Jump to content
Sign in to follow this  
OU7C4ST

It's Time To Add A 2nd Authentication For Account Log-Ins on PTCGO

Recommended Posts

OU7C4ST

It has come to my attention lately, that there have been several fake websites popping up that appear to look like the sign-in portals of Pokemon.com.

This is becoming a real problem, as these fake websites are starting to collect usernames, and passwords of players online, and cleaning out their PTCGO accounts in the process.

I would like to offer the solution of perhaps adding a 2-Factor Authentication system solely to the PTCGO login client.

The 2nd Authentication process could include anything from telling the system your last 4 digits of cell phone, a security password, or an IP checker. (It wouldn't be a bad idea to also have a section dedicated to see where the last place you signed in was. Similar to how RuneScape, or other online games do, based on your IP.)

Why you ask we should have a 2nd Authentication for PTCGO?

People have invested hundreds, if not thousands of real life dollars or other currencies, into their account. This game is F2P of course, but the game does persuade you at times to spend IRL money. Such as spending $1 a piece on Tournament Tickets, or spending $30, and up on Gems for you Canadian players out there.

I feel if PTCGO is going to request their player-base to spend their hard earned IRL money, there should be more protection for them. If not the money, the sheer time some of us have invested into the games should be seen as valuable as well.

I hope to see an implication of added security in the near future.

Thank you for your time!


EDIT: This was originally created in 2016, & it's more relevant than ever. Please PTCGO Staff, help us protect our accounts as much as possible!

Edited by OU7C4ST
  • Upvote 14
  • Downvote 1

Share this post


Link to post
Share on other sites
awesome_guy

I'm not sure if i understood what you said right, but if i did, wouldn't the phishers just need to edit their page to mimic ptcgo asking for your last four digits of phone number? In that case they'd just end up with more information about you (which they wouldn't have got in the first place)

 

Alternatively if you could combine both your suggestions (OTP-like verification whenever you log in from a new location) that'd really decrease the number of incidences of these phishing attacks.

 

Or putting up an open warning on the home page after opening ptcgo would probably make players more alert as to the kind of stuff to watch out for (especially since these attacks are made under the claim that you can get either free packs or free tokens- something that seems very tempting to the ears)

  • Upvote 3

Share this post


Link to post
Share on other sites
graywh

I think you're confused about multi-factor authentication.  A second piece of information isn't sufficient.  You generally need 1) something you know (a password or PIN) and 2) something you own (a debit card, mobile phone, or security key).  You prove ownership of the item be physically presenting it or using it to generate a one-time password (e.g., receiving a txt message).

  • Upvote 3
  • Downvote 1

Share this post


Link to post
Share on other sites
OU7C4ST

I'm not sure if i understood what you said right, but if i did, wouldn't the phishers just need to edit their page to mimic ptcgo asking for your last four digits of phone number?

No, the extra security needs to be on the PTCGO sign-in client. Not the website.

  • Upvote 3

Share this post


Link to post
Share on other sites
graywh

No, the extra security needs to be on the PTCGO sign-in client. Not the website.

 

Ah, that might work.

 

The problem would be setting or changing that "secondary password".  You couldn't allow doing it through the website.

  • Upvote 1

Share this post


Link to post
Share on other sites
ForgottenTime

2FA might work, I think it would be easier for the dev team to give us options to trade lock our cards.

  • Upvote 1

Share this post


Link to post
Share on other sites
OU7C4ST

2FA might work, I think it would be easier for the dev team to give us options to trade lock our cards.

That sounds interesting. Maybe a "bank" feature in the game, kinda like RuneScape, where you have to enter a 4 digit pin or whatnot to unlock those cards. That may be too crazy, but would help.

  • Upvote 1

Share this post


Link to post
Share on other sites
Tom029193

Two factor would really put my mind at ease. I've recently started getting really invested in the game and I would hate to log on one day and find out someone brute forced their way in my account and I've lost everything.  Giving us the option to receive a text, email or a code from an Authenticator application would be a great way to secure accounts or even just let us know that someone is trying to get in. 

