PDA

View Full Version : New Glyph Security Feature: Two-Factor Authentication via Email



Scapes
08-27-2014, 10:20 PM
http://www.archeagegame.com/wp-content/uploads/2014/08/glyph_logo.jpg (http://www.archeagegame.com/en/news/2014/08/new-glyph-security-feature-two-factor-authentication-via-email)

Starting tomorrow, we are adding a new security feature to Glyph to help keep your account safe.

When you log in from a new computer or a place that we haven’t seen you log in from before, you’ll be asked to verify that it really is you that’s logging in, by entering a code emailed to your account’s primary email address.

...

Read the full article on the website. (http://www.archeagegame.com/en/news/2014/08/new-glyph-security-feature-two-factor-authentication-via-email/)

Jagblade
08-27-2014, 10:32 PM
Back when I used to play Aion, I was hacked a couple times. Begged NCSoft to impliment something like this (as they allowed password changes and security question changes without email warning.)

To my knowledge they -still- haven't done anything about this. Good job!

totemiser
08-27-2014, 10:43 PM
good work guys this will hopefully help combat the hacking and make it even more secure

Squealdn
08-27-2014, 10:51 PM
If I've linked my account to Rift authenticator, will I still need to enter authentication code via email ?

TBH, I usually find adding an authenticator as hassle. But, if it's a choice between receiving via email and getting it from my synched phone, I will choose the later. More reliable.

Sinarria
08-28-2014, 12:10 AM
now that's what you call Responsible company ! game is still in beta and they already doing stuff other games and companies haven't done after 10 years GOOD JOB GUYZ !

Snott
08-28-2014, 01:14 AM
Nice. I like that Steam does this, it's a simple but very good idea.

AeonAuron
08-28-2014, 01:19 AM
Not sure if just in time, or a bit late?

NZ1
08-28-2014, 01:30 AM
Not sure if just in time, or a bit late?

its never too late to improve

Jigzy
08-28-2014, 01:31 AM
Great feature to add. Thanks for implementing this!

Hasematzel
08-28-2014, 02:50 AM
Great news! I just got the email with the announcement. Thanks a lot for implementing this.

ApocaRUFF
08-28-2014, 04:18 AM
Thanks for this additional security feature!

nilsen
08-28-2014, 06:25 AM
"If your ISP changes your computerís IP address, then youíll be asked for a code again"
please dont do it, my ip change all day, glyph is very inconvenient, look the steam and battle.net

rocdog
08-28-2014, 06:52 AM
"If your ISP changes your computer’s IP address, then you’ll be asked for a code again"
please dont do it, my ip change all day, glyph is very inconvenient, look the steam and battle.net

Getting your account stolen is also inconvenient.

Also


For those of you who use the Glyph or RIFT Authenticator, you’ll notice that the code entry has moved to a step after login. You can enter the code from your authenticator there and, optionally, whitelist your computer so you don’t have to enter codes when you log in using it in the future.

jahlon
08-28-2014, 06:57 AM
This was a great feature SquareEnix had.

When i started playing FFXIV ARR i was traveling with the military a lot. Yes, it was annoying to get my account locked every other day because I signed in from a new IP address, but, it was a great step to stoping account compromise.

Good job on this

Tsarkon
08-28-2014, 07:01 AM
Too many positive responses in here. That goes against the nature of the internet. Allow me to remedy this:


Only two factor authentication? What are you guys, a bunch of lazy chumps? Every single other MMO out there uses at LEAST twelve-factor authentication. It's like Trion doesn't even care about its playerbase.

Also, email authentication? 1952 called and they want their security measures back. If it's not a fully-functional retinal scan for primary authentication and a multi-spatial DNA scan at the very minimum for further authentication, you can count me out. Contact me via one of my Borg-like implants when your security implementation can't be hacked by a two year old with a simple omni-dimensional scanning device.

Calvinthesneak
08-28-2014, 07:19 AM
Many people already use two factor authentication for everything from email to facebook to other games.

Consider supporting an app that supports multiple programs like google authenticator? The RIFT authenticator works pretty well and I'm happy with it, but it would be nice to keep it all within one app.

SteveT
08-28-2014, 10:35 AM
Awesome.....This seems like a trouble free authentication system.

Kraius
08-28-2014, 03:09 PM
Very happy to see this change. Very necessary.

Hostile
08-28-2014, 03:18 PM
Glyph needs to die in a fire.

Clawgore
08-28-2014, 03:29 PM
I think the Rift Authenticator needs to check to make sure I am me more often. It seems that if I log into the game at least every 12 hours it doesn't ask me to reauthenticate with the code on my phone.

yarou
08-28-2014, 04:00 PM
People put their own accounts at risk with their ignorance and naivety, now days I have to be so careful with VPN software or I get locked out of my emails/games.. I dont want my location logged, can I opt out??
If you're ******ed and give a bunch of 3rd parties the same email addy/passwords your going to get hacked eventually and this ♥♥♥♥ wont really protect it because they have the same password on their game accounts as email accounts.. The hacker has all the info.. IN case of a breach at Trion/XL games specifically is the only way a large number of accounts would be taken and breaches of that scale dont happen that often. Most accounts are hacked because they register at stupid fan sites/hoax sites/gold buying sites that have no or little security..

AceSin
08-29-2014, 04:17 AM
Why not allow me to white list several PCs instead of making me redo the email verification every time I switch? I mean it's going to be annoying to do every time I use the one downstairs or the one at the office. It shouldn't be hard to keep a record of several different devices.

