It's time for 2-Factor Authentication

85flyingbrick_ESO

I have a couple concerns and I know if I send it to support it's just going to get buried if recent history is any indicator.
The game has been out coming on 10 years. A LOT of us have multiple accounts. I can only speak for myself but I have 10 paid accounts that I log into daily. Each one of these require a different email address. It is a ridiculous amount of info to have to keep track of. No one wants that many emails to have to track. There has got to be a way all the accounts can use the same address.
This leads to the 2nd problem--the "we don't recognize this device message. please check your email for an access code." The amount of outright loathing I have about this process might require therapy. These codes just don't ever show up. I have done every single thing support has said to do: clearing caches, checking ports, whitelisting emails, changing passwords, etc. Btw, changing passwords happens instantaneously with a confirmation mail to the same addresses that can't seem to get access codes. The list of demands support requires is plain BS at this point. Sometimes it works to switch to using the executable to launch game or vice versa using the launcher if I had used the executable originally. It's rarely the same account two times in a row that has the issue. Sometimes simply logging into a different account and coming back later solves the issue, but not always. And if you close the window and come back and it asks for a code again that is a new code that will also likely never arrive. I even had a family member who works in IT check our internet/network. He couldn't find anything that could cause this on our end. And it's the only game I've ever had this issue with. Why can't we use a 2-factor authenticator?; It's good enough for Rockstar, Ubisoft, Blizzard, and many others.

Necrotech_Master

the email with the access code is considered 2 factor authentication because its in addition to entering your normal password, you just dont have to do it every time (though they have had issues with it being bugged and popping up even though it never sent anything out at all, if this was the case can just close that and try to log in again)

however, i most certainly do not want to have to do this every time i go to log in, which is what adding a full 2-factor authenticator will do

while i know its technically more secure, its also 100x more annoying than just entering in a password

TaSheen

In general, OP, if you get an access code request but never get the email, it's likely you typed the password incorrectly. If you get that access code screen, exit out of it, and try retyping the password.

Like @Necrotech_Master I'm not interested in having full 2FA added to this game. BTW, most email apps nowadays allow you to forward all "extra" emails to your main one so you don't have to log into that many email accounts. I check all my game emails on my main gmail addy.

wolfie1.0.

85flyingbrick_ESO wrote: »

I have a couple concerns and I know if I send it to support it's just going to get buried if recent history is any indicator.
The game has been out coming on 10 years. A LOT of us have multiple accounts. I can only speak for myself but I have 10 paid accounts that I log into daily. Each one of these require a different email address. It is a ridiculous amount of info to have to keep track of. No one wants that many emails to have to track. There has got to be a way all the accounts can use the same address.
This leads to the 2nd problem--the "we don't recognize this device message. please check your email for an access code." The amount of outright loathing I have about this process might require therapy. These codes just don't ever show up. I have done every single thing support has said to do: clearing caches, checking ports, whitelisting emails, changing passwords, etc. Btw, changing passwords happens instantaneously with a confirmation mail to the same addresses that can't seem to get access codes. The list of demands support requires is plain BS at this point. Sometimes it works to switch to using the executable to launch game or vice versa using the launcher if I had used the executable originally. It's rarely the same account two times in a row that has the issue. Sometimes simply logging into a different account and coming back later solves the issue, but not always. And if you close the window and come back and it asks for a code again that is a new code that will also likely never arrive. I even had a family member who works in IT check our internet/network. He couldn't find anything that could cause this on our end. And it's the only game I've ever had this issue with. Why can't we use a 2-factor authenticator?; It's good enough for Rockstar, Ubisoft, Blizzard, and many others.

Access code is a two factor authenticator. Unless you mean something like a authentication app, which is really just an extention of the same thing, and if they set it up correctly would actually be way more painful than the current system is.

My advice? Leave it be. If you make logging in too much work for a single game then people will just quit. It's a game, not your bank account.

TaSheen

There's another issue for me (I don't know about anyone else - quite probably I'm again a minority of one): if ZOS were to go to a text code on a mobile like some other games (WoW for instance) have done, I'd be out of luck. My mobile does not work at my house and that includes text.

Sure, you can send me text messages on it if you have the number, but I'd have to drive 8 - 10 miles to find a place I could get service to receive it. And I'm pretty sure I wouldn't be able to get back to my machine in time for it to still be viable....

