anonrerising

Players are complaining about 2FA. Thoughts?

That was my first worry when I saw the post. I haaaate giving out my cell number, drives me crazy that more and more sites are demanding it these days, and schlepping over to email every time I want to log in would be irking as well. Offering extra security options is great, but if someone wants to opt out, understanding that it's consequently on them if they get hacked, that seems pretty fair (especially for what, no offence to FR, is just a goofy playsite for most).

I've also got a crappy phone that can't handle the 'find the stoplights' captchas that are becoming ubiquitous, so if they come to FR, I'm going to be locked out of playing on mobile entirely. (Coli camping, much though it may be derided, is simple by comparison.)

sa

Also, waybacked just in case:
https://web.archive.org/web/20211228084658/https://www1.flightrising.com/forums/frd/3088380

and another thread with complaints/concerns for good measure. (Only doing the first page on both because wayback is slow lately and I'm lazy.)

https://web.archive.org/web/20211228084829/https://www1.flightrising.com/forums/frd/3088307

Really hate the condescending attitude of a lot of people on both threads. 'Aw, you just hate change, nothing to be afraid of, all websites are like this these days, it'll be fine!' People are getting preemptively annoyed because they've had trouble with 2fa on other sites, so they know exactly what's possible - and chilling out until after full implementation and then agitating for change has an even worse track record for success than giving feedback before rollout of new features (not that that's saying much).

Thoughts? WFT if mandatory. I don't want to give some random game site my phone number, there's nothing on here that I want to paranoid-ly protect that much.

If FR requires 2FA i am gone, no site is worth giving out my private phone number, especially since i am in EU and the data protection laws are extremely strict here.

2fa just means a second method used for authentication. phone is a common one but isnt the only one. based on all the info in the news post the 2nd factor will almost certainly be email, considering they tell users to set different passwords for their email and FR account.

also use your brains, people. i highly doubt theyll require phone numbers on a game whose target audience starts with 13 year olds. not everyone has a phone, especially young kids, and the FR devs would have brought up phone 2fa if it would be a future *requirement* for fr.

Do people not understand that not every TFA is phone based? There is no mention anywhere of phone numbers so far, and I doubt that'll be mandatory.

Seems like a odd thing to fuss about when all they asked is to make sure you have a valid email attached.

And personally, with the account being sold for a stimulus check, I think it's overdue to give us a little more security.

I absolutely hate when sites ask me for a mobile number, because I don't have one (well I do, but for emergencies) because I simply cannot really justify the expense.

That said, I *really* doubt that FR wants to be responsible for a bunch of users' numbers. Nor would they want to drive away a portion of their userbase who either cannot use numbers in 2FA or do not WANT to use numbers in 2FA.

And yeah, it does sound like there has been an issue lately with accounts being sold/items being taken, but even if that weren't an issue already? More security (as long as it isn't 'jumping through hoops everytime you want to log in') is always good. Remember the saying 'locking the barn door after the horses have escaped'? That is how most sites handle their security, in my experience, and I would far prefer a site that is proactive in giving security before major issues start popping up.

I actually wasn't aware that it was more than just phone-based since I have never heard of the others! (or at least never heard stuff like that called it, I've gotten emails about "signing in from another device, please verify your account" things before).

I just worry because I don't have a phone at all haha :) And other sites I've been on are pushing the "you should attach a phone number to your account" thing, though it's not required.

Yup. I have a few sites where the 2fa is just a code by email. By definition, 2fa just means there needs to be a third piece of info like a security key. Those verification emails are basically 2fa. Email based ones aren't considered very secure, mind, but it is a thing. If the email is hacked, they have your account.

And I do understand not having a phone. I only have an emergency TracFone personally.

...

There is a user that's actually indirectly admitting to multi accounting in there. "I'd rather not have 2fa if it means that logging in under my main account with my main email will result in suspension or banning" seems a very strange wording to use otherwise.

ngl id love to see if 2fa unintentionally weeds out TOS-breaking activity. im sure the roundsey bot accounts will drop in significance if the people running the bots need to manage 2fa.

Roundsey bots? What are those?

Accounts botting fairgrounds to buy Roundsey tickets. That way they can get the fairgrounds limit in tickets each day, and the possibility of multiple prizes from multiple accounts. There was a bunch of them banned.

oh god in before they add a stupid captcha when you try to play the fairground games lmao

AYRT

https://anonrerising.dreamwidth.org/3013.html?thread=1850053#cmt1850053

was discussed on ARR and SMR over the summer when a string of valuable double/triple roundsey dragons were won by suspected bot accounts

Threads locked and Aequorin confirming it will be email-only, with no additional info (read: phones) requested, so there's that. The codes-by-email method still seems unnecessary and annoying - I'm still in the camp of if you want the extra security great, if you want to save your account-security mental effort for RL crap like bank accounts, that should be an option - but better than getting phones involved. Still hoping they don't do captchas though.

