Download

2 Factor Authentication - TOTP/U2F/SMS

Any plans to add Two Factor Authentication to Epic Games accounts, like Steam & Origin?

Preferably something standard like TOTP(Google Authenticator), U2F(Yubikey), or even SMS/email.

I hope not.

2 factor auth is usually optional…

I hate passwords, I hope they can ditch them some day. But I have hundreds of games worth hundreds of dollars in my Steam account. I’m not going to lose all that to some neck beard hacker in Ukraine who got bored and grepped my password from a database.

Just to illustrate the power of 2-Factor Authentication I’ve created an expendable, example gmail account on my Google Apps account.
I authorize ANYONE to use my user name and password.
Goto google and sign in with this.
takeme@pslog.org
takeme11

Nobody can sign in to this account without a physical U2F security key. Or the backup, a rotating one time password.

Your steam account is not an Epic Unreal Engine 4 account. 2 factor authentication usually assumes:

  • You have more than 1 email address (I don’t)
  • You have a cell phone capable of SMS messaging (I don’t)
  • You purchase a physical key (I’d lose it)

You couldn’t get into my account even with the password could you? You mad?

You aren’t addressing anything regarding a 2 step login. You’re on a computer, and you signed up for a unreal engine account, you’ll be fine. You don’t seem to understand the concept, or the reason people want it. Anyway, adding a second step to login is always voluntary.

Not sure why you seem to not want me to have more security options.

It’s only a game! Why you have to be mad?
removed my video


2015-06-05 4:09 AM @SaviorNT - I apologize for my very immature post.

On a side note. Implementing TOTP is probably the most established and has the most freely licensed implementations available. In my experience implementing it for stuff like SSH, it was pretty trivial. Epic’s milage may very.

http://www.nongnu.org/oath-toolkit/
https://www.freebsd.org/doc/handbook/one-time-passwords.html

Now, U2F is another story. No idea what that would take.

https://www.duosecurity.com is another resource for this stuff.

I’m entirely unsure as to why I should attempt to hack a gmail account while I’m at work. Most jobs frown upon their employees attempting to hack email/websites/communications using their systems. While I may not like my job, I am good at it; and, well, it is a job in which I do get paid which in turn allows me to purchase things on the marketplace / REI / etc… I’d rather not lose my job.

Even while at home, I would rather not participate in your little game, as my internet search/browsing history would most likely set off a ton of red flags and be watched pretty closely by officials. I don’t do anything illegal mind you, however, intentions cannot be gleamed from search history alone. Right? Not everyone that performs a search of say, “How to build a nuclear bomb” and “how to obtain plutonium for research” are actually attempting to build a nuke. While it’s just research on ease of information gleaming, to the outsider, it is highly suspicious. Why do I bring this up? Hacking is illegal, and I am too lazy to setup a TOR connection to a botnet.

Just because you give permission to do so on a forum does not make it legal to perform the, let’s call it, the security test. To perform such tests, I would need to give you a mountain of paperwork to sign and send back to me to cover myself if I wind up in front of a judge. Not too mention I don’t have my CEH certification, which, if I am not mistaken, is required of “security testers” as per federal guidelines? I could be wrong about that, it’s not exactly my field of expertise.

As for the reasons why people want it, I would presume you mean, “why I want it”. There is no “I” in “people”. I do apologize, however, I am not the one that wrote the Oxford English Dictionary. If you would like to protect your application that much, how about you just enable biometrics in your OS login?

I am confused about something though which you said:

I am confused for 2 reasons. General confusion in which people on various forums butcher the English language, on purpose, and the second thing is, I was not informed that Unreal Engine 4 was a game. I was sure it was a game design application. I appreciate you clearing that up.

The last thing I would have to say, while these forums are not “professional” forums, they are to a degree, “semi-professional”. If someone disagrees and provides an argument as to why they disagree, it is your job to give a counter argument. Or, not respond at all; either way. I cannot speak for everyone, however, I would like to see productive threads and responses, not threads/responses that ooze immaturity.

A few months ago someone got access to a bunch of Origin account passwords. I woke up one day, checked my mail and saw about ten new letters titled “Your Origin security code”. Someone discovered my password and tried to access my account, but failed. Two-step authentication saved my life. Now I always enable it when possible.

I want to respond to a lot of what you said but I’m afraid I’ve kinda ruined the thread with my previous post. I shouldn’t post to forums after I play DotA. My post was immature to put it very lightly. I apologize. I’m going to edit in an apology in and remove that obnoxious embedded video.

To revive this topic, I personally would like to request 2 Factor Authentication as well. I bought a lot of stuff on the marketplace, and now all it needs is a hacker to guess / bruteforce my password right. Or hack your system. Having 2 Factor Authentication would make it impossible to get into my account even if the hacker gets my password. I really do not want to lose my stuff and account.

Right now I even delete my credit card credentials after I made a purchase, because I don’t want someone to get into my account and buy stuff with my card.

Please add this feature, it’s easy to implement (using the google service) and only makes the security a lot stronger. And since it’s optional, I see no reason why not to use it? It kind of common practise nowadays and is adviced by all security experts out there.

As a seller on the marketplace, I couldn’t agree more. I’d like to protect my products with more than just a password.

Can we please get a response from an Epic Moderator about this? Considering that the UE4 forums have been hacked last August, I find it a concerning that there aren’t further measures been taken to strengthen security.

We’re moving to vbulletin 5 first, then working on the next steps for additional security. Option 2-factor is not off the table, but would take some time to implement as we have to be set up in the new version first.

Hi, Has this been added to epic accounts yet? I think 2 step verification is very important.

How to add the google authenticator back??? I mistakenly deleted the old account and now I don’t know how to add the account again!!! can anyone help me with the steps??? thank you

Boogie down where u at

Great game

How do I get the emote!

I don’t know how to do it