I made a post a while back about password security. That post talked about various methods of creating a secure password. But, what more is there for securing your account details? Well, for starters, there’s 2-factor authentication, commonly called 2FA. You probably have some experience with 2FA, either you’ve used Google Authenticator or you’ve gotten a text from your bank with a code you had to enter on their website to log in. These are both implementations of 2FA.
We have had 2FA for the website for some time. This is a good way to prevent account hijacking, where someone changes your password and steals your account, but as the game doesn’t yet support 2FA it offers little protection for your in-game assets. To remedy this we’ve been working on adding 2FA to the game as well. Not only this, but we’ll be changing our implementation of 2FA and this post is going to cover those changes.
We will be supporting TOTP (Google Authenticator, Yubico Authenticator) for the game and website. The game will present a prompt for your code at the character server. It will only require the first 4 digits of the code (which is normally 6 digits). We hope to have recognized devices soon, where you can “remember” a device and not prompt again on it.