Jump to content

It's Time To Add A 2nd Authentication For Account Log-Ins on PTCGO


  • Please log in to reply

20 February 2018 - 01:12 PM

#21

StampMan

    Rookie Trainer

  • StampMan

Fully agree with the above posters. We need 2FA. I've been mostly FTP so far, and I'd be devastated if I found that I had lost the things I've worked hard to get. I couldn't imagine being someone who has spent a lot of real-life money on the game and finding that they've lost everything.


  • 2

20 February 2018 - 04:39 PM

#22

GolfBoyL

    Rookie Trainer

  • GolfBoyL
This is definitely something I support. Pokemon, I'd like you to do this.
  • 2

20 February 2018 - 05:02 PM

#23

JDMedina

    Junior Trainer

  • JDMedina

I agree that 2FA is needed. Even if a person did not put real-life dollars into the account, there's such time investment that losing your progress and decks can be devastating. 

 


  • 1

20 February 2018 - 06:19 PM

#24

TheBlackxRanger

    Rookie Trainer

  • TheBlackxRanger

Two Factor Authentication please. Require to reset password every 6 months


  • 1

20 February 2018 - 08:04 PM

#25

SandaledOtter

    Elite Trainer

  • SandaledOtter

Two Factor Authentication please. Require to reset password every 6 months

 

Yes, this should definitely be more secure than my bank account.


"Swishonk!" That's what's happening!

  • 1

20 February 2018 - 11:39 PM

#26

Pelendones

    Rookie Trainer

  • Pelendones
2 Factor Authentification is a good way to increase the security of someones account.
You made a wonderfull game and people invest time in it. It would be nice if you could try implementing it.
  • 1

21 February 2018 - 06:42 AM

#27

OU7C4ST

    Senior Trainer

  • OU7C4ST

Yes, this should definitely be more secure than my bank account.

Unless your bank account is a glass Piggy, then these requests aren't even on the same level as that my friend, lol.


OU7C4ST - /r/ptcgo Head Moderator
Twitch's #1 PTCGO Streamer
Founder of OU7C4ST's Card Value Guide

Check out my YT for Deck Reviews, & More!

  • 2

21 February 2018 - 10:28 PM

#28

SandaledOtter

    Elite Trainer

  • SandaledOtter

Unless your bank account is a glass Piggy, then these requests aren't even on the same level as that my friend, lol.

I've never been asked to change my bank account's password, and I have done so once in the... several years I've had it. They have security questions that anyone who knows me might be able to answer.

 

Just this month they established a one-time phone authentication system, on the phone I've been using for most of my banking for at least two years. They shut down the site for two days to implement it.


"Swishonk!" That's what's happening!

  • 0

21 February 2018 - 11:49 PM

#29

Anyagezane

    Veteran Trainer

  • Anyagezane
Devs/Mods, please add this to an update soon. If you really care about us.
  • 2

22 February 2018 - 03:52 AM

#30

RobRatt

    Elite Trainer

  • RobRatt

I like added security, don't get me wrong.  But I'm not sure what everyone is asking for?  Or if they know what it would mean when implemented?

 

Right now, we already have a form of two-factor authentication in PTCGO.  It's our Username, which is, or should be, different than our Screen Name (nickname).  It's a bit of information that nobody should know, unless we divulge it.  Isn't that ultimately the problem, that people are somehow giving their Username out, whether it's sharing with others, a phishing scam, faked e-mail response, etc.?

 

Most real 2-step verification is done with hardware, whether it's a token, key fob, or even the chip on your debit card.  Obviously, that's not going to work.

 

When it comes to software solutions, it can be as simple as personal questions.  But that's what we already have with our Username.  If we added a simple question into the mix (last 4 of our phone number, or a non-changing code), wouldn't the fake websites (or other problems) just incorporate this, divulging more personal information?  Wouldn't the same people who already give out their Username (along with their password) still be prey?

 

The other commonly used methods of 2-step verification might be a real pain for us, or fairly difficult to implement.  Are the game's servers reliable and advanced enough to do what Microsoft or Google do on a global scale?  ...or would it become a source of aggravation?

 

With Microsoft, when you have it turned on, they send you a security code, either through e-mail or your phone.  You have to check, and enter the security code.

 

With Google, the 2nd step is a security code sent by text (via your phone), a voice call, or their mobile app.

 

One of the problems I see for us would be having multiple devices.  This complicates things dramatically, for both user and any System.

 

What exactly is everyone asking for with this request?  Do we really want to check a second source, and enter an additional security code every time we play?

 

P.S.  I'm just curious.  Please forgive my lack of knowledge if I'm missing something.


Edited by RobRatt, 22 February 2018 - 07:44 AM.

  • 0

22 February 2018 - 10:10 AM

#31

The_Real_Bug

    Expert Trainer

  • The_Real_Bug

What we need is pretty simple:

 

Better

Account

Protection

 

Do we really want to check a second source, and enter an additional security code every time we play?

 

If there was an optional PTCGO companion application, i would totally use it.

Casuals wouldn't be forced to use it and those who seek security would feel safer than before,


Edited by The_Real_Bug, 22 February 2018 - 10:11 AM.

Don't follow the trends, follow my threads

/u/The_Real_Bug_ /r/ptcgo

  • 0

22 February 2018 - 10:13 AM

#32

The_Real_Bug

    Expert Trainer

  • The_Real_Bug

Unless your bank account is a glass Piggy, then these requests aren't even on the same level as that my friend, lol.

