What's new

Announcement Accounts now require 2-Factor Authentication

Seiichi

Manager
Oct 20, 2016
2,063
2,474
Due to excessive account sharing, and issues that have arisen because of that I have had to change it so that 2-Factor Authentication has gone from being a recommendation to being a requirement.

To learn what 2FA/2-Factor Auth is you can read it here: What Is Two-Factor Authentication (2FA)? - Authy

This has been done for the following reasons:
  • Players who have shared accounts get banned because we ban all accounts banned users have access to. This also bans all accounts they try to bypass the server on.
  • Players have their accounts wiped or equipment/shards/diamonds stolen either due to trusting the wrong person, or retaliation for a falling out.
  • Players sharing accounts and being flagged for multiple accounts by someone who tries to bypass account restrictions; depending on the number of accounts it is easier to ban all accounts and deal with individual tickets later.
  • Rare instances of players who have had accounts actually hacked; this has been extremely rare and is a case by case basis of users sharing passwords from past servers or re-using passwords.
    • I have also enabled HaveIBeenPwned and a few other services for checking for compromised accounts, so some people may start getting alerts about this.
The current options set up for 2FA allow for email, app based auth through Authy/Google Authenticator or similar services, or physical security/passkeys such as Yubikey.

Once we release source code, we may look at adding 2FA requirements and device whitelisting to Dragon's Prophet and possibly Dragon Saga.
 
  • Thread starter
  • Staff
  • #2

Seiichi

Manager
Oct 20, 2016
2,063
2,474
For people who have been getting "Account Breach Alert" emails, this does not mean your account here has been breached. It means that the details you've used here were re-used elsewhere and were part of an earlier data breach on a different site or service.

This feature was enabled as there have been instances where accounts were accessed by these leaked credentials.

If you get an alert, it is recommended to change the credentials at the sites/locations listed and to also use separate passwords for each site.
 

Linkbacks