Perfect Complete: HeartGold & SoulSilver -> Evolution (Foil & Non foil)- Black & White Noble Victories

- I have put my account to sleep again... I will return a day...

  • 4

21 November 2016 - 04:33 PM

#11

The_Real_Bug

    Expert Trainer

  • The_Real_Bug

If someone doesn't know what phishing is yet, time for some studying.

 


Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.


Edited by The_Real_Bug, 20 February 2018 - 01:44 AM.

Don't follow the trends, follow my threads

/u/The_Real_Bug_ /r/ptcgo

  • 0

21 November 2016 - 04:48 PM

#12

PokeeZepp

    Veteran Trainer

  • PokeeZepp

I think all game companies should have two-factor authentication (mobile app or text message) if they produce a game with any sort of virtual currency.  This is long overdue, and TCPi is late to the game.


Anything above this line is just my opinion.  Anything below the line is, too.

  • 3

21 November 2016 - 04:59 PM

#13

The_Real_Bug

    Expert Trainer

  • The_Real_Bug

I think all game companies should have two-factor authentication (mobile app or text message) if they produce a game with any sort of virtual currency.  This is long overdue, and TCPi is late to the game.

 

There are plenty of things that TCPi are late to the game and they know it.

 

But they do not care.


Don't follow the trends, follow my threads

/u/The_Real_Bug_ /r/ptcgo

  • 0

20 February 2018 - 01:46 AM

#14

The_Real_Bug

    Expert Trainer

  • The_Real_Bug

Being more relevant than ever, i'm bumping this.


Don't follow the trends, follow my threads

/u/The_Real_Bug_ /r/ptcgo

  • 1

20 February 2018 - 05:10 AM

#15

OU7C4ST

    Senior Trainer

  • OU7C4ST

Maybe it's time we come back to this suggestion..


OU7C4ST - /r/ptcgo Head Moderator
Twitch's #1 PTCGO Streamer
Founder of OU7C4ST's Card Value Guide

Check out my YT for Deck Reviews, & More!

  • 2

20 February 2018 - 05:30 AM

#16

9999ben9

    Expert Trainer

  • 9999ben9

Cant see any reason NOT to do this...100% support


Phantom Knight Trading Company

Come to PKTC to get all your decks needs. Best Prices, Fun Promotions, and Great Rewards for an Amazing Community  :)

 

  • 3

20 February 2018 - 05:53 AM

#17

LegendofZapdos5

    Veteran Trainer

  • LegendofZapdos5

Cant see any reason NOT to do this...100% support

I'm with Big Ben and OU7 on this topic-PLEASE CONSIDER THIS IDEA!


  • 2

20 February 2018 - 09:26 AM

#18

archevil

    Rookie Trainer

  • archevil

There has been a lot of hacked accounts lately in the game, it is time to reconsider adding 2FA to secure our accounts!


Edited by archevil, 20 February 2018 - 09:27 AM.

  • 3

20 February 2018 - 10:33 AM

#19

The_Real_Bug

    Expert Trainer

  • The_Real_Bug

I say it's about time that they put themselves together.

Enough is enough.

 

5 people have been already affected by Frad2324 as it was reveal on /r/ptcgo and i'm afraid more will follow.

 

I strongly suggest to everyone to change their password.


Don't follow the trends, follow my threads

/u/The_Real_Bug_ /r/ptcgo

  • 1

20 February 2018 - 11:26 AM

#20

grriffinn

    Trainer

  • grriffinn

I say it's about time that they put themselves together.

Enough is enough.

 

5 people have been already affected by Frad2324 as it was reveal on /r/ptcgo and i'm afraid more will follow.

 

I strongly suggest to everyone to change their password.

I've already done so and I turned off all trading capabilities on my account as an extra precaution, but the fact that this has happened in the past and will continue until a fix is implemented is just pure negligence.


  • 1