 

I would totally like to know the name of the bank that he is using so i would avoid it like the vampire avoids garlic  :P


Don't follow the trends, follow my threads

/u/The_Real_Bug_ /r/ptcgo

  • 0

22 February 2018 - 02:25 PM

#33

doomtop

    Novice Trainer

  • doomtop

The other commonly used methods of 2-step verification might be a real pain for us, or fairly difficult to implement. Are the game's servers reliable and advanced enough to do what Microsoft or Google do on a global scale? ...or would it become a source of aggravation?
 




2FA as implemented by Google/Microsoft is based on the TOTP standard. (See RFC 6238)



It is completely within reach even for a company with less technical resources.


Edited by doomtop, 22 February 2018 - 02:26 PM.

  • 0

22 February 2018 - 05:58 PM

#34

SandaledOtter

    Elite Trainer

  • SandaledOtter

I would totally like to know the name of the bank that he is using so i would avoid it like the vampire avoids garlic  :P

I probably can't name names here. They've had well-known spokespeople in their ads and they aren't the bigger company that tried to steal my disability payments a few years back.


"Swishonk!" That's what's happening!

  • 0

22 February 2018 - 10:31 PM

#35

The_Real_Bug

    Expert Trainer

  • The_Real_Bug

I probably can't name names here. They've had well-known spokespeople in their ads and they aren't the bigger company that tried to steal my disability payments a few years back.

 

No need to do that, i was being sarcastic.


Don't follow the trends, follow my threads

/u/The_Real_Bug_ /r/ptcgo

  • 0

23 February 2018 - 04:52 AM

#36

VinVinJonJon

    Rookie Trainer

  • VinVinJonJon

I support 2FA too!


  • 0

23 February 2018 - 04:35 PM

#37

graywh

    Elite Trainer

  • graywh

Right now, we already have a form of two-factor authentication in PTCGO.  It's our Username, which is, or should be, different than our Screen Name (nickname).  It's a bit of information that nobody should know, unless we divulge it.  Isn't that ultimately the problem, that people are somehow giving their Username out, whether it's sharing with others, a phishing scam, faked e-mail response, etc.?

 

I'd guess most people have the same username and screen name because they signed up with a username they wanted to use as their screen name before learning that the screen name is a separate thing.  And users can't change either on their own.  (Support will change your screen name if it contains any personal information, but support will change both username and screen name to the same thing in such a case unless you specifically ask them not to.)

 

Also, this is not considered 2FA at all.  The two most common factors used are "something you know" (a password) and "something you have" (a mobile device, code generating device/application).

 

 

One of the problems I see for us would be having multiple devices.  This complicates things dramatically, for both user and any System.

 

What exactly is everyone asking for with this request?  Do we really want to check a second source, and enter an additional security code every time we play?

 

Most 2FA systems allow you to trust a device so you don't need to enter codes on subsequent authentications.


Forums Rules
  • Stay on Topic
  • Search, then Post
  • Be Constructive
  • Play Nice
  • Be Honest
  • Keep Your Private Life Private
  • Keep Your Links Official
  • Discipline is Private
http://forums.pokemontcg.com/index.php?app=forums&module=extras&section=boardrules
  • 0

24 February 2018 - 06:55 AM

#38

OU7C4ST

    Senior Trainer

  • OU7C4ST

This issue on current security really needs to be addressed by the PTCGO mod/staff team.

We understand you can't touch on each individual's situation in relation to the current account compromises, but we should be in the loop regarding overall security measures PTCGO may or may not have had issues with lately.

We need to be protected, & need to hear that there hasn't been a breach in security, or PTCGO as a whole are working on strengthening security.

This is a game that asks people to partake in micro-transactions via the Gem system, Tournament Ticket purchases, and so on. Even without that, the community still invests into this game with personal time.


OU7C4ST - /r/ptcgo Head Moderator
Twitch's #1 PTCGO Streamer
Founder of OU7C4ST's Card Value Guide

Check out my YT for Deck Reviews, & More!

  • 1

24 February 2018 - 01:34 PM

#39

iyado166

    Elite Trainer

  • iyado166

"Thank you for sharing your suggestions on this serious matter, they will forward themselves to the Dev Team" 

xD


Now hosting the Sun & Moon League tournament
>))))">.o ..>))))">.o ..>))))">.o ..>))))">.o ..>))))">.o ..>))))">
  • 1

24 February 2018 - 03:41 PM

#40

The_Real_Bug

    Expert Trainer

  • The_Real_Bug

This issue on current security really needs to be addressed by the PTCGO mod/staff team.

We understand you can't touch on each individual's situation in relation to the current account compromises, but we should be in the loop regarding overall security measures PTCGO may or may not have had issues with lately.

We need to be protected, & need to hear that there hasn't been a breach in security, or PTCGO as a whole are working on strengthening security.

This is a game that asks people to partake in micro-transactions via the Gem system, Tournament Ticket purchases, and so on. Even without that, the community still invests into this game with personal time.

 

Their defeaning silence over the issue proves that we are stuck in the second gear.

They won't adress it, because they only have things that we don't want to hear so they clearly chose to whistle pass us.


Don't follow the trends, follow my threads

/u/The_Real_Bug_ /r/ptcgo

  • 1