2FA activation incentive

[16Bitman]

Today Red Text was more or less begging us to activate 2FA

I activated it a while ago to get past the limit of gifting only 8 items through the shop to other players, but that is clearly not enough for most people.

 

So what if DE actually rewarded the players with an item that bothered to activate it?

This would very likely prevent a lot of "my account was hacked!" tickets from support, allowing them to work on other issues faster.

 

The reward for activating really doesn't have to be anything outstanding, but the better it is more people will activate 2FA.

 

Possible rewards:

1x Forma (Just a drop in the bucket on the great amount you need so it wouldn't impact any sales too much)

X Endo (Great for beginners, good for vets, everyone loves that stuff)

[(PSN)guzmantt1977]

2 hours ago, 16Bitman said:

Possible rewards:

Not having your account hacked and losing all your stuff. 

 

Pretty sure that's a good reward. 👍

[16Bitman]

24 minutes ago, (PS4)guzmantt1977 said:

Not having your account hacked and losing all your stuff. 

 

Pretty sure that's a good reward. 👍

Clearly not enough when redtext starts asking us to do it.

This is less about just people having their account secured and more about people not clogging up the support because they couldn't think of anything other than "cheese123" for their passwords.

[Oreades]

Maybe at least making it more clear that it's Email based and not some sort of cellphone thing. Cause I put it off for the longest time because whenever I've seen 2FA in games what they generally mean is link your cellphone info and I don't have a cellphone.... so.....

It wasn't until I was reading through a thread in Players Helping Players that it clicked that it was email based at which point it was a nobrainer. 

[Soki01]

1 hour ago, 16Bitman said:

This is less about just people having their account secured and more about people not clogging up the support because they couldn't think of anything other than "cheese123" for their passwords.

DAMMIT .. im gonna go change my password now b

[(PSN)guzmantt1977]

4 minutes ago, 16Bitman said:

Clearly not enough when redtext starts asking us to do it.

This is less about just people having their account secured and more about people not clogging up the support because they couldn't think of anything other than "cheese123" for their passwords.

Really? Because I have had short but relatively secure ps4 password ( random, non-dictionary, 8-12 characters, letters and numbers, mixed cases) that had been cracked open on a relatively new ps4. 

I used a short one because I didn't enjoy having to use a video game controller to type in a 20-30 character password like I would normally use, and somehow someone got into my account without physical access to the device. Sony was able to reverse the damage because I contacted them about 20 minutes after the start of the activity (and because I never trusted Sony with my credit card so the intruders were limited to the balance in my account and had good records of purchases). 

 

 

[LAWEIT]

before this  without i i can play smoothly without any problem now after i activate it even i enter correct email and pw it says login failed  even i enter code mf i reinstall windows and reinstall game and enter code 1 play that one time only then login fail !!!!! check ...   mf this is headache i think because of this thing and there is no unactivate option bugggg

[pyroxide]

Probably best not to enable this "feature" as it disables access to the game because DE doesn't know how to make these e-mails not look like robot spam.

I'm using Lavabit and I don't get the messages. They don't even get sent to junk e-mail.

E-mail accounts on Microsoft services don't get them either.

So I can't even get into the game until someone from DE decides to check the zendesk and gives me an unhelpful canned response. It will probably be several days before I will be able to log in.

[rune_me]

On 2018-10-12 at 12:17 AM, (PS4)guzmantt1977 said:

Really? Because I have had short but relatively secure ps4 password ( random, non-dictionary, 8-12 characters, letters and numbers, mixed cases) that had been cracked open on a relatively new ps4. 

I used a short one because I didn't enjoy having to use a video game controller to type in a 20-30 character password like I would normally use, and somehow someone got into my account without physical access to the device. Sony was able to reverse the damage because I contacted them about 20 minutes after the start of the activity (and because I never trusted Sony with my credit card so the intruders were limited to the balance in my account and had good records of purchases). 

 

 

Somebody knew your password. a random 12 character password that contains letters, numbers, symbols and mixed case are not going to be cracked by a brute force method.

[(PSN)guzmantt1977]

1 hour ago, rune_me said:

Somebody knew your password. a random 12 character password that contains letters, numbers, symbols and mixed case are not going to be cracked by a brute force method.

No. It was a variation of a password I'd used before but even I had trouble remembering it. So I suppose if there were breaches on services that I used in the past it may have been simpler/faster using that as a starting point. 

And I did specify 8 - 12. I'm not ever going to give exact values. But just so we're clear 8 can be bruteforced in minutes to hours with a typical desktop, and 12 may take years. With greater computing power the time goes down. I don't know if the PlayStation site locks people out after repeated attempts to get into an account. 

I don't know how they got in, but it wasn't directly from me. 

[rune_me]

17 minutes ago, (PS4)guzmantt1977 said:

No. It was a variation of a password I'd used before but even I had trouble remembering it. So I suppose if there were breaches on services that I used in the past it may have been simpler/faster using that as a starting point. 

And I did specify 8 - 12. I'm not ever going to give exact values. But just so we're clear 8 can be bruteforced in minutes to hours with a typical desktop, and 12 may take years. With greater computing power the time goes down. I don't know if the PlayStation site locks people out after repeated attempts to get into an account. 

I don't know how they got in, but it wasn't directly from me. 

Not in minutes on a desktop. If you can make 100 billion attempts a second, it will take you about 19 hours to crack a 8 characters password that contains mixed case, letters, numbers and a symbol. 

But over the internet trying to log in to someone's account, you have a very limited attempts per second, and it'll take thousands of years.

You can check it yourself here: https://www.grc.com/haystack.htm 

Enter a password and it'll calculate the time it'll take for brute force software to crack it under various scenarios. The calculator just assumes normal brute force, though, which is trying every permutation until you get the right one. It doesn't include attempts using dictionary files, so if you are using actual names, dates, dictionary words or common passwords, it's not reliable and you are probably screwed anyway and should change your password ASAP.