(Does anyone remember if there were security questions in FR's account signup process? I always used to just give nonsense answers to those, since they seem to make things less secure if you're honest, with the reasoning that they're only for password retrieval and I'm good with pw management, so I wouldn't need them. But lots of those old signups now ask the security questions about 'suspicious logins', aka new devices or whatever.)

where did xaz or aeq say they were using codes-by-email? all theyve said is that theyre using email for authentication. it could easily be an email with a straightforward login link.

the leaps in this DW and FR thread are unreal. why does the FR community always make assumptions and then get furiously mad at something that doesn't even exist yet.

Codes by email/links are basically the same thing all's said and done. And in all honesty, codes work easier with certain email services. My hope is a combo of clickable link with the code embedded and a code that could be entered.

Neither is worth the drama.

People, they are trying to protect you, and in all honesty, I'm betting there will be ways to help folks regain account access if someone needs help. They don't want to lock people out of their accounts. They want to make sure there's an account to return to.

Some players are disabled and struggle with 2fa. Did you not read the thread?

ayrt

Like the other anon said, I don't see any practical difference between codes and links - I haven't encountered the latter much, but they're both the same in terms of hassle imo.

In more general terms, there invariably exists speculation, feedback on possibilities, and yes, complaints, because if you wait until after big changes/policies like this are implemented, it's pretty much too late. (Mind, I do understand that in all likelihood it's too late now - we wouldn't be being told to shore up our emails in the 'next few days' if the coding weren't almost ready to go on the site's end, and moreover the devs are going to do what they want whether people like it or not...which isn't unreasonable, because hey, their site.

But neither is there anything unreasonable about civilly expressing opinions/concerns about how all this may impact your use of FR. (And from what I saw, most if not all of those posts were from people who've had genuine problems with various types of 2fa on other sites, unless you think those are all just fairy stories being invented for scaremongering purposes.

The vein of '2fa isn't a big deal because I never have an issue with it' smugness, on the other hand, strikes me as a bit impolite towards those who have detailed exactly why there might be issues - whether due to disabilities, devices, mail providers, IPs, etc.

I may never have had issues with 2fa, other than a Uplay account getting hacked and adding it once, but I know it's a thing.

But FR needed to do something, and it's a damned if you do, damned if you don't area.

Also, that locked thread was not going to stay civil. It already was going into wierd speculation and bickering.

Does anyone know if FR still has issues with outlook/hotmail? I'd assume not if they're deciding to roll this out, but. You know.

Welp, I guess we know why the staff were suddenly interested in more security for the site now.

https://web.archive.org/web/20211229021747/https://www1.flightrising.com/forums/frd/3088822

Kind of annoying that the site is in maintenance mode for so long, but at least they're extending NOTN to compensate.

BINGO

https://www1.flightrising.com/forums/frd/3088380/1

Re: https://www1.flightrising.com/forums/frd/3088380/1

Re: https://www1.flightrising.com/forums/frd/3088380/1

Re: https://www1.flightrising.com/forums/frd/3088380/1

Re: https://www1.flightrising.com/forums/frd/3088380/1

Re: https://www1.flightrising.com/forums/frd/3088380/1

Re: https://www1.flightrising.com/forums/frd/3088380/1

Re: https://www1.flightrising.com/forums/frd/3088380/1

Re: https://www1.flightrising.com/forums/frd/3088380/1

Re: https://www1.flightrising.com/forums/frd/3088380/1

Re: https://www1.flightrising.com/forums/frd/3088380/1

Re: https://www1.flightrising.com/forums/frd/3088380/1

Re: https://www1.flightrising.com/forums/frd/3088380/1

Re: https://www1.flightrising.com/forums/frd/3088380/1

Re: https://www1.flightrising.com/forums/frd/3088380/1

Re: https://www1.flightrising.com/forums/frd/3088380/1

Re: https://www1.flightrising.com/forums/frd/3088380/1

Re: https://www1.flightrising.com/forums/frd/3088380/1

Re: https://www1.flightrising.com/forums/frd/3088380/1

Re: https://www1.flightrising.com/forums/frd/3088380/1

Re: https://www1.flightrising.com/forums/frd/3088380/1

The anon that replied before

Re: https://www1.flightrising.com/forums/frd/3088380/1

Re: https://www1.flightrising.com/forums/frd/3088380/1