How to enable Two-Factor Authentication

[[DE]Danielle]

We take account and game security very seriously and are constantly working to improve it. To protect your account we highly suggest you enable Two-Factor Authentication! Here's how (images included in spoilers): 

1. To enable Two-Factor Authentication, go to Warframe.com and select “Account Management” from the menu beside your account name (log in if necessary). 
   Spoiler

   

2. On your account management page, you should see the option to enable Two-Factor Authentication.
   Spoiler

   

3. You’ll receive an email with a link to confirm. Click the link, and you’re all set!
    

How does it work?

Upon first login after activation, Warframe generates and emails you a code that you will need to enter before you log in. The code changes every few minutes and can be used only once. This process will need to be repeated on every PC you will use to play Warframe. It is therefore very important that you use a valid and trustworthy email address. Please also know that future email changes can only be made while you still have access to your email address. 

Learn about other ways you can keep your account safe here: https://digitalextremes.zendesk.com/hc/en-us/articles/200287080-Account-Security

[Imaru]

I thought this went live a few months ago... What prompted this?

[[DE]Danielle]

13 minutes ago, Imaru said:

I thought this went live a few months ago... What prompted this?

It did! We just never left a permanent thread up that people can reach. The recent changes to gifting in Update 19.2.0 prompted us to re-post the instructions: 

Quote

In preparation for our upcoming holiday campaign, we have increased the number of gifts you can send with Two-Factor Authentication (2FA) enabled. You must also be Mastery Rank 2 or higher to send gifts. The higher your Mastery Rank the more gifts can be sent (similar to max trades per day). However, if you do not have 2FA enabled, the minimum requirement to send gifts is Mastery Rank 8. 

• How to enable Two-Factor Authentication: https://forums.warframe.com/topic/728468-how-to-enable-two-factor-authentication/

 

[Galatea]

Always very good to have this info posted, thank you!  ♥

[General_Durandal]

So, what does this do?

[(XBOX)DarkHart1]

Is this only for PC players?

I'm an XB1 user & when I login I don't get that option.

[Imaru]

2 hours ago, General_Durandal said:

So, what does this do?

Now if you log in from a device for the fist time (if you have 2fa enabled) it will send an email to the email address associated with the account. The new device won't be able to be used until a code in that email is entered into the game. 

 

Basically it makes it so you need the account's password and the email password to get in. 

[JakeyPrime]

I am beyond happy that this is now a feature. 2 factor is something I've been hoping for on my Warframe account for years. I'd rather lose my credit card than lose access to my Warframe account!

[Shadbehemoth]

Could you please add a QR code to the email to allow us to use the Google Authenticator app? 

 

[ReaverKane]

18 minutes ago, Shadbehemoth said:

Could you please add a QR code to the email to allow us to use the Google Authenticator app? 

 

Yeah, authenticator would be preferable to e-mail. For one wouldn't have to wait for the message to be sent, for another wouldn't need to alt+tab.

[Vasala]

Ya I would rather have an authenticator to use rather than an email since that leaves us vulnerable if something happens to the email address. Though my preference is a physical authenticator like I have for WoW and FFXIV.

 

[Alaknar]

Guys, come on... That's the laziest and the least secure implementation of 2FA I've ever witnessed.

The whole point of that system is to require, well, two factors to authenticate a user. This is better than nothing I guess, but if someone compromises a Warframe account (therefore obtains the email address and password used in registration), there's a very high chance they'll at the same time have the credentials for that email - people re-use passwords A LOT.

Is there any reason behind not implementing application based (like Authy, Google or Microsoft Authenticator or others) authentication? On top of being easier to set up for the users (just scan the QR code, done) it offers MUCH more protection.

[oroqi]

Is there a way to get the code  with google authentication app using in my smartphone and make it capable to enable or disable every time we want?

[dbugz]

Hi. Good day.

I just found this thread so I'm posting here instead the questions I raised in one of the Chimera patch threads.

I have a couple of questions for DE regarding 2 Factor Authentication (2FA):

1. Will 2FA be required/mandatory when the Fortuna update is released?
2. Will 2FA be required for Steam-linked accounts? Steam already has the option of 2FA.
3. If 2FA is enabled, then is there a way to disable it?
   Most game and online services have the option to disable 2FA after it is enabled. I've did some searching onilne and found numerous threads about Warframe's 2FA being permanent with no option of being disabled even after contacting your support - this effectively locks a player out of their account should they lose access to the initial email address used. I've also seen threads that mention that since 2FA sends the code via email, there are cases where it is delayed thus the code itself is already expired upon use.

Additionally, as many others have pointed out - why not implement 2FA integration with existing providers such as Google, etc?

I do appreciate the intent of implementing 2FA for securing our player accounts. However, I am concerned that any outstanding issues with its implementation will actually be detrimental to the players who have it enabled.

I hope for responses to the above mentioned concerns, and that we players are provided adequate and clear information regarding its implementation of 2 Factor Authentication.

Cheers.

[Classic-heboi]

Can you put two-factor on mobile please, DE has Warframe on mobile why not put on?

[Makura_San]

How to disable this option?

There is only one way to turn it on, but not off.