Nasomi Community FFXI Server
https://na.nasomi.com/forum/

Feature Request: 2FA (Google Auth, Yubikey, whatever)
https://na.nasomi.com/forum/viewtopic.php?f=6&t=8238		 Page 1 of 1
Author:  cthalupa [ Thu Jan 03, 2019 4:13 pm ]
Post subject:  Feature Request: 2FA (Google Auth, Yubikey, whatever)
This was available back on retail, and basically all modern MMOs offer it.

I've not worked with the Nasomi codebase, obviously, or even with DSP from before they diverged, but I have worked on multiple auth systems of varying types over the years, and have found google auth to be incredibly easy to add as an option for people.

With the blast radius of having an account hacked being so large in FFXI, with multiple jobs, all of the non-ex items, etc., two factor authentication seems like something I imagine a large part of the community would embrace.
Author:  Wolffhardt [ Thu Jan 03, 2019 4:25 pm ]
Post subject:  Re: Feature Request: 2FA (Google Auth, Yubikey, whatever)
I'd agree if Nas determines that anyone is actually "hacking" any accounts at all.
Author:  Murdocksiren [ Thu Jan 03, 2019 5:40 pm ]
Post subject:  Re: Feature Request: 2FA (Google Auth, Yubikey, whatever)
Wolffhardt wrote:
I'd agree if Nas determines that anyone is actually "hacking" any accounts at all.


Pretty much just rumors at this point.
Author:  Wolffhardt [ Thu Jan 03, 2019 6:11 pm ]
Post subject:  Re: Feature Request: 2FA (Google Auth, Yubikey, whatever)
More or less. I'd think Nas would do something if people were being hacked all that much. I just also think Nas will never mention it at all if he reviews them and finds they most likely weren't hacked.. Leaving us all a bit in the dark on the rumors.
Author:  Murdocksiren [ Thu Jan 03, 2019 6:44 pm ]
Post subject:  Re: Feature Request: 2FA (Google Auth, Yubikey, whatever)
Wolffhardt wrote:
More or less. I'd think Nas would do something if people were being hacked all that much. I just also think Nas will never mention it at all if he reviews them and finds they most likely weren't hacked.. Leaving us all a bit in the dark on the rumors.


We might get a cryptic system message about it, that would probably be all.
Author:  Nabutso [ Thu Jan 03, 2019 6:49 pm ]
Post subject:  Re: Feature Request: 2FA (Google Auth, Yubikey, whatever)
Nas is working on making the login system more secure, but if you're worried about security in the mean time, make sure you have a sufficiently long and also non-obvious password.

The client allows for passwords 16 characters in length. The forums, up to 100. If your password is "password", change it.

In fact, if you're having trouble with the account page today, it's because he's working on it. Tell your friends if they have trouble too.
Author:  Murdocksiren [ Thu Jan 03, 2019 8:00 pm ]
Post subject:  Re: Feature Request: 2FA (Google Auth, Yubikey, whatever)
Nas just posted this on FB.

"We have implemented brute force protection for the account page at nasomi.com and assessing the impact it may have had."

I guess something really did happen.
Author:  cthalupa [ Fri Jan 04, 2019 3:24 am ]
Post subject:  Re: Feature Request: 2FA (Google Auth, Yubikey, whatever)
Nabutso wrote:
Nas is working on making the login system more secure, but if you're worried about security in the mean time, make sure you have a sufficiently long and also non-obvious password.

The client allows for passwords 16 characters in length. The forums, up to 100. If your password is "password", change it.

In fact, if you're having trouble with the account page today, it's because he's working on it. Tell your friends if they have trouble too.

Brute force protection is a start, but it really just slows things down, or forces people to be more sophisticated.

2FA is one of the single biggest ROIs for securing things, so I would hope it is something that is at least evaluated as an option.
Page 1 of 1 All times are UTC
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/