[quote name="Sonyei" date="2021-12-27 20:50:17" ]
[quote name="Lutnik" date="2021-12-27 20:04:25" ]
Genuinely really confused why people are mad or scared about this. Almost every site has a 2FA system of some kind. I don't think they're that difficult to deal with.
[/quote]
It's change, I guess. Personally, the only additional security system they could feasibly put into place that would aggravate me to no end is more CAPTCHAs. My vision isn't even that bad and the Coli one makes me go cross-eyed and have to look away on particularly offensive shots. I absolutely loathe its implementation on this site.
[/quote]
2fa isnt always safer either. Even if you do have 2fa, you can still lose your account if your 2fa is simply an email you use the same password on it anyway or if it was in a breach with a different password. Someone gets in and that is it. And all this does is force those who take care of their passwords and accounts to have more stuff to worry about and cause more inconvenience in the long run.
They say when it comes to business vs security, you have to find that middle line. If something is too secure, it is going to slow down business, cause end users issues, and provide a lot of blockers for day to day activity. On the other hand, if you are not secure enough, youll get breaches and exfil data.
Using 2fa, when done correctly, can help with security, but expecting an already insecure user to have proper security on their email when they "dont" on their petsite account is a stretch in and of itself. Even then, if someone gets into the email, they can just reset the FR account as it is.
Not even phone 2fa is that safe. SIM cards can get stolen by calling into providers, etc. It isn't that hard to even social engineer a burnt out support provider for some phone company.
Edit: Typo
Sonyei wrote on 2021-12-27 20:50:17:
Lutnik wrote on 2021-12-27 20:04:25:
Genuinely really confused why people are mad or scared about this. Almost every site has a 2FA system of some kind. I don't think they're that difficult to deal with.
It's change, I guess. Personally, the only additional security system they could feasibly put into place that would aggravate me to no end is more CAPTCHAs. My vision isn't even that bad and the Coli one makes me go cross-eyed and have to look away on particularly offensive shots. I absolutely loathe its implementation on this site.
2fa isnt always safer either. Even if you do have 2fa, you can still lose your account if your 2fa is simply an email you use the same password on it anyway or if it was in a breach with a different password. Someone gets in and that is it. And all this does is force those who take care of their passwords and accounts to have more stuff to worry about and cause more inconvenience in the long run.
They say when it comes to business vs security, you have to find that middle line. If something is too secure, it is going to slow down business, cause end users issues, and provide a lot of blockers for day to day activity. On the other hand, if you are not secure enough, youll get breaches and exfil data.
Using 2fa, when done correctly, can help with security, but expecting an already insecure user to have proper security on their email when they "dont" on their petsite account is a stretch in and of itself. Even then, if someone gets into the email, they can just reset the FR account as it is.
Not even phone 2fa is that safe. SIM cards can get stolen by calling into providers, etc. It isn't that hard to even social engineer a burnt out support provider for some phone company.
Edit: Typo
[quote name="@Lutnik" date="2021-12-27 20:04:25" ]
Genuinely really confused why people are mad or scared about this. Almost every site has a 2FA system of some kind. I don't think they're that difficult to deal with.
[/quote]
People (sadly) prefer comfort over safety.
@
Lutnik wrote on 2021-12-27 20:04:25:
Genuinely really confused why people are mad or scared about this. Almost every site has a 2FA system of some kind. I don't think they're that difficult to deal with.
People (sadly) prefer comfort over safety.
Well, I hope they lock this thread too because its also full of baseless paranoia and speculation lol. If not, please go read
the admin response to this feedback from the other thread.
Well, I hope they lock this thread too because its also full of baseless paranoia and speculation lol. If not, please go read
the admin response to this feedback from the other thread.
I still got my WoW authenticator from like.. 12 years ago lol I want an FR authenticator.
I still got my WoW authenticator from like.. 12 years ago lol I want an FR authenticator.
