Should Zeni have an authenticator?

arena25

Since not everyone may keep their account as secure as they should, and since almost every other game studio encourages (and even offers an incentive for) adding an authenticator to one's game account...should Zeni add the ability to enable account authentication measures (either through an SMS text message/phone call or by a mobile app)? And if so, should Zeni add an in-game incentive for those choosing to add authentication measures to protect their account? Note that I am making this a private poll.

arena25

Voting on my own poll...

Yes, Zeni should add an authenticator, but let's leave the in-game incentives out of this. If I wanted in-game incentives, I'd sign up again for ESO Plus.

gronkdamage

They have authentication - so why do they need something else? Could it be better? sure, maybe - but what about when you have different accounts.

Reverb

They semi-have MFA, requiring email verification when login is attempted on a client not previously associated with your account. Short of full dual-factor authentication on every login, what are you thinking is needed?

arena25

gronkdamage wrote: »

They have authentication - so why do they need something else? Could it be better? sure, maybe - but what about when you have different accounts.

Problem is that we can't just be sending email messages with a one-time code to players every time they log-in. Almost everyone has a cell phone (and if they don't have a cell phone or can't afford one, why are you even playing video games in the first place), and since email accounts can be deleted upon job changes or otherwise compromised via other manners, why not add a mobile authenticator.

Also, inb4 the "I don't want to buy a smartphone" comments come in...you don't need a smartphone to do SMS text messages/phone calls. Flip phones still exist, heck, my own mother still uses a flip phone, and will be getting a new flip phone here very soon. Anyone that is "too young to get a cell phone" or is outright "I refuse to get a phone for X reason" are probably the same individuals we don't want playing video games cos the same excuses they give for not getting a cell phone are likely the same excuses we can apply to why they should not be playing video games.

gronkdamage

arena25 wrote: »

Problem is that we can't just be sending email messages with a one-time code to players every time they log-in.

It doesn't - only the first time it doesn't recognize the hardware.

arena25 wrote: »

Almost everyone has a cell phone (and if they don't have a cell phone or can't afford one, why are you even playing video games in the first place), and since email accounts can be deleted upon job changes or otherwise compromised via other manners, why not add a mobile authenticator.

I said it could be better - but why waste resources.

And I have a problem with that first comment. Who are you to judge how everyone plays?


It's simply a waste of resources - as evidenced by your poll.

arena25

Reverb wrote: »

They semi-have MFA, requiring email verification when login is attempted on a client not previously associated with your account. Short of full dual-factor authentication on every login, what are you thinking is needed?

Additional ways to authenticate in the event your account is suspected of being compromised (i.e. fresh device log-in), but email is either not working or is compromised.

gronkdamage

I will also say again: What if you have more than one account.

The email is just fine.

ADarklore

Yet another... "people shouldn't be held responsible for their own actions" thing. If people don't want to secure their accounts, that's on THEM... if people want to do it voluntarily, that's fine... but forcing it on players to make up for those who don't want to take the responsibility of securing their own account... I do not agree with that.

Bradyfjord

I'm indifferent as long as it's not mandatory.

Starlight_Whisper

arena25 wrote: »

gronkdamage wrote: »

They have authentication - so why do they need something else? Could it be better? sure, maybe - but what about when you have different accounts.

Problem is that we can't just be sending email messages with a one-time code to players every time they log-in. Almost everyone has a cell phone (and if they don't have a cell phone or can't afford one, why are you even playing video games in the first place), and since email accounts can be deleted upon job changes or otherwise compromised via other manners, why not add a mobile authenticator.

Also, inb4 the "I don't want to buy a smartphone" comments come in...you don't need a smartphone to do SMS text messages/phone calls. Flip phones still exist, heck, my own mother still uses a flip phone, and will be getting a new flip phone here very soon. Anyone that is "too young to get a cell phone" or is outright "I refuse to get a phone for X reason" are probably the same individuals we don't want playing video games cos the same excuses they give for not getting a cell phone are likely the same excuses we can apply to why they should not be playing video games.

Accessibility sells product. Addng such a gate isn't worth especially when 3rd world and 2nd countries play this game still

ApoAlaia

Yes please, the email method is clunky and not all that reliable.

Sylvermynx

I'd be okay with a dongle like in WoW when I quit playing. I am not able to receive text messages, and if there's a problem I already get an email from ZOS.

I don't think it should be mandatory. If people can't (or choose not to) keep their accounts secure, it's ZOS's business, no one else's.