  • Upvote 2

Share this post


Link to post
Share on other sites
Adhir1995

You want to make it like steam with verification don't you? :o I  would agree this is a good plan

 

also looks like someone people here has seen Mr.Robot :D 

  • Upvote 2

Share this post


Link to post
Share on other sites
settlers25

I agree

 

Dear Mode

Will you pleas forward to dev?

In the last 4-5 weeks there have been a big number of cases of hack on Pokemon accounts. With use of phishing. There are players that have cards for many many $$$ In this game and i suggest that the dev implement a 2 factor security. When players login on a new device.

Mail/SMS/App just something to protect your customer. Like the system Steam, Origin and Blizzard have.

Thanks

  • Upvote 4

Share this post


Link to post
Share on other sites
The_Real_Bug

If someone doesn't know what phishing is yet, time for some studying.

 


Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.

Edited by The_Real_Bug
  • Upvote 1
  • Downvote 1

Share this post


Link to post
Share on other sites
PokeeZepp

I think all game companies should have two-factor authentication (mobile app or text message) if they produce a game with any sort of virtual currency.  This is long overdue, and TCPi is late to the game.

  • Upvote 3

Share this post


Link to post
Share on other sites
The_Real_Bug

I think all game companies should have two-factor authentication (mobile app or text message) if they produce a game with any sort of virtual currency.  This is long overdue, and TCPi is late to the game.

 

There are plenty of things that TCPi are late to the game and they know it.

 

But they do not care.

Share this post


Link to post
Share on other sites
The_Real_Bug

Being more relevant than ever, i'm bumping this.

  • Upvote 1

Share this post


Link to post
Share on other sites
OU7C4ST

Maybe it's time we come back to this suggestion..

  • Upvote 2

Share this post


Link to post
Share on other sites
9999ben9

Cant see any reason NOT to do this...100% support

  • Upvote 3

Share this post


Link to post
Share on other sites
LegendofZapdos5

Cant see any reason NOT to do this...100% support

I'm with Big Ben and OU7 on this topic-PLEASE CONSIDER THIS IDEA!

  • Upvote 2

Share this post


Link to post
Share on other sites
archevil

There has been a lot of hacked accounts lately in the game, it is time to reconsider adding 2FA to secure our accounts!

Edited by archevil
  • Upvote 3

Share this post


Link to post
Share on other sites
The_Real_Bug

I say it's about time that they put themselves together.

Enough is enough.

 

5 people have been already affected by Frad2324 as it was reveal on /r/ptcgo and i'm afraid more will follow.

 

I strongly suggest to everyone to change their password.

  • Upvote 1

Share this post


Link to post
Share on other sites
grriffinn

I say it's about time that they put themselves together.

Enough is enough.

 

5 people have been already affected by Frad2324 as it was reveal on /r/ptcgo and i'm afraid more will follow.

 

I strongly suggest to everyone to change their password.

I've already done so and I turned off all trading capabilities on my account as an extra precaution, but the fact that this has happened in the past and will continue until a fix is implemented is just pure negligence.

  • Upvote 1

Share this post


Link to post
Share on other sites
StampMan

Fully agree with the above posters. We need 2FA. I've been mostly FTP so far, and I'd be devastated if I found that I had lost the things I've worked hard to get. I couldn't imagine being someone who has spent a lot of real-life money on the game and finding that they've lost everything.

  • Upvote 2

Share this post


Link to post
Share on other sites
GolfBoyL

This is definitely something I support. Pokemon, I'd like you to do this.

  • Upvote 2

Share this post


Link to post
Share on other sites
JDMedina

I agree that 2FA is needed. Even if a person did not put real-life dollars into the account, there's such time investment that losing your progress and decks can be devastating. 

 

  • Upvote 1

Share this post


Link to post
Share on other sites
TheBlackxRanger

Two Factor Authentication please. Require to reset password every 6 months

  • Upvote 1

Share this post


Link to post
Share on other sites
SandaledOtter

Two Factor Authentication please. Require to reset password every 6 months

 

Yes, this should definitely be more secure than my bank account.

  • Upvote 1

Share this post


Link to post
Share on other sites
Sign in to follow this  

×
×
  • Create New...