Perhaps send an email to everyone with an ROA acct. As we all know, not everyone uses the forums/discord. It is a horrible/largely unreliable way to give all but a portion of the community very important information, such as, account security. Another idea: why not send emails to everyone when you make large and or positive changes to the game, such as, drastically improving server performance, or the housing patch. It's basically free and easy advertising to someone that has already shown interest in your product. Even if these types of emails only bring 5 accounts a month, seems a win for everyone. Edit: kind of like the June newsletter.
We will be having a monthly newsletter going over what we are working on and what changes have been made, and the next one is coming up here soon. This week we will be presenting our 3-month development road map going over what our focus will be over the coming months as well.
Great job on the authenticator but why is it not on the game as well as the website? Also why not just ask for the code when a different IP logs in rather than annoying everyone to do this every time they log in?
Perhaps because anyone who had your login details and now wants to get past your two factor would just get into your TS or equivalent, get your IP and spoof it?
Since this 2FA is on the account login and not on the client login, anyone who already is compromised but doesn't know it yet (i.e. attacker is sitting on credentials waiting for your account to get fat) is still vulnerable. Everyone should change their password to something never-before-used, after enabling 2FA.
First, need this in the game login client asap. Second, can we get the account management page to list past logins to the game and account management page with IP information? This would help people keep tabs on funny business if so inclined.
Thank you ! Even if it is not integrated in the client, it does protect account access (at worst, BPG would have to fix in-game shit after a hack). For "laughs", I am still baffled that AV had not protected its client and web site from brute force password attempts! It blows me away: I am a simple unprofessional webmaster, and yet my web sites are protected from brute force... They implemented limits in 2011 after a wave of brute force attacks. Hey, I don't like to shit openly on AV, but that just blows me away.
Two factor authentication means you need two different things to log in. In this case, it's something you know (your password) as well as something you have (your phone, which has a constantly changing code on it). This way, if someone steals your password only, they can't get into your account - they would also need to steal (and unlock?) your phone. Everyone should enable two-factor authentication on all services it's available on.
Is this still not actually working? I enabled it from my job and went home and was able to log in with just using my info. When will this actually me implanted into the login lobby? Just wanting my account secure
