I already posted this in the other thread about the update, but Xhaztol said this in the update notice:
[quote] The new measures aim to more precisely detect suspicious login activity, and add an extra layer of authentication to the login process if an anomaly is found.[/quote]
If I’m understanding correctly, I think they mean that 2FA will only be necessary if they think something’s up with your account.
It does sound like it’ll be annoying for anyone who uses VPNs or plays from multiple locations/devices, though.
I already posted this in the other thread about the update, but Xhaztol said this in the update notice:
Quote:
The new measures aim to more precisely detect suspicious login activity, and add an extra layer of authentication to the login process if an anomaly is found.
If I’m understanding correctly, I think they mean that 2FA will only be necessary if they think something’s up with your account.
It does sound like it’ll be annoying for anyone who uses VPNs or plays from multiple locations/devices, though.
|
aaaaaaaaaaaaaaaa
|
|
Zazz
|
|
Well, as somebody who had to switch phones, and will probably have to update her phone again at some point, I'd rather not have 2fa if it means that logging in under my main account with my main email will result in suspension or banning. I've had to switch from an S7 to an A11. So if I had gotten banned from simply switching my device then, I'd be more then angry. I'd legitimately quit considering you're not allowed another account. It's bonkers to think that if you switch devices for any reason, you'll lose your work on this site. I've been here for nearly five years. I love this site. I love my dragons. But I cannot stand the thought of being falsely suspended or banned if I need to change my phone again. So, I really hope the mods/owners can clarify what they are doing at some point.
Well, as somebody who had to switch phones, and will probably have to update her phone again at some point, I'd rather not have 2fa if it means that logging in under my main account with my main email will result in suspension or banning. I've had to switch from an S7 to an A11. So if I had gotten banned from simply switching my device then, I'd be more then angry. I'd legitimately quit considering you're not allowed another account. It's bonkers to think that if you switch devices for any reason, you'll lose your work on this site. I've been here for nearly five years. I love this site. I love my dragons. But I cannot stand the thought of being falsely suspended or banned if I need to change my phone again. So, I really hope the mods/owners can clarify what they are doing at some point.
For participation in Thursday oof water raffle
I know how absolutely awful it feels to have your account stolen out of no fault of your own and seen time and time again on multiple games I play that passwords alone are not enough. So happy they might be going 2FA as this was a constant worry for me.
I know how absolutely awful it feels to have your account stolen out of no fault of your own and seen time and time again on multiple games I play that passwords alone are not enough. So happy they might be going 2FA as this was a constant worry for me.
» Ping friendly
» Avatar Dragon
|
.................................................................
|
|
If it is something as annoying as 2FA or capchas i hope there is an opt-out.
Honestly not sure why they’re so adamant on a ‘no opt-out’ thing. It should be upto the player to decide how much security they want on their account. I personally have nothing worth hacking, but can understand people with KS items etc would want it.
Makes me even more worried on whether or not devs will mess this up though, especially with their lack of care regarding the accessibility of their coli captcha. This could backfire oh so horribly…
If it is something as annoying as 2FA or capchas i hope there is an opt-out.
Honestly not sure why they’re so adamant on a ‘no opt-out’ thing. It should be upto the player to decide how much security they want on their account. I personally have nothing worth hacking, but can understand people with KS items etc would want it.
Makes me even more worried on whether or not devs will mess this up though, especially with their lack of care regarding the accessibility of their coli captcha. This could backfire oh so horribly…
..……………………...……..….
Suffer more :)
one thing i want more clarification on is; does "will not be opt-in" mean that everyone will have to do it atleast once and then be able to opt out, or that it just isnt something you can choose? the wording is vague but i wonder if it may be the former.
i work directly with 2FA in my job, where i both have to have proper 2FA on a multitude of accounts and services i use, and have to help users of the service get past two layers of 2FA (one is opt-out email 2FA, the other is opt-in authenticator 2FA) and from my experience, the biggest issue for opt-out email 2FA is simply people not playing for a while, their IP cycles, and they trigger off the 2FA. generally, this system does not care if youre on different devices in the same IP, and doesnt even really care if youre in a different IP in the same geolocation (so, general area/city, usually). it also tends to respect if youve authenticated a specific geolocation range before, even if you go back and forth between two wildly different locations (this is often done by people who share accounts on this service, for instance). FR's implementation will obviously different, and some services are pretty notoriously finicky (steam and discord, anyone?) but i have faith they will implement it smartly.
so with that being said, what's being said is true: make sure you have access to the email currently attached to your account. the vast majority of issues i deal with are due to people losing access to these emails, especially college/work emails that they no longer have. i do not think that the devs are going to permanently force 2FA on us, but just for peace of mind, make sure you'll be able to access your email on the day its switched on, even if you need to ask friends or family to assist you. hopefully there will be ways to disable 2FA, if not through your account settings, then through support tickets.
