2FA Questions and Feedback

[(PSN)Viveeeh]

Merged topics are confusing...

[(NSW)Sniperfox47]

2 hours ago, VenomousValentine said:

LMAO Mods actually renamed my thread from "Down with 2FA" to "2FA question". I guess protesting a feature you don't want to be mandatory is subject to censorship.

They didn't rename it, it's the name of the thread they merged yours into. Your comment is just still the OP because your comments were made first. They merged a number of threads into this one, mostly to try and cut down the clutter of different threads I'd assume. They did the same thing with many of the Nightwave topics.

[Syrtica]

6 hours ago, (PS4)Schobii564 said:

How does finding your phone number help them whatsoever when they also need your physical phone then?

I think SMS 2FA is considered insecure (compared to other multi-factor auth methods). The two weaknesses I'm aware of are 1) having enough info on the account holder to convince the provider to move the phone number to a new device, and 2) SS7 vulnerabilities. Either one would allow someone to get an SMS 2FA code without actually having your device. If you google "intercepting sms 2fa verification codes", there are a ton of articles.

Doesn't mean I'm agreeing with the idea that SMS 2FA is worse than no 2FA; it's definitely better than nothing.

[Mooncakeru]

vor 4 Stunden schrieb Ham_Grenabe:

I don't know - I enabled 2FA, got the Fae Path ephemera upon login and all that - but never got prompted for a code to login. It just logged in as usual.

However, I think it's just once per computer you use. 

same... are you still able to trade? Haven't had the chance to try yet.

[Ham_Grenabe]

Just now, caitbubble said:

same... are you still able to trade? Haven't had the chance to try yet.

I haven't made the attempt yet either, so I'll see how it goes tonight.

[MagPrime]

4 hours ago, (PS4)thowed said:

Do you have to get an email code every time you wanna login?

No.  Right now, this is for PC only though, so you wont have to worry about it for awhile.

But, when you enable 2FA, you get 1 email with a short code the first time you log in from your usual system, then never again, unless you log in from an unknown system, then you get another code and never again, on that system.

[(NSW)Sniperfox47]

1 minute ago, MagPrime said:

No.  Right now, this is for PC only though, so you wont have to worry about it for awhile.

But, when you enable 2FA, you get 1 email with a short code the first time you log in from your usual system, then never again, unless you log in from an unknown system, then you get another code and never again, on that system.

Still really hoping for OAUTH support and an *option* to require a code at every login though...

[(NSW)Sniperfox47]

28 minutes ago, Syrtica said:

I think SMS 2FA is considered insecure (compared to other multi-factor auth methods). The two weaknesses I'm aware of are 1) having enough info on the account holder to convince the provider to move the phone number to a new device, and 2) SS7 vulnerabilities. Either one would allow someone to get an SMS 2FA code without actually having your device. If you google "intercepting sms 2fa verification codes", there are a ton of articles.

Doesn't mean I'm agreeing with the idea that SMS 2FA is worse than no 2FA; it's definitely better than nothing.

OAUTH based TMAC or HMAC would really be the best solution though. Hope they add support down the road.

[(PSN)thowed]

35 minutes ago, MagPrime said:

No.  Right now, this is for PC only though, so you wont have to worry about it for awhile.

But, when you enable 2FA, you get 1 email with a short code the first time you log in from your usual system, then never again, unless you log in from an unknown system, then you get another code and never again, on that system.

Oh ok that's what I figured.  Then I questioned it because of the way people are carrying on in other topics.  Just wanted to be sure so I know what to expect.  Thanks.

[MagPrime]

1 minute ago, (PS4)thowed said:

Oh ok that's what I figured.  Then I questioned it because of the way people are carrying on in other topics.  Just wanted to be sure so I know what to expect.  Thanks.

This should help - https://www.warframe.com/2fa-faq

[MagPrime]

4 hours ago, VenomousValentine said:

Except DE #*!%ed up again and gave EVERYONE the ephemera regardless of authenticating.

I, nor some of my clanmates, received the ephemera until we enabled 2FA, and we have all been playing years before it was a thing. 

[BlackRoseAngel]

This is the same crap that Steam pulls and I'm not having it!!!

