Authenticator - in resonse to Elder Scrolls Off The Record #180; mention of Fraud
rabb1t_ESO
✭✭✭
I've always thought it incredibly odd that ESO does not have an iOS (iPhone/iPad/iPod) / Android authenticator. Every other MMO I've ever played has had one and used it for protection. When hearing that ZOS was afraid of Fraud and that's been a big stumbling block for making Crowns giftable, I was like 'wiggidywhuuu?'
I would think that if an Authenticator
- Was required any time a player logged in from a different IP address than normal
- Was required for any new cash purchase (so once a subscription is set up and approved, future monthly re-sub would not require it, but all single transaction things, or new subscriptions would.)
... those two combined would almost completely eliminate every possibility of fraud, would they not? (Yes, this assumes a person choses to bind an authenticator to the account.) If such a thing were in place not only would someone have to steal someone else's login and password information, and the credit card they are going to commit fraud on, but they would also need the physcial device the authenticator is stored on, as well as that devices login.
I've always found it incredibly odd that this has been the only MMO I've played that does not have an authenticator. With somewhere of around 25+ MMOs played off the top of my head, the only time I've ever been hacked was in an MMO which did not have an authenticator option at the time. And honestly I think every online game that releases, not just MMOs, should have authenticator options and such kind of security layers already in place at launch. It kind of boggles my mind one does not exist for ESO.
I would think that if an Authenticator
- Was required any time a player logged in from a different IP address than normal
- Was required for any new cash purchase (so once a subscription is set up and approved, future monthly re-sub would not require it, but all single transaction things, or new subscriptions would.)
... those two combined would almost completely eliminate every possibility of fraud, would they not? (Yes, this assumes a person choses to bind an authenticator to the account.) If such a thing were in place not only would someone have to steal someone else's login and password information, and the credit card they are going to commit fraud on, but they would also need the physcial device the authenticator is stored on, as well as that devices login.
I've always found it incredibly odd that this has been the only MMO I've played that does not have an authenticator. With somewhere of around 25+ MMOs played off the top of my head, the only time I've ever been hacked was in an MMO which did not have an authenticator option at the time. And honestly I think every online game that releases, not just MMOs, should have authenticator options and such kind of security layers already in place at launch. It kind of boggles my mind one does not exist for ESO.
0
-
KhajitFurTrader✭✭✭✭✭
✭✭Well, LOTRO neither has Two Factor Authentication (TFA), nor IP Authorization (like ESO has), and it depends much more heavily on its in-game store than ESO does.
Featuring TFA is an investment; products and services have to be licensed (e.g., with RSA SecurID), so it adds to overall operation costs. While it certainly heightens the security of customers, costs always will have to be balanced against benefits. And while none of us is privy to ZOS's business development plans, it can't be ruled out that we won't get TFA in the future. Maybe it's a matter of request urgency/frequency?
In all my years of playing MMOs, the security of my various accounts has never been compromised, TFA or not (even WoW didn't have TFA from the get-go, and in its early days account theft was rampant). There are a few simple rules:- use a unique password that's used nowhere else
- if possible, use a unique email address that's used exclusively for the creation of one MMO account (above password rule applies here, too)
- never ever give your credentials away
- make sure your credentials aren't taken away from you (e.g., by a compromised system via keyloggers)
0