Hlaaluna

85flyingbrick_ESO wrote: »

I Each one of these require a different email address. It is a ridiculous amount of info to have to keep track of. No one wants that many emails to have to track. There has got to be a way all the accounts can use the same address.

Though I can't comment on all of your concerns, I do have a suggestion re the emails and passwords.

There are many password safe applications that will auto enter your email address and unique passwords. The one I use is Roboform but have used other good ones over time. The work on all platforms, eg PC, Mac & mobile devices. What I love about these apps is that of my many dozens of passwords I have to use, not a one of them is duplicated and they are all extremely strong because you don't actually have to bother typing them out.

Also I am pretty sure you can get your 2 part authentication code via email.

Bobargus

As long as this authentication does NOT provide anything, such as free crown, then i'm okay with this as an option. Because if there is one thing that i hate about SWTOR, for example, it is its authentication system.

Think about it: It's evening, and although you want to play ESO for some casual fun, you are also tired. The game requires you to open your smartphone authenticator app to log in.

In this kind of scenario, i would either delete the app or the game itself.

tl,dr: As long as the authentication process is optional, and preferably with no FOMO, i have no problem.

rpa

They really should get rid of "email code sent" message when one mistypes their password. In that case code is not sent and one just needs to type their password correctly. When the code is actually sent trying to log in just sends another code and the previous code is not valid any more. And if receiving mail takes few minutes it gets rather annoying to find the right code.

Amottica

Zenimax considers the email authentication a sufficient 2 factor design. iirc, they previously have said as much. I doubt they will be willing to change things.

It is best practice to ensure a sufficient password and ensure that the email associated with the account has a different password than the ESO account or forum account.

Maitsukas

Necrotech_Master wrote: »

the email with the access code is considered 2 factor authentication because its in addition to entering your normal password, you just dont have to do it every time (though they have had issues with it being bugged and popping up even though it never sent anything out at all, if this was the case can just close that and try to log in again)

however, i most certainly do not want to have to do this every time i go to log in, which is what adding a full 2-factor authenticator will do

while i know its technically more secure, its also 100x more annoying than just entering in a password

I know RuneScape allows you to trust the current device for 30 days after entering the Google Authenticator code.

PieMaster1

Maitsukas wrote: »

Necrotech_Master wrote: »

the email with the access code is considered 2 factor authentication because its in addition to entering your normal password, you just dont have to do it every time (though they have had issues with it being bugged and popping up even though it never sent anything out at all, if this was the case can just close that and try to log in again)

however, i most certainly do not want to have to do this every time i go to log in, which is what adding a full 2-factor authenticator will do

while i know its technically more secure, its also 100x more annoying than just entering in a password

I know RuneScape allows you to trust the current device for 30 days after entering the Google Authenticator code.

That game is hot garbage. I spent like 200 dollars over the years and had 2FA, yet some macro'er managed to get into my account and use it as their own personal bot. I even asked Jagex to check for the IP location (since it was hijacked in the ~4 year hiatus I took from RS, it should show my IP was never used in that time frame) but they didn't care and proceeded to call ME the cheater lol

Number_51

There may be a way to have multiple accounts using a single email address if you use Gmail (I'm not sure if other mail services have the same functionality). Say your email address is "jdoe@gmail.com", Gmail allows you to add a plus ("+") sign and any combination of letters or numbers after the username portion of your email address. So you can have "jdoe@gmail.com", "jdoe+acct1@gmail.com", "jdoe+acct2@gmail.com", etc. Google treats them all as the same address with a single inbox, basically ignoring the "+" and everything after up to the "@", but most other services see them as different email addresses. I'm not 100% sure this works for ESO specifically, but I know I have multiple console accounts tied to the same email address using this method, and by extension that works for ESO on console.

You can also add "." characters anywhere in the username portion and Google/Gmail ignores them. So "j.doe", "jd.oe", "j.d.o.e" are all the same as "jdoe". But I'm not sure if those look like separate email addresses on other services.

gariondavey

Sounds like there are some easy solutions to this problem that you have caused for yourself, as suggested by others in this thread.
Sounds to me like it would be much easier for the devs to focus on bringing us balance and class changes that have been requested for years, instead of spending time and resources in changing how logging in the game works (given the multitude of suggestions of fixes that you can do yourself).

