Announcement

Collapse
No announcement yet.

2 Factor Authentication - TOTP/U2F/SMS

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    2 Factor Authentication - TOTP/U2F/SMS

    Any plans to add Two Factor Authentication to Epic Games accounts, like Steam & Origin?

    Preferably something standard like TOTP(Google Authenticator), U2F(Yubikey), or even SMS/email.

    #3
    Originally posted by SaviorNT View Post
    I hope not.
    2 factor auth is usually optional..

    Comment


      #4
      I hope not.
      I hate passwords, I hope they can ditch them some day. But I have hundreds of games worth hundreds of dollars in my Steam account. I'm not going to lose all that to some neck beard hacker in Ukraine who got bored and grepped my password from a database.

      Just to illustrate the power of 2-Factor Authentication I've created an expendable, example gmail account on my Google Apps account.
      I authorize ANYONE to use my user name and password.
      Goto google and sign in with this.
      takeme@pslog.org
      takeme11

      Nobody can sign in to this account without a physical U2F security key. Or the backup, a rotating one time password.
      Last edited by 1jove; 06-04-2015, 09:50 AM. Reason: Spelling

      Comment


        #5
        Your steam account is not an Epic Unreal Engine 4 account. 2 factor authentication usually assumes:

        - You have more than 1 email address (I don't)
        - You have a cell phone capable of SMS messaging (I don't)
        - You purchase a physical key (I'd lose it)
        WIP: Science Project - A collection of middle school through advanced college level science theory and formula-based functions for use in your own projects
        World Machine to UE4 Export Macro
        WM Folder Generator - Creates a folder that you name with HeightMap, NormalMap, SplatMap, and Tile sub-folders

        Comment


          #6
          Originally posted by SaviorNT View Post
          Your steam account is not an Epic Unreal Engine 4 account. 2 factor authentication usually assumes:
          You couldn't get into my account even with the password could you? You mad?

          You aren't addressing anything regarding a 2 step login. You're on a computer, and you signed up for a unreal engine account, you'll be fine. You don't seem to understand the concept, or the reason people want it. Anyway, adding a second step to login is always voluntary.

          Not sure why you seem to not want me to have more security options.

          It's only a game! Why you have to be mad?
          removed my video

          ----

          2015-06-05 4:09 AM @SaviorNT - I apologize for my very immature post.
          Last edited by 1jove; 06-05-2015, 07:11 AM. Reason: Apology and removed video

          Comment


            #7
            On a side note. Implementing TOTP is probably the most established and has the most freely licensed implementations available. In my experience implementing it for stuff like SSH, it was pretty trivial. Epic's milage may very.

            https://github.com/google/google-authenticator
            http://www.nongnu.org/oath-toolkit/
            https://www.freebsd.org/doc/handbook...passwords.html

            Now, U2F is another story. No idea what that would take.

            https://www.duosecurity.com is another resource for this stuff.

            Comment


              #8
              Originally posted by 1jove View Post
              You couldn't get into my account even with the password could you? You mad?

              You aren't addressing anything regarding a 2 step login. You're on a computer, and you signed up for a unreal engine account, you'll be fine. You don't seem to understand the concept, or the reason people want it. Anyway, adding a second step to login is always voluntary.

              Not sure why you seem to not want me to have more security options.

              It's only a game! Why you have to be mad?
              I'm entirely unsure as to why I should attempt to hack a gmail account while I'm at work. Most jobs frown upon their employees attempting to hack email/websites/communications using their systems. While I may not like my job, I am good at it; and, well, it is a job in which I do get paid which in turn allows me to purchase things on the marketplace / REI / etc.. I'd rather not lose my job.

              Even while at home, I would rather not participate in your little game, as my internet search/browsing history would most likely set off a ton of red flags and be watched pretty closely by officials. I don't do anything illegal mind you, however, intentions cannot be gleamed from search history alone. Right? Not everyone that performs a search of say, "How to build a nuclear bomb" and "how to obtain plutonium for research" are actually attempting to build a nuke. While it's just research on ease of information gleaming, to the outsider, it is highly suspicious. Why do I bring this up? Hacking is illegal, and I am too lazy to setup a TOR connection to a botnet.