Apeach
08-29-2014, 05:21 AM
yea maybe this works better than locking players out of Archeage and when you try to get help from customer support they just tell you to get a static IP

Calvinthesneak
08-29-2014, 07:58 AM
Why not allow me to white list several PCs instead of making me redo the email verification every time I switch? I mean it's going to be annoying to do every time I use the one downstairs or the one at the office. It shouldn't be hard to keep a record of several different devices.

You can check the box to remember the PC. That means until such time as that device's IP address changes, you do not have to do the verification again. Works great for work type environments usually that have a static address. It'll be messier for home use, which generally uses a dynamic IP setup and they change address on a regular basis.

It is pretty difficult for them to do whitelisting any other way than they are implementing it. What people don't really seem to understand is that they have an equal responsibility for their account security.

Hackers have gotten sophisticated, and quite often use hundreds of thousands of compromised PC's to test log in servers with credentials, often to games or websites people have never even been to. Eventually they get in, and see what they can find of monetary value, or what they can monetize. Game accounts (for any game), are generally quite valuable, as there is constantly demand from people to pay real money for virtual currency (in game money and items).

What Trion is trying to do here is is give you a way to further secure you account, and help you the user prove/show that you are the true owner of the account. There are many factors outside of their control, and so they are providing at least a basic means for some additional user control with email authentication. If your email access is hacked however it's gone out the window (this happens a lot). Look at a more robust phone 2 step authenticator if you can. 10 seconds of effort on your part to enter a number, should make your account almost innaccessible. Of course if the registration email address is compromised and they pose as you, the user, and request a removal of authentication, you're back in the same boat. My advice, use 2 factor authentication for anything online. Email, facebook, games. If someone provides you tools to protect yourself, use them.

TL;DR: You don't drive a car without putting your seat belt on, same should apply for internet safety. If there is something to make you safer from hackers, isn't it on you the user to ensure you're making use of it?

psychomagus
08-29-2014, 10:31 AM
If I've linked my account to Rift authenticator, will I still need to enter authentication code via email ?

TBH, I usually find adding an authenticator as hassle. But, if it's a choice between receiving via email and getting it from my synched phone, I will choose the later. More reliable.

No. From the full article:


For those of you who use the Glyph or RIFT Authenticator, youíll notice that the code entry has moved to a step after login. You can enter the code from your authenticator there and, optionally, whitelist your computer so you donít have to enter codes when you log in using it in the future. If you donít have a Glyph or RIFT Authenticator attached to your account, youíll receive an authentication code via email.

psychomagus
08-29-2014, 10:34 AM
Why not allow me to white list several PCs instead of making me redo the email verification every time I switch? I mean it's going to be annoying to do every time I use the one downstairs or the one at the office. It shouldn't be hard to keep a record of several different devices.

You won't have to do it every time you switch, only the first time you use each individual computer.

clover
08-29-2014, 06:12 PM
I use WinAuth with an enabled RIFT Authenticator to log into Glyph.

Before this latest update, I tested the authenticator's usefulness and entered in a bogus code after entering my password. It worked. (WTF?)

Now, with this update, there appears to be only enough room for 6 digits, when my code from WinAuth gives me 8. I typed the code I got and it worked again. (WTF?)

I'm starting to wonder if the authenticator is actually working or what?

Dedzone
08-29-2014, 07:06 PM
And, go figure, that you cannot log into an alt account from the same comp. as you dont receive an email to setup that second PC. Gee guys, did you even TEST this before you put it out?

Pow
08-29-2014, 10:04 PM
I checked my glyph account on the trionworlds website, but I didn't see anyway to remove PCs from my whitelist. Say I was traveling and whitelisted the IP of my hotel. Could I un-whitelist at the end of my visit?

Cimbal
08-29-2014, 11:57 PM
- deleted -

Enaio
08-30-2014, 03:57 AM
Has anyone actually attempted to log on after receiving the update? Every time my computer attempts to even install the update I get error #5151:5 during it's extraction.

WNxArcticwolf
08-30-2014, 04:03 AM
yes i did and got 2024.

Mabe
08-30-2014, 04:25 AM
Has anyone actually attempted to log on after receiving the update? Every time my computer attempts to even install the update I get error #5151:5 during it's extraction.

Yes.

my account with mobile auth:
Before update: username + pw, then auth... login ok
After update: username + pw, then auth... login ok

gf account with email auth:
Before update: username + pw... login ok
After update: username + pw, then auth... login ok

So it seems to work ok atm...

ps. trying just some random numbers didn't let me pass the auth...

Goros
08-31-2014, 08:06 PM
I got the update and it just removed the box for my authenticator code.

Jim1771
09-02-2014, 01:06 AM
Nothing new here basically the same thing as coin-lock which was created because of security issues caused by Trion when Rift launched years ago.

Alonzo
09-02-2014, 05:39 PM
I enter my password and get: "Authentication failed". I have an authenticator attached but have no way to enter a code. I have gone to the trion website and changed my password and still have the same problem.

Godiex
09-02-2014, 06:01 PM
I enter my password and get: "Authentication failed". I have an authenticator attached but have no way to enter a code. I have gone to the trion website and changed my password and still have the same problem.

http://forums.archeagegame.com/showthread.php?34925-Glyph-Borked

Alonzo
09-02-2014, 06:04 PM
http://forums.archeagegame.com/showthread.php?34925-Glyph-Borked

Thanks, I see they did what I figured out on my own, lol. Well, at least I can log in now.

Scapes
09-02-2014, 06:13 PM
I enter my password and get: "Authentication failed". I have an authenticator attached but have no way to enter a code. I have gone to the trion website and changed my password and still have the same problem.

We've rolled back a change to Glyph which was making the mobile authenticator not work properly. Please try again!