No offense intended or anything, just being realistic about a finite quantity of dev time and resources.

Ragnarok0130

Bobargus wrote: »

As long as this authentication does NOT provide anything, such as free crown, then i'm okay with this as an option. Because if there is one thing that i hate about SWTOR, for example, it is its authentication system.

Think about it: It's evening, and although you want to play ESO for some casual fun, you are also tired. The game requires you to open your smartphone authenticator app to log in.

In this kind of scenario, i would either delete the app or the game itself.

tl,dr: As long as the authentication process is optional, and preferably with no FOMO, i have no problem.

What a bizarre position to take. It is not only in ZoS’ interest to incentivize the use of two factor authentication to protect user accounts but in the customer’s self interest. So why shouldn’t ZoS sweeten the deal to encourage one to take relevant security steps to protect one’s account? I have never had an issue with SWTOR’s authentication, either the original key fob authenticator that I used early in the game or the software version later. Protecting one’s account with years of progress and potentially lots of micro transaction purchases depending on one’s addiction to the crown store is not only logical but smart.

ikzaa

I want the option to save the password, no more steps.

OsUfi

Opt in, maybe, but good god no not mandatory. Or with perks.

I can't get reception on my phone at the best of times, and that's currently forcing me to change bank.

I also don't want an app on my phone for everyrhing I want to log in to, especially not something as trivial as a game.

freespirit

I have just checked account page on three accounts, two required an access code, which arrived straight away HOWEVER doing something similar every log in???

Please NO, I would lose the plot as I switch accounts a lot!!!

bulbousb16_ESO

85flyingbrick_ESO wrote: »

A LOT of us have multiple accounts. I can only speak for myself but I have 10 paid accounts that I log into daily.

10 paid accounts? Why?

I don't imagine you'd enjoy having 10 authenticators.

Elsonso

bulbousb16_ESO wrote: »

85flyingbrick_ESO wrote: »

A LOT of us have multiple accounts. I can only speak for myself but I have 10 paid accounts that I log into daily.

10 paid accounts?

I don't imagine you'd enjoy having 10 authenticators.

That _would_ be worse than 10 email addresses.

What I want is for them to remember one more "computer" so that I can log into the game, PTS, and my account without triggering things, including myself. Any two is fine, add in the third and it is email time. This is yet another reason to avoid PTS.

danno8

Or they could just go passwordless.

You start with one verified machine (like your Windows PC for example) and if you want to register a new machine it just needs you to verify it on your original machine using a pin (Windows Hello) or Fingerprint or other Biometric scanner if you have it.

All subsequent machine log-ins just need any previous verified machine and then the new machines are added to the growing list (usually limited to some small number of machines).

The best part is once a machine is verified you never have to put in a password again, usually just a PIN or biometric (like how most phones work to unlock).

Mesite

I haven't had any problems accessing ESO for years so I certainly don't need any added problems which would be caused by (unnecessary for me) increased security.

I used to have several accounts too but I decided which one I wanted to use and sent my crafting mats and money to that account.

wolfie1.0.

Elsonso wrote: »

bulbousb16_ESO wrote: »

85flyingbrick_ESO wrote: »

A LOT of us have multiple accounts. I can only speak for myself but I have 10 paid accounts that I log into daily.

10 paid accounts?

I don't imagine you'd enjoy having 10 authenticators.

That _would_ be worse than 10 email addresses.

What I want is for them to remember one more "computer" so that I can log into the game, PTS, and my account without triggering things, including myself. Any two is fine, add in the third and it is email time. This is yet another reason to avoid PTS.

They actually do use a process like this sort of. Verification triggers with hardware changes similar to how windows works, or if you purge out certain data from your system on the regular. Anti-virus software will trigger a re authentication, or a hard crash from eso. If you swap out a lot of drives it's a trigger.

wolfie1.0.

bulbousb16_ESO wrote: »

85flyingbrick_ESO wrote: »

A LOT of us have multiple accounts. I can only speak for myself but I have 10 paid accounts that I log into daily.

10 paid accounts? Why?

I don't imagine you'd enjoy having 10 authenticators.

Ten is amature hour..i have a lot more than this (50 i think? I havntcounted in a while). but to answer your question 10 accounts gets you a personal guild bank.