(note: if you know you'll be unable to access your email for any reason, i would prepare some private information from your account, such as your lair stats, treasure/gem quantities, specific unique items you may have, as well as any receipts from gem purchases (on paypal/email/card/etc) incase you need to verify the account belongs to you)
one thing i want more clarification on is; does "will not be opt-in" mean that everyone will have to do it atleast once and then be able to opt out, or that it just isnt something you can choose? the wording is vague but i wonder if it may be the former.
i work directly with 2FA in my job, where i both have to have proper 2FA on a multitude of accounts and services i use, and have to help users of the service get past two layers of 2FA (one is opt-out email 2FA, the other is opt-in authenticator 2FA) and from my experience, the biggest issue for opt-out email 2FA is simply people not playing for a while, their IP cycles, and they trigger off the 2FA. generally, this system does not care if youre on different devices in the same IP, and doesnt even really care if youre in a different IP in the same geolocation (so, general area/city, usually). it also tends to respect if youve authenticated a specific geolocation range before, even if you go back and forth between two wildly different locations (this is often done by people who share accounts on this service, for instance). FR's implementation will obviously different, and some services are pretty notoriously finicky (steam and discord, anyone?) but i have faith they will implement it smartly.
so with that being said, what's being said is true: make sure you have access to the email currently attached to your account. the vast majority of issues i deal with are due to people losing access to these emails, especially college/work emails that they no longer have. i do not think that the devs are going to permanently force 2FA on us, but just for peace of mind, make sure you'll be able to access your email on the day its switched on, even if you need to ask friends or family to assist you. hopefully there will be ways to disable 2FA, if not through your account settings, then through support tickets.
(note: if you know you'll be unable to access your email for any reason, i would prepare some private information from your account, such as your lair stats, treasure/gem quantities, specific unique items you may have, as well as any receipts from gem purchases (on paypal/email/card/etc) incase you need to verify the account belongs to you)
|
-
|
 Ouro : 24 : They/Xey/She
 Lightning Dom Coordinator
 I love pings! I don't bite~
|
-
|
 
|
Good morning, everyone! So I'm going to go ahead and lock this thread. This discussion has wandered down several "what if's" and hypothetical scenarios that don't apply, and is only serving to worry and upset community members.
Before I do though, I want to address the concerns about the type of two factor authentication that's coming soon. [b]The first upcoming security change is strictly email based, which is why [url=https://www1.flightrising.com/forums/frd/3088297#post_3088297]the post is focused[/url] on your registered email address:[/b]
[quote name="Xhaztol" date="2021-12-27 15:24:10" ]
[b]These measures are not opt-in, and will apply to all accounts on Flight Rising, so we urge everyone to take the following steps in the next few days:[/b]
[LIST=1]
[*]If your registered email address is invalid, change it to one that is.
[*]Change the password for your email service to something complex, secure, and not one you use for other accounts or services.
[*]Change your Flight Rising password to something complex, secure, and not one you use for other accounts or services.
[/LIST][/quote]
[b]This upcoming account security update relies on the already existing and primary method of identity verification.[/b] You won't need an additional device, app, or need to submit more personal information. Ensuring your registered email address is one that's secure and that you have reliable access to is something you should already be doing, both in general and going all the way back to 2013 when we opened.
And I'd be remiss to not mention that if your password for your [I]Flight Rising[/I] account is one you've used in the past or currently use for other sites or services, now is a really good time to change it to one that is unique. It's even more important [b]if you're using the same username, email, and password across multiple sites and services.[/b] Please feel free to share this with any inactive players you're still in contact with—even if they aren't interested in playing right now, they may still be interested in maintaining the security of their account.
I hope this helps to address some of your concerns, and if you have any feedback, questions, or concerns you'd like to share with us on account security and options, please feel free to submit them directly to us through [b][url=https://www1.flightrising.com/site/contact-us]Contact Us[/url][/b]. You may not receive a personalized response in reply, but all player feedback on this matter is documented for team review and consideration.
Thank you!
Good morning, everyone! So I'm going to go ahead and lock this thread. This discussion has wandered down several "what if's" and hypothetical scenarios that don't apply, and is only serving to worry and upset community members.
Before I do though, I want to address the concerns about the type of two factor authentication that's coming soon.
The first upcoming security change is strictly email based, which is why the post is focused on your registered email address:
Xhaztol wrote on 2021-12-27 15:24:10:
These measures are not opt-in, and will apply to all accounts on Flight Rising, so we urge everyone to take the following steps in the next few days:
- If your registered email address is invalid, change it to one that is.
- Change the password for your email service to something complex, secure, and not one you use for other accounts or services.
- Change your Flight Rising password to something complex, secure, and not one you use for other accounts or services.
This upcoming account security update relies on the already existing and primary method of identity verification. You won't need an additional device, app, or need to submit more personal information. Ensuring your registered email address is one that's secure and that you have reliable access to is something you should already be doing, both in general and going all the way back to 2013 when we opened.
And I'd be remiss to not mention that if your password for your
Flight Rising account is one you've used in the past or currently use for other sites or services, now is a really good time to change it to one that is unique. It's even more important
if you're using the same username, email, and password across multiple sites and services. Please feel free to share this with any inactive players you're still in contact with—even if they aren't interested in playing right now, they may still be interested in maintaining the security of their account.
I hope this helps to address some of your concerns, and if you have any feedback, questions, or concerns you'd like to share with us on account security and options, please feel free to submit them directly to us through
Contact Us. You may not receive a personalized response in reply, but all player feedback on this matter is documented for team review and consideration.
Thank you!
