I don't think an osu account needs to be secured that much. It's not as valueable as an email account/bank account etc.
Sorry, but you're a bit wrong, if you get to hack the pc that happens? Get your data hack your account, but what if the 2FA? Or if at least before changing the password or hotmail asked you for verification to do it because I do not ask even if I am with another pc or some other cell phone (my family) I see it absolutely necessaryPhilosofikal wrote:
I don't really see the need. There isn't really much to gain from hacking an account and it should also be very hard to do if you have good password hygiene (use long random passwords + password manager like Lastpass).
It's a whole lot of hassle for very little reward.
Then don't get hacked, simple as that, you can just write it on a piece of paper, and then just keep it and make sure you don't lose it, that's all.Caleb Correa wrote:
Sorry, but you're a bit wrong, if you get to hack the pc that happens? Get your data hack your account, but what if the 2FA? Or if at least before changing the password or hotmail asked you for verification to do it because I do not ask even if I am with another pc or some other cell phone (my family) I see it absolutely necessaryPhilosofikal wrote:
I don't really see the need. There isn't really much to gain from hacking an account and it should also be very hard to do if you have good password hygiene (use long random passwords + password manager like Lastpass).
It's a whole lot of hassle for very little reward.
There only have to be a database leak and your account data can be compromised. Yahoo for example lost 1B user account details to hackers in 2013 including emails, passwords, telephone numbers, ... and then it's wayne if you wrote down your password.Faustas156 wrote:
Then don't get hacked, simple as that, you can just write it on a piece of paper, and then just keep it and make sure you don't lose it, that's all.
They hack your account and then what? Steal all your pp and osu!coins? What could anyone possibly have to gain by hacking your account?Caleb Correa wrote:
Sorry, but you're a bit wrong, if you get to hack the pc that happens? Get your data hack your account, but what if the 2FA?Philosofikal wrote:
I don't really see the need. There isn't really much to gain from hacking an account and it should also be very hard to do if you have good password hygiene (use long random passwords + password manager like Lastpass).
It's a whole lot of hassle for very little reward.
----------------Philosofikal wrote:
They hack your account and then what? Steal all your pp and osu!coins? What could anyone possibly have to gain by hacking your account?
2FA is something that should be reserved for things that actually need protection, like a Google, Facebook, or bank account.
Just use Private Browsing on your chrome/firefox, it won't save your gmail in there now will it ? I don't think there's something really this big to riot about, same applies for osu.ppy.sh, just use private browsing.[Taiga] wrote:
----------------Philosofikal wrote:
They hack your account and then what? Steal all your pp and osu!coins? What could anyone possibly have to gain by hacking your account?
2FA is something that should be reserved for things that actually need protection, like a Google, Facebook, or bank account.
Several people already made drama over this issue in reddit, calling out support + peppy himself for how they got nothing (afaik there was a guy who constantly complained for over 2 months before he got unbanned). As far as I remember, all cases was handled by Emphemeralis and this people got unbanned. Maybe support situation right now got better but you never know.
As it goes for PC - as far as you use Windows/IOS (especially IOS) it isn't hard to get access to your pc IF you don't use dedicated firewall/active malware scanner. Windows defender is worth jack shit and it is proven in every DEFCON Conference that person with enough knowledge and tools (which are open for everyone in internet) needs up to 10 min to get full access to your PC with basic security.
2FA is not only for "valuable" things but services which contain one or more information which may cause trouble to you. If service require your e-mail / real name / etc - it should have 2FA for security reasons.
Tbh if you use 2FA on your actual e-mail in term of confirming logging, not just recovering - email auth should be enough but I still don't trust it (yeah, I have trust issues).
Faustas156 wrote:
Caleb Correa wrote:
Philosofikal wrote:
I don't really see the need. There isn't really much to gain from hacking an account and it should also be very hard to do if you have good password hygiene (use long random passwords + password manager like Lastpass).
It's a whole lot of hassle for very little reward.
Sorry, but you're a bit wrong, if you get to hack the pc that happens? Get your data hack your account, but what if the 2FA? Or if at least before changing the password or hotmail asked you for verification to do it because I do not ask even if I am with another pc or some other cell phone (my family) I see it absolutely necessary
Then don't get hacked, simple as that, you can just write it on a piece of paper, and then just keep it and make sure you don't lose it, that's all.
ObligatoryFaustas156 wrote:
Then don't get hacked, simple as that, you can just write it on a piece of paper, and then just keep it and make sure you don't lose it, that's all.
That concept image seems perfect to me.smh wrote:
with the verification check that goes to your emails, i feel like adding an external 2FA application support (using Authy and/or Google Authenticator) would solve a lot of hassle. not only adding a layer of security, i feel like it's just more convenient overall. i have seen some people having to do these email verification checks multiple times in a short span of time (myself included in the past), and i think putting this (optional) feature would help a ton.
thanks, i will track that <3abraker wrote:
There is an issue on osu!web: https://github.com/ppy/osu-web/issues/5163