I do not want to have to go find my phone (which is currently broken) every time I want to log in! Two-Factor Authorization does NOT increase security it just makes play more of a hassle!

fun!!! 😡😠😡

[K4RN4]

6 minutes ago, BlackRoseAngel said:

I do not want to have to go find my phone (which is currently broken) every time I want to log in! Two-Factor Authorization does NOT increase security it just makes play more of a hassle!

But that is not how it works. It's no hassle at all.

[peterc3]

5 minutes ago, BlackRoseAngel said:

I do not want to have to go find my phone (which is currently broken) every time I want to log in!

It happens once and every time you log in from a new location, if that.

You'll survive this vicious assault on the 15 seconds it takes you to open your email once.

[BlackRoseAngel]

Fine, don't believe me.

I've seen what happens when other services start this crap.

[seprent]

8 minutes ago, BlackRoseAngel said:

I do not want to have to go find my phone

didnt need my phone my email on my computer worked just fine 

[MagPrime]

1 hour ago, BlackRoseAngel said:

This is the same crap that Steam pulls and I'm not having it!!!

I do not want to have to go find my phone (which is currently broken) every time I want to log in! Two-Factor Authorization does NOT increase security it just makes play more of a hassle!

fun!!! 😡😠😡

Yeeeeah, it'd be nice if you read what was involved before getting upset.  Hek, even reading the other pages of this thread would be a start.

 

[Ham_Grenabe]

9 hours ago, caitbubble said:

same... are you still able to trade? Haven't had the chance to try yet.

Late to answer, but yes - although I never was prompted for a 2FA code, I can trade, so the system apparently registers 2FA as active. 

[Demonblooded]

Not the 2FA dumpsterfire I expected it to be. Still irritating in the same manner as having a breathalyzer installed on your car that needs used any time you have your vehicle worked on.

Edited May 25, 2019 by Demonblooded

[VastarisThePhoenixKing]

ive tried all this nothing happened and i cant use trading station anymore when ive already enabled the 2FA

 

Edited May 26, 2019 by BoomBoom370

[MagPrime]

3 hours ago, BoomBoom370 said:

ive tried all this nothing happened and i cant use trading station anymore when ive already enabled the 2FA

 

Time to contact Support then.

 

 

[Orsome]

10 minutes ago, MagPrime said:

There are links to all current news posts in game, you just have to put in the effort to click on them. 

 

And on that news post there was never any warning about being locked out of in game content, that's my point! Why not?

[Cosmic_Elf]

On 2019-05-23 at 10:05 PM, Orsome said:

I'm not denying or even questioning the extra security 2FA adds. What I am annoyed about is having content in the game blocked until I "voluntarily" enable 2FA. That is simply not right! I have no problem with the principle of 2FA, I have a problem with how they blocked me trading because they added a feature. 

EDIT - forgot to add, that I couldn't trade until I relogged... so I am just lucky I managed to get that trader to wait.

I agree with you there , as I feel the same way.. but DE probably encountered players who abused the Trade/Plat system thus making it mandatory for players who have to Trade to get something to get 2FA setup. The reason why I never had 2FA enabled was because it makes things awkward when you have more than one computer and when traveling, like say visiting mumsy and dadsy in another country for the holidays, so you bring your laptop and play on that while your usual gaming desktop machine stays at home, which you usually play the game on, or when your existing gaming PC dies, and need to buy/build a new PC. I think the people who exploited Trade are truly the ones to blame , not DE, as they just tried to keep things fair as possible instead of ending Trade altogether where rare/exclusive frames and weapons are obtained with real money only. I personally don't use Trade much only when farming a part of a warframe or weapon becomes more tedious than Trade itself, and not having this second option in-game when RNGesus hates you for the week would be. a pain. Also I can "gift" friends with rare mods/parts I piled up for the  junk they collected, just so they can have the mod they asked for in trading. 

[ABalazs]

...into 2 factor authentication such a rude way? I mean if the game wants me to do something, it could just ask. I can't miss when I have a platinum discount, the game rubs it into my face hard, but I had to interrupt a good trade opportunity because there were no in game hint about 2fa became mandatory, besides blocking me from using the trading post. Please ask me DE, if I am an annoyed customer.

[krc473]

Just now, ABalazs said:

Please ask me DE, if I am an annoyed customer.

Why would DE care?

 

It should be on the news stand. It should have been announced there prior to being released. A mail should have been sent to every single player telling them about the requirement. None of this happened.