2FA (Two Factor Authentication) and it's current status

[Lucidy 21]

As of now I've made multiple posts to mention about 2fa and wondering what happened to it.

About 4 months ago, we had the first Q&A with Matt Scott.  I personally sat down and watched every minute of it, then later I spent numerous times going over the whole VOD. 

^ This is what I am specifically referring to.
There has been no sort of status update on 2FA since this was mentioned in the Q&A. There has been nothing on the admintracker about 2fa, nothing on the forums, nothing in blogposts. (That I have personally seen)

Just recently the blogposts and communication were centered around UE3.5 (If I have missed something please feel free to show me, because I haven't seen nor heard anything upon this subject since then)

Now I'm not gonna say moving to UE3.5 isn't a bad move, but I'm genuinely curious what happened to 2FA and it's status.

This was January 31st 2018, almost 9 months ago. Who is to say this won't happen again without 2fa being added?

Multiple times accounts have been breached on here - most games utilize two factor authentication now (and have been for years)
Account security should be a priority before UE3.5, at least in my personal opinion - especially considering this year there was a serious account breach that even emailed everyone to reset their passwords.

I'm honestly more concerned that people haven't brought this up at all and it has had 0 traction since then. Nobody even I know remembers Matt saying this from the clip, I had to specifically go and clip it just to prove to people - so I have decided to make this thread to bring more awareness to it. Edited September 17, 2018 by Lucidy

[Saxtus 497]

I agree. Let's hope we will get an official answer and not opinions on how LO should prioritize things. 

[Lucidy 21]

Since this is something separate, I'll separate it from my main post.

For anyone who does not know what 2fa is, here is an informational link made by Authy (one of the apps that companies can register their user base's accounts through as an optional second layer of security)
https://authy.com/what-is-2fa/

There are multiple other things used with 2FA, but usually depends on the company to do what they find best.
Multiple examples can differ where Warframe has 2FA via email, Google itself can have 2fa via it's Google Authenticator app, I've personally had 10-15 accounts of mine attached to my Google Auth app now.

Some games even like CS:GO require 2fa to play in their Prime Matchmaking.

Edited September 17, 2018 by Lucidy

[vsb 6171]

while i personally see 2fa as a pointless irritation, i understand the security benefits it offers 

it it is odd that it’s been so rarely mentioned, but it was snuck into the roadmap (albeit very briefly)

edit: https://apbreloaded.gamersfirst.com/2018/06/apb-roadmap.html?m=1

according to the roadmap there’s still an armas visual update and a console update in addition to 2fa, so it’s not like we’re conpletely past orbits eta

 

Edited September 17, 2018 by BXNNXD
link

[Lucidy 21]

10 minutes ago, BXNNXD said:

while i personally see 2fa as a pointless irritation, i understand the security benefits it offers 

it it is odd that it’s been so rarely mentioned, but it was snuck into the roadmap (albeit very briefly)

edit: https://apbreloaded.gamersfirst.com/2018/06/apb-roadmap.html?m=1

according to the roadmap there’s still an armas visual update and a console update in addition to 2fa, so it’s not like we’re conpletely past orbits eta

 

Thank you, I appreciate the link.

I understand where you're coming from that it can be annoying, it's not really good in terms of QOL, but it is objectively just a better thing to have. It personally doesn't bother me, since I prefer to not be worried about my account ever being compromised than being annoyed at putting in a temporary code upon login. Edited September 17, 2018 by Lucidy

[Kevkof 806]

Maybe we could get it as an option, like not a forced 2fa, but just if you want to do it

[NotZombieBiscuit 3146]

This sounds like some sort of scam to allow AI another foot in the door to their eventual singularity and destruction of the human race.

[Saxtus 497]

49 minutes ago, Kevkof said:

Maybe we could get it as an option, like not a forced 2fa, but just if you want to do it

I believe that you can use the Steam login to bypass 2FA.


  Edited September 17, 2018 by Saxtus

[NotZombieBiscuit 3146]

2 minutes ago, Saxtus said:

I believe that you can use the Steam login to bypass 2FA.


 

You shouldn't have your steam connected with APB if you care about your security in the first place.

[឴឴឴឴឴឴឴ 23]

My previous password was like:
b)Fj*Z%<4BgT
Good luck cracking it. 

2FA is needed only for banking accounts, emails and other personal stuff which can get you in REAL trouble in case of leak/crack.
Steam introduced mobile auth in 2015 yet people still getting scammed in 2018 WITH 2FA enabled. 2FA won't magically save you from "hackers" if you're dumb.

[NotZombieBiscuit 3146]

31 minutes ago, ឴឴឴឴឴឴឴ said:

My previous password was like:
b)Fj*Z%<4BgT
Good luck cracking it. 

Give me 200 years with current technology and I could do it.

[Saxtus 497]

1 hour ago, NotZombieBiscuit said:

You shouldn't have your steam connected with APB if you care about your security in the first place.

Please elaborate.

[PHM 167]

bump

[Frosi 722]

I really want this myself. I use 2FA for pretty much every service I use and would love for this to be a thing in APB.

[evilgamer23 3]

stop download spywares ( AKA fake cheats) and you dont will need 2FA

[Saxtus 497]

9 minutes ago, evilgamer23 said:

stop download spywares ( AKA fake cheats) and you dont will need 2FA

[sarcasm]You mean that everybody that got their password reset, after the GamersFirst security breach, had downloaded spyware?
Interesting...[/sarcasm]


  Edited September 17, 2018 by Saxtus

[Dopefish 248]

It's very common that people use the same mail and password across several sites, so if just one of those gets breached, your credentials would become available for every service you used them at. You could try checking this page, and then consider if you've been reusing your login anywhere:
https://haveibeenpwned.com/

Even if you have throw-away mail, and unique password for each account you create online, the regular user doesn't, so any compromised account will take up alot of time and resources for support. APB doesn't even have a multiple attempts lock-out, so it's quite vulnerable for brute force attacks.

[Keshi 436]

5 hours ago, Kevkof said:

Maybe we could get it as an option, like not a forced 2fa, but just if you want to do it

[Puffdragon 131]

I agree with this proposal, it would be nice to incentivize it though like blizzard and steam. Maybe give people a free gun for using it.