Hello everyone, given the nature of the speculation in this thread, I'm going to go ahead and lock this one, too. [b][url=https://www1.flightrising.com/forums/frd/3088380/7#post_49888398]My response from the other security update thread:[/url][/b]
[quote name="Aequorin" date="2021-12-28 06:15:56" ]
Good morning, everyone! So I'm going to go ahead and lock this thread. This discussion has wandered down several "what if's" and hypothetical scenarios that don't apply, and is only serving to worry and upset community members.
Before I do though, I want to address the concerns about the type of two factor authentication that's coming soon. [b]The first upcoming security change is strictly email based, which is why [url=https://www1.flightrising.com/forums/frd/3088297#post_3088297]the post is focused[/url] on your registered email address:[/b]
[quote name="Xhaztol" date="2021-12-27 15:24:10" ]
[b]These measures are not opt-in, and will apply to all accounts on Flight Rising, so we urge everyone to take the following steps in the next few days:[/b]
[LIST=1]
[*]If your registered email address is invalid, change it to one that is.
[*]Change the password for your email service to something complex, secure, and not one you use for other accounts or services.
[*]Change your Flight Rising password to something complex, secure, and not one you use for other accounts or services.
[/LIST][/quote]
[b]This upcoming account security update relies on the already existing and primary method of identity verification.[/b] You won't need an additional device, app, or need to submit more personal information. Ensuring your registered email address is one that's secure and that you have reliable access to is something you should already be doing, both in general and going all the way back to 2013 when we opened.
And I'd be remiss to not mention that if your password for your [I]Flight Rising[/I] account is one you've used in the past or currently use for other sites or services, now is a really good time to change it to one that is unique. It's even more important [b]if you're using the same username, email, and password across multiple sites and services.[/b] Please feel free to share this with any inactive players you're still in contact with—even if they aren't interested in playing right now, they may still be interested in maintaining the security of their account.
I hope this helps to address some of your concerns, and if you have any feedback, questions, or concerns you'd like to share with us on account security and options, please feel free to submit them directly to us through [b][url=https://www1.flightrising.com/site/contact-us]Contact Us[/url][/b]. You may not receive a personalized response in reply, but all player feedback on this matter is documented for team review and consideration.
Thank you!
[/quote]
Hello everyone, given the nature of the speculation in this thread, I'm going to go ahead and lock this one, too.
My response from the other security update thread:
Aequorin wrote on 2021-12-28 06:15:56:
Good morning, everyone! So I'm going to go ahead and lock this thread. This discussion has wandered down several "what if's" and hypothetical scenarios that don't apply, and is only serving to worry and upset community members.
Before I do though, I want to address the concerns about the type of two factor authentication that's coming soon.
The first upcoming security change is strictly email based, which is why the post is focused on your registered email address:
Xhaztol wrote on 2021-12-27 15:24:10:
These measures are not opt-in, and will apply to all accounts on Flight Rising, so we urge everyone to take the following steps in the next few days:
- If your registered email address is invalid, change it to one that is.
- Change the password for your email service to something complex, secure, and not one you use for other accounts or services.
- Change your Flight Rising password to something complex, secure, and not one you use for other accounts or services.
This upcoming account security update relies on the already existing and primary method of identity verification. You won't need an additional device, app, or need to submit more personal information. Ensuring your registered email address is one that's secure and that you have reliable access to is something you should already be doing, both in general and going all the way back to 2013 when we opened.
And I'd be remiss to not mention that if your password for your
Flight Rising account is one you've used in the past or currently use for other sites or services, now is a really good time to change it to one that is unique. It's even more important
if you're using the same username, email, and password across multiple sites and services. Please feel free to share this with any inactive players you're still in contact with—even if they aren't interested in playing right now, they may still be interested in maintaining the security of their account.
I hope this helps to address some of your concerns, and if you have any feedback, questions, or concerns you'd like to share with us on account security and options, please feel free to submit them directly to us through
Contact Us. You may not receive a personalized response in reply, but all player feedback on this matter is documented for team review and consideration.
Thank you!