And I didn't vote because none of the options fit what I posted as my feelings about it.

essi2

Only if they use Google Authenticator, if they decided to make their own it would be a disaster

jsarthur_ESO

DFA would not be a hindrance for me. Have been using secure linux pw manager for years now. I dont know what my pw is 😂 and would take about 47 years to crack. Unfortunately people are easily corruptible. 🐱‍👤

Alucardo

Just do what other games do (I won't mention which one), but they give players a small amount of extra bank space if they enable 2fa. IMHO there's nothing wrong with that. In exchange for securing your own account, you're also getting more storage room.

Danikat

If for some reason ZOS thought this was necessary I'd prefer them to use an online authenticator, or at least have it as an option. If you live somewhere with unreliable mobile signal waiting for a text message to get the code can be a complete pain, but if you're in a place where you're not able to get an online code you probably wouldn't be able to log into ESO either so the problem would be irrelevant.

arena25 wrote: »

gronkdamage wrote: »

They have authentication - so why do they need something else? Could it be better? sure, maybe - but what about when you have different accounts.

Problem is that we can't just be sending email messages with a one-time code to players every time they log-in. Almost everyone has a cell phone (and if they don't have a cell phone or can't afford one, why are you even playing video games in the first place), and since email accounts can be deleted upon job changes or otherwise compromised via other manners, why not add a mobile authenticator.

Also, inb4 the "I don't want to buy a smartphone" comments come in...you don't need a smartphone to do SMS text messages/phone calls. Flip phones still exist, heck, my own mother still uses a flip phone, and will be getting a new flip phone here very soon. Anyone that is "too young to get a cell phone" or is outright "I refuse to get a phone for X reason" are probably the same individuals we don't want playing video games cos the same excuses they give for not getting a cell phone are likely the same excuses we can apply to why they should not be playing video games.

What makes you think someone who uses their work email to sign up for a video game wouldn't also use their work phone for the authenticator?

If the problem is that you might lose access to an email address when you change jobs the solution is simple: set up your own private email address to use for things not related to work. It's not like they're expensive or hard to get.

Sylvermynx

arena25 wrote: »

gronkdamage wrote: »

They have authentication - so why do they need something else? Could it be better? sure, maybe - but what about when you have different accounts.

Problem is that we can't just be sending email messages with a one-time code to players every time they log-in. Almost everyone has a cell phone (and if they don't have a cell phone or can't afford one, why are you even playing video games in the first place), and since email accounts can be deleted upon job changes or otherwise compromised via other manners, why not add a mobile authenticator.

Also, inb4 the "I don't want to buy a smartphone" comments come in...you don't need a smartphone to do SMS text messages/phone calls. Flip phones still exist, heck, my own mother still uses a flip phone, and will be getting a new flip phone here very soon. Anyone that is "too young to get a cell phone" or is outright "I refuse to get a phone for X reason" are probably the same individuals we don't want playing video games cos the same excuses they give for not getting a cell phone are likely the same excuses we can apply to why they should not be playing video games.

Excuse me? I live in a place that HAS NO MOBILE SERVICE. So what you're saying is that I shouldn't be able to play because I choose to live in a town with the cleanest air and water and the fewest people in the state?

And yes, I have a flip phone - to use for emergency service when we're in town and have a flat tire or other issue with a vehicle. IT DOES NOT WORK AT MY HOME. Which is where I - y'know - play ESO....

Oh and who's the "we" in "we can't just be sending email messages with a one-time code to players every time they log-in"? Are you a ZOS employee?

kargen27

"and since email accounts can be deleted upon job changes or otherwise compromised via other manners, why not add a mobile authenticator."

When I suspected my E-mail may have been compromised I switched every account that was using that E-mail address to a new E-mail address. Switching to a different E-mail address in ESO was simple.

If they want to provide an option to opt in for more security I wouldn't mind.

magnusthorek

Absolutely! We can't save our passwords so using big, super-secure passwords might be an annoyance to some (it was to me 'til I managed to get a super badass one) so an Authenticator, as annoying as they are would be perfect. But no SMS, I've had a lot of trouble with cancelled/changed numbers that held my account blocked 'til I contacted support, waited for an answer so THEN I could restore my access.

I vote to give us a goodie, but that's optional, really

redlink1979

arena25 wrote: »

Since not everyone may keep their account as secure as they should(...)

My only question to players is: if you don't have a strong password, why don't you have one?!

Fenris_Arainai

If it's done in a similar way to SWTOR: an app-style authenticator that can also be used on a desktop, if someone doesn't have/want to use a mobile. No "send email each time", that's be just too much hassle. Especially if emails came with delays; no one wants to sit for 10 minutes to start playing the game.

