What's new

Two Factor Authentication

Sparkle

Administrator
Staff member
Administrator
Two Factor Authentication is added!!!
Guide in English can be found below.
Guide in Portuguese follow the
LINK.
Guide in Spanish follow the
LINK.
Guide in Chinese follow the
LINK.

What is it?
Two Factor Authentication, or 2FA, is an extra layer of protection used to ensure the security of online accounts beyond just a username and password.

How will it work?
Right now all accounts are set to "Inactive". Inactive status will remain for 1 month. During that time you need to access your Account Panel and choose to Enable or Disable the 2FA. For it press “Toggle” button then enter a code from your e-mail.

8.png
-->
1.png
-->
2.png


Important!
If you don’t change status from Inactive during 1 month from now, it will be automatically changed to “Enable” in 1 month.
For new accounts created starting from now (3/14/2023 11:00 am) 2FA will be auto-enabled!


What should I do, if I lost access to my e-mail?
During this 1 month you can submit a ticket and request your status to be changed to Disable. That way you’ll not need to go through additional e-mail verification each time you access website or game from a new location (IP subnet/PC).

If you choose to Enable the 2FA, each time you access the website or game from a new location (IP subnet/PC) you’ll need to go through e-mail verification.

How you’ll see it if you access the game from a new location:

3.png
-->
4.png
-->
5.png


How you’ll see it if you access the website from a new location:

7.png
-->
4.png
-->
5.png


What should I do if 1 month passed, I forgot to change it and it was auto-enabled?
If you miss 1 month period and your account 2FA is auto-enabled, you can still Disable it later through your Account Panel and e-mail verification.
Note: In case, you lost access to your e-mail and can’t Disable it yourself, contact us for manual account verification and disabling 2FA.​
 
Last edited:
Would it be possible to add a 2FA key system so it can be connected to authenticators? I like 2FA, but 2FA through my email isn't what I'd be looking for. I.e. authenticators being such as: GOogle authenticator, microsoft, Okta, etc.
 
Currently it will stay this way it’s now. Possibly will be reworked later.
 
What about all the players who do not have access to their email anymore? Because I have seen people trying to change their emails for their accounts due to them being compromised/old/password being lost, while it's not possible at all.

Edit: nvm I didn't read the footnote. Sad to see emails still cant be changed. F2A then useless for these players, too bad not the entire playerbase can make use of this.
 
Currently it will stay this way it’s now. Possibly will be reworked later.
I'd look into fixing it now, as this isnt 2FA. This is as easily compromisable as just getting your password stolen. A login token from an authenticator is a very good and safe option, and can be done relatively easily. And honestly speaking, this is also an issue that companies give a choice for a user to use said 2FA, changing it to where it automatically is on will prove to be frustrating for the user. Which is why websites don't do 2FA this way, as its extremely stupid and forceful. Give people the choice to use not, not force it in them.
 
I'd look into fixing it now, as this isnt 2FA. This is as easily compromisable as just getting your password stolen. A login token from an authenticator is a very good and safe option, and can be done relatively easily. And honestly speaking, this is also an issue that companies give a choice for a user to use said 2FA, changing it to where it automatically is on will prove to be frustrating for the user. Which is why websites don't do 2FA this way, as its extremely stupid and forceful. Give people the choice to use not, not force it in them.
i agree with this part, even if its manual email changing, a 2FA app its better
 
i rly dont see any problems with this. if you dont want it turn it off and everything is the way it was before. If you think you password could be stolen enable it, if you think you are safe disable it.

If you lost the email access just write the support about it and they will disable it for y. Dont know why this makes so many people upset.
Its still a private Server so there could be a Problem with official Auth Token generaters. Same as for donations.

Edit: If you are the real owner of the Account shouldnt be a Problem to remember the Email Name ;) otherwise we all know how people got the account^^
 
Last edited:
i really don't see any problems with this. if you don't want it turn it off and everything is the way it was before. If you think you password could be stolen enable it, if you think you are safe disable it.

If you lost the email access just write the support about it and they will disable it for y. Don't know why this makes so many people upset.
Its still a private Server so there could be a Problem with official Auth Token generaters. Same as for donations.

Edit: If you are the real owner of the Account shouldn't be a Problem to remember the Email Name ;) otherwise we all know how people got the account^^
I'm thinking it's because they will need to open 2 tabs,
Game account one tab and Email in the 2nd tab,
copy from that one, flip tabs, paste into the other, then close 2nd tab
I've physically seen folks close both tabs and have to start again ( on a different topic however same step thing though lol)
 
I would suggest to change the wording to "Enabled" and "Disabled" to clear any confusion that some (like me :p) may have on the current status of 2FA.
 
Back
Top