Just wanted to chip in here.
I was recently locked out of my account due to too many bad password attempts from someone else trying to access my account and have lost my account to a “hacker” already once before (several months ago). Luckily I learned my lesson way back when, and now use a different password for every account I have. (A lot of people still don’t which is 99% of the reason they still lose their accounts).
However - the 2FA system in place right now is frankly, a joke - and it took a short eternity to even implement in the first place.
I accept that the success of Fortnite is something Epic wasn’t prepared for, and I accept that they are a games company and not a security company - but it’s been several months now, and it seems somewhat irresponsible to not take these issues more seriously or at least be more transparent with what’s being done to resolve it. I understand that dealing with this kind of thing is a sensitive topic, but the only response we ever really get is “our engineers are looking into it”. (See the thread linked above for an example of it).
Several users have had actual money go missing from their bank accounts - that is SERIOUS and messes with peoples real lives. What happens when somebodies rent money goes missing from their account due to poor security? I recently removed all payment information from my account, and I’m holding off on releasing marketplace content until I feel the system is secure enough to re-add my payment details. Incidentally, to set up as a marketplace seller, my account now stores sensitive information about my business too (such as Tax Reg Number) - which I can’t remove without jumping through hoops.
A couple of weeks ago, it took over 24 hours to get a 2FA sign-in code sent to my e-mail address, which I needed to install the engine at an on-site contract (i.e, a legitimate use of my account at another location - exactly what 2FA is designed for). As a result, I wasn’t able to install the engine at all using my own account and couldn’t even access anything else. Thankfully someone on-site had their own account on that machine - but if they hadn’t, I’d have been out of a job that day.
I’m a self-admitted Epic / Unreal fanboy - but even I can’t look past the sheer number of people losing their accounts recently. Social media is rammed full of folks trying to understand why they keep losing access to their accounts. Serious action needs to be taken before this gets out of control, or we at least need to know that’s what’s happening.