And maybe a small amount of crowns or a crate once a month as an incentive.

bmnoble

arena25 wrote: »

gronkdamage wrote: »

They have authentication - so why do they need something else? Could it be better? sure, maybe - but what about when you have different accounts.

Problem is that we can't just be sending email messages with a one-time code to players every time they log-in. Almost everyone has a cell phone (and if they don't have a cell phone or can't afford one, why are you even playing video games in the first place), and since email accounts can be deleted upon job changes or otherwise compromised via other manners, why not add a mobile authenticator.

Also, inb4 the "I don't want to buy a smartphone" comments come in...you don't need a smartphone to do SMS text messages/phone calls. Flip phones still exist, heck, my own mother still uses a flip phone, and will be getting a new flip phone here very soon. Anyone that is "too young to get a cell phone" or is outright "I refuse to get a phone for X reason" are probably the same individuals we don't want playing video games cos the same excuses they give for not getting a cell phone are likely the same excuses we can apply to why they should not be playing video games.

Not everyone has good mobile phone service where they live, I got a mobile I use if for emergencies in the event I break down when I am out in my car somewhere.

Got no service where I live though, nor do any visitors with the latest smart phones, have to make do with a landline.

I play ESO with satellite internet.

Toanis

ESO does have a two factor authentication. It compares a checksum from your computer with the last log in and sends you an email with an authentification code when they don't match. So far it only happened after Windows upgrades for me.

Compare that to SWTOR: they send you an email when your IP doesn't match the last login (which usually changes more often than the OS, some actually get a new IP each day.). Alternatively you can use an authenticator (key fob or app) that generates a second time-based key code, so you have always to grab your phone or key fob to log in, and type in two passwords. In return get some extra cash shop coins each month and have access to a special "security vendor".

IMO ESO's approach (also used by Steam for example) is a good middle course between checking for an easily faked IP and using government-grade 2 factor authentication.

danno8

It should be an option.

santhoranb16_ESO

arena25 wrote: »

Reverb wrote: »

They semi-have MFA, requiring email verification when login is attempted on a client not previously associated with your account. Short of full dual-factor authentication on every login, what are you thinking is needed?

Additional ways to authenticate in the event your account is suspected of being compromised (i.e. fresh device log-in), but email is either not working or is compromised.

If your' unable to manage your security so everythings compromised, its super likely your phone is compromised too then because of the lacking user skills. You cant protect anyone 100% against himself, they need to learn from their faults.

ESO has enough security- if you manage to fail everything that user will manage to fail a sms authentication too by compromising his phone details.

Kiralyn2000

arena25 wrote: »

(and if they don't have a cell phone or can't afford one, why are you even playing video games in the first place), and since email accounts can be deleted upon job changes or otherwise compromised via other manners, why not add a mobile authenticator.

Also, inb4 the "I don't want to buy a smartphone" comments come in...you don't need a smartphone to do SMS text messages/phone calls. Flip phones still exist, heck, my own mother still uses a flip phone, and will be getting a new flip phone here very soon. Anyone that is "too young to get a cell phone" or is outright "I refuse to get a phone for X reason" are probably the same individuals we don't want playing video games cos the same excuses they give for not getting a cell phone are likely the same excuses we can apply to why they should not be playing video games.

Uhhhhh.... what? What does cell phone use (or un-use) and playing games have to do with each other at all?

----
For the record, yeah - I don't have a cell phone. But I've been playing video games since 1980. It's a fun hobby.

I do have a tablet, though. And I used it for the SWtOR authenticator. But the only reason I bothered with that thing is because they gave incentives. Including the Republic Dancer costume.


edit: I had a basic flip-phone for like 10-15 years (on a 'family plan' that someone else signed up for), but after realizing I'd only used it (on average) once every ~3 years, I told them it was a waste of money.

danno8

gronkdamage wrote: »

They have authentication - so why do they need something else? Could it be better? sure, maybe - but what about when you have different accounts.

They send authentication request to the same phone?

DreamyLu

A "no" from me.

I'm usually supporting the use of a authentication, but ESO is already so slow at start... And yet at the top of it an authentication? *running away screaming*

Joke aside, for me personally, answer would be: first, find a way to get the whole starting session to go faster. And after that, if fast enough, first then add an authentication.

AzraelKrieg

Why create another authenticator when they could just use an existing one like Authy or Google Authenticator?

oddbasket

If they wanted, they can just add themselves to the Microsoft authenticator app now anyway.