Add 2FA to osu!

Miterosan

217 posts

Joined January 2013

Topic Starter

Miterosan 2016-07-02T12:56:11+00:00

2FA

We all want security.
But remembering or creating long passwords is really annoying and people are able to guess your password.
So why not add 2FA to osu!

How do you use it?
When you try to login into osu!, you simply copy this 6 digit code into a third field.

You can use Authy or Google Authenticator to generate the code

Discord, Teamviewer, Slack, Skype, Amazon and Google are allready having this feature.
It should be optional of course.

If you need more reansons why to use 2FA: Click Here or Ask Google

Last edited by Miterosan 2017-12-26T20:23:14+00:00, edited 7 times in total.

Endaris

5,282 posts

Joined June 2010

Endaris 2016-07-02T13:58:31+00:00

No why.
That's a lot effort for no particular reward when you can just use a long+complex password and write it down somewhere in the analog world.
I had to type in my password for osu! not more than 5 times over the last 6 years thanks to auto-login functions so what.

Bauxe

1,624 posts

Joined August 2012

Bauxe 2016-07-02T14:36:18+00:00

Endaris wrote:
No why.

Because it's more secure. In the case someone does manage to get hold of your password (or you share it with other accounts which may be compromised), said person can't get access to your account.

osu! already kinda has 2FA for some features, although it's through an email code rather than a code generator. I wouldn't mind seeing it as an alternative.

Pawsu

osu! Alumni

5,213 posts

Joined February 2013

Pawsu 2016-07-02T15:12:16+00:00

Duplicate - please support the link provided in the thread and bump it with any ideas you might have.
I still think the Verification system is an already existing good alternate but I can see the reason for a more secure system.

Miterosan

217 posts

Joined January 2013

Topic Starter

Miterosan 2016-07-02T15:38:41+00:00

Pawsu wrote:
Duplicate - please support the link provided in the thread and bump it with any ideas you might have.
I still think the Verification system is an already existing good alternate but I can see the reason for a more secure system.

the provided link wants it over a email, this wants it over the Google Authentiactor app or Authy (or simelar apps/programs),
so not really duplicate

Pawsu

osu! Alumni

5,213 posts

Joined February 2013

Pawsu 2016-07-02T15:53:39+00:00

Then I don't really see this even happening. We already have a verification system that won't let you do normal things until you verify it's you via a code sent your email and the /verify command in game. I think it would have been added already if anyone had plans on implementing it.

Miterosan

217 posts

Joined January 2013

Topic Starter

Miterosan 2016-07-02T15:59:33+00:00

Pawsu wrote:
Then I don't really see this even happening. We already have a verification system that won't let you do normal things until you verify it's you via a code sent your email.

Please note that some people have longer ways to get into their email inbox, like for example web.de, so instead of going to web.de (example), login with you password there, then search for the email, maybe wait for the email if their server a slow again, simply get your mobile phone out (or use the chrome extension of Authy) and copy the 6 digit code, which is way faster and easier.

Bara-

11,955 posts

Joined April 2013

Bara- 2016-07-02T21:53:39+00:00

I don't think an osu account needs to be secured that much. It's not as valueable as an email account/bank account etc.

Remyria

352 posts

Joined June 2012

Remyria 2016-07-04T09:04:43+00:00

Adding it as a possibility of using it if you want, I don't see why not, but if it gets planned one day, it will have a low priority, I think

RosieCode

4 posts

Joined February 2016

RosieCode 2016-09-02T01:02:33+00:00

one of my mail accounts got compromised today subsequently they began resetting all my passwords for different services...

I use random passwords for every account but this was not enough.
PLEASE add 2FA as this would have been more protection needed at a critical time such as mine.

Thanks peeps.

Chirimu

31 posts

Joined November 2015

Chirimu 2017-07-17T19:20:36+00:00

I bump this because nowadays there are many big leaks of email/pw lists on the web. They only have to get your email credentials and you're locked out of the game if you cant restore it someway. With this option you have a second, WAY MORE SECURE way of logging in (if something happens to your email account).

Nathanael

Global Moderator

6,162 posts

Joined January 2013

Nathanael 2017-07-18T04:35:23+00:00

I'm not sure if all e-mail services have 2FA support for their consumers but it should be best to move to a service that provides a great level of security (e.g. Google) so they can secure their accounts (and recover via e-mail) not just by 2FA but also by other means that are provided by them.

Caleb Correa

28 posts

Joined August 2016

Caleb Correa 2017-07-19T01:18:49+00:00

I think it's okay to put this security measure! Because the only security that has osu! At this time is verification of the email with the code! And I tested several computers and cell phones (which were mine and my family) to enter and change the password and the fourth attempt I started to ask for verification of the mail with the code! I think they should implement more security in osu like 2FA if Google has it because we do not? I worry on my own! For me, my account is more than gold! Since I spend money on it and buy things to improve my gameplay like graphics tablets and others! I hope to implement this! Thank you very much for reading greetings

autoteleology

763 posts

Joined October 2014

autoteleology 2017-07-19T02:25:52+00:00

I don't really see the need. There isn't really much to gain from hacking an account and it should also be very hard to do if you have good password hygiene (use long random passwords + password manager like Lastpass).