              Just because you give permission to do so on a forum does not make it legal to perform the, let's call it, the security test. To perform such tests, I would need to give you a mountain of paperwork to sign and send back to me to cover myself if I wind up in front of a judge. Not too mention I don't have my CEH certification, which, if I am not mistaken, is required of "security testers" as per federal guidelines? I could be wrong about that, it's not exactly my field of expertise.

              As for the reasons why people want it, I would presume you mean, "why I want it". There is no "I" in "people". I do apologize, however, I am not the one that wrote the Oxford English Dictionary. If you would like to protect your application that much, how about you just enable biometrics in your OS login?

              I am confused about something though which you said:

              It's only a game! Why you have to be mad?"
              I am confused for 2 reasons. General confusion in which people on various forums butcher the English language, on purpose, and the second thing is, I was not informed that Unreal Engine 4 was a game. I was sure it was a game design application. I appreciate you clearing that up.

              The last thing I would have to say, while these forums are not "professional" forums, they are to a degree, "semi-professional". If someone disagrees and provides an argument as to why they disagree, it is your job to give a counter argument. Or, not respond at all; either way. I cannot speak for everyone, however, I would like to see productive threads and responses, not threads/responses that ooze immaturity.
              WIP: Science Project - A collection of middle school through advanced college level science theory and formula-based functions for use in your own projects
              World Machine to UE4 Export Macro
              WM Folder Generator - Creates a folder that you name with HeightMap, NormalMap, SplatMap, and Tile sub-folders

              Comment


                #9
                A few months ago someone got access to a bunch of Origin account passwords. I woke up one day, checked my mail and saw about ten new letters titled "Your Origin security code". Someone discovered my password and tried to access my account, but failed. Two-step authentication saved my life. Now I always enable it when possible.
                Realistic Atmosphere 2.0 | YouTube | Forum | Marketplace

                Comment


                  #10
                  I cannot speak for everyone, however, I would like to see productive threads and responses, not threads/responses that ooze immaturity
                  I want to respond to a lot of what you said but I'm afraid I've kinda ruined the thread with my previous post. I shouldn't post to forums after I play DotA. My post was immature to put it very lightly. I apologize. I'm going to edit in an apology in and remove that obnoxious embedded video.

                  Comment


                    #11
                    To revive this topic, I personally would like to request 2 Factor Authentication as well. I bought a lot of stuff on the marketplace, and now all it needs is a hacker to guess / bruteforce my password right. Or hack your system. Having 2 Factor Authentication would make it impossible to get into my account even if the hacker gets my password. I really do not want to lose my stuff and account.

                    Right now I even delete my credit card credentials after I made a purchase, because I don't want someone to get into my account and buy stuff with my card.

                    Please add this feature, it's easy to implement (using the google service) and only makes the security a lot stronger. And since it's optional, I see no reason why not to use it? It kind of common practise nowadays and is adviced by all security experts out there.

                    Comment


                      #12
                      As a seller on the marketplace, I couldn't agree more. I'd like to protect my products with more than just a password.
                      Marketplace Assets

                      Advanced Mobile Input: Marketplace Page | Support Thread ――― Easy Input Remapping: Marketplace Page | Support Thread
                      Multiplayer Blueprint Chat System: Marketplace Page | Support Thread ――― Closing Credits System: Marketplace Page | Support Thread
                      Minesweeper Template: Marketplace Page | Support Thread ――― Maze Creator: Marketplace Page | Support Thread

                      Comment


                        #13
                        Can we please get a response from an Epic Moderator about this? Considering that the UE4 forums have been hacked last August, I find it a concerning that there aren't further measures been taken to strengthen security.

                        Comment


                          #14
                          Originally posted by spacegojira View Post
                          Can we please get a response from an Epic Moderator about this? Considering that the UE4 forums have been hacked last August, I find it a concerning that there aren't further measures been taken to strengthen security.
                          We're moving to vbulletin 5 first, then working on the next steps for additional security. Option 2-factor is not off the table, but would take some time to implement as we have to be set up in the new version first.
                          Twitch /unrealalexander| Twitter @UnrealAlexander
                          How to report a bug? | Installation & Setup issues?
                          Call me to a thread by posting this: [MENTION]Alexander Paschall[/MENTION]

                          Comment


                            #15
                            Hi, Has this been added to epic accounts yet? I think 2 step verification is very important.

                            Comment

                            Working...
                            X