It's a whole lot of hassle for very little reward.

Caleb Correa

28 posts

Joined August 2016

Caleb Correa 2017-07-19T05:25:13+00:00

Philosofikal wrote:
I don't really see the need. There isn't really much to gain from hacking an account and it should also be very hard to do if you have good password hygiene (use long random passwords + password manager like Lastpass).

It's a whole lot of hassle for very little reward.

Sorry, but you're a bit wrong, if you get to hack the pc that happens? Get your data hack your account, but what if the 2FA? Or if at least before changing the password or hotmail asked you for verification to do it because I do not ask even if I am with another pc or some other cell phone (my family) I see it absolutely necessary

Faustas156

232 posts

Joined April 2015

Faustas156 2017-07-23T09:37:04+00:00

Caleb Correa wrote:
Philosofikal wrote:
I don't really see the need. There isn't really much to gain from hacking an account and it should also be very hard to do if you have good password hygiene (use long random passwords + password manager like Lastpass).

It's a whole lot of hassle for very little reward.
Sorry, but you're a bit wrong, if you get to hack the pc that happens? Get your data hack your account, but what if the 2FA? Or if at least before changing the password or hotmail asked you for verification to do it because I do not ask even if I am with another pc or some other cell phone (my family) I see it absolutely necessary

Then don't get hacked, simple as that, you can just write it on a piece of paper, and then just keep it and make sure you don't lose it, that's all.

Chirimu

31 posts

Joined November 2015

Chirimu 2017-07-24T11:05:17+00:00

Faustas156 wrote:
Then don't get hacked, simple as that, you can just write it on a piece of paper, and then just keep it and make sure you don't lose it, that's all.

There only have to be a database leak and your account data can be compromised. Yahoo for example lost 1B user account details to hackers in 2013 including emails, passwords, telephone numbers, ... and then it's wayne if you wrote down your password.

autoteleology

763 posts

Joined October 2014

autoteleology 2017-07-25T19:23:31+00:00

Caleb Correa wrote:
Philosofikal wrote:
I don't really see the need. There isn't really much to gain from hacking an account and it should also be very hard to do if you have good password hygiene (use long random passwords + password manager like Lastpass).

It's a whole lot of hassle for very little reward.
Sorry, but you're a bit wrong, if you get to hack the pc that happens? Get your data hack your account, but what if the 2FA?

They hack your account and then what? Steal all your pp and osu!coins? What could anyone possibly have to gain by hacking your account?

2FA is something that should be reserved for things that actually need protection, like a Google, Facebook, or bank account.

Nathanael

Global Moderator

6,162 posts

Joined January 2013

Nathanael 2017-07-25T19:54:02+00:00

Adding 2FA in game itself is not really necessary and the e-mail verification is good enough. Securing your e-mail is also securing your account that uses it not just in osu! but also from other places you've registered. As I said before, use an e-mail service that provides these security measures.

-Makishima S-

2,434 posts

Joined August 2013

-Makishima S- 2017-07-25T21:13:36+00:00

Philosofikal wrote:
They hack your account and then what? Steal all your pp and osu!coins? What could anyone possibly have to gain by hacking your account?

2FA is something that should be reserved for things that actually need protection, like a Google, Facebook, or bank account.

----------------

Several people already made drama over this issue in reddit, calling out support + peppy himself for how they got nothing (afaik there was a guy who constantly complained for over 2 months before he got unbanned). As far as I remember, all cases was handled by Emphemeralis and this people got unbanned. Maybe support situation right now got better but you never know.

As it goes for PC - as far as you use Windows/IOS (especially IOS) it isn't hard to get access to your pc IF you don't use dedicated firewall/active malware scanner. Windows defender is worth jack shit and it is proven in every DEFCON Conference that person with enough knowledge and tools (which are open for everyone in internet) needs up to 10 min to get full access to your PC with basic security.

2FA is not only for "valuable" things but services which contain one or more information which may cause trouble to you. If service require your e-mail / real name / etc - it should have 2FA for security reasons.

Tbh if you use 2FA on your actual e-mail in term of confirming logging, not just recovering - email auth should be enough but I still don't trust it (yeah, I have trust issues).

Sign In To Proceed

Don't have an account?

Add 2FA to osu!

Endaris wrote:

Pawsu wrote:

Pawsu wrote:

Philosofikal wrote:

Caleb Correa wrote:

Philosofikal wrote:

Faustas156 wrote:

Caleb Correa wrote:

Philosofikal wrote:

Philosofikal wrote:

New reply