1. osu! forums
  2. osu!
  3. Feature Requests

This is a feature request. Feature requests can be voted up by supporters.
Current Priority: +171
posted

2FA
  • We all want security.
    But remembering or creating long passwords is really annoying and people are able to guess your password.
    So why not add 2FA to osu!

  • How do you use it?
    When you try to login into osu!, you simply copy this 6 digit code into a third field.


    You can use Authy or Google Authenticator to generate the code

    Discord, Teamviewer, Slack, Skype, Amazon and Google are allready having this feature.
    It should be optional of course.

    If you need more reansons why to use 2FA: Click Here or Ask Google
posted
No why.
That's a lot effort for no particular reward when you can just use a long+complex password and write it down somewhere in the analog world.
I had to type in my password for osu! not more than 5 times over the last 6 years thanks to auto-login functions so what.
posted

Endaris wrote:

No why.
Because it's more secure. In the case someone does manage to get hold of your password (or you share it with other accounts which may be compromised), said person can't get access to your account.

osu! already kinda has 2FA for some features, although it's through an email code rather than a code generator. I wouldn't mind seeing it as an alternative.
posted
Duplicate - please support the link provided in the thread and bump it with any ideas you might have.
I still think the Verification system is an already existing good alternate but I can see the reason for a more secure system.
posted

Pawsu wrote:

Duplicate - please support the link provided in the thread and bump it with any ideas you might have.
I still think the Verification system is an already existing good alternate but I can see the reason for a more secure system.
the provided link wants it over a email, this wants it over the Google Authentiactor app or Authy (or simelar apps/programs),
so not really duplicate
posted
Then I don't really see this even happening. We already have a verification system that won't let you do normal things until you verify it's you via a code sent your email and the /verify command in game. I think it would have been added already if anyone had plans on implementing it.
posted

Pawsu wrote:

Then I don't really see this even happening. We already have a verification system that won't let you do normal things until you verify it's you via a code sent your email.
Please note that some people have longer ways to get into their email inbox, like for example web.de, so instead of going to web.de (example), login with you password there, then search for the email, maybe wait for the email if their server a slow again, simply get your mobile phone out (or use the chrome extension of Authy) and copy the 6 digit code, which is way faster and easier.
posted
I don't think an osu account needs to be secured that much. It's not as valueable as an email account/bank account etc.
posted
Adding it as a possibility of using it if you want, I don't see why not, but if it gets planned one day, it will have a low priority, I think
posted
one of my mail accounts got compromised today subsequently they began resetting all my passwords for different services...

I use random passwords for every account but this was not enough.
PLEASE add 2FA as this would have been more protection needed at a critical time such as mine.

Thanks peeps.
posted
I bump this because nowadays there are many big leaks of email/pw lists on the web. They only have to get your email credentials and you're locked out of the game if you cant restore it someway. With this option you have a second, WAY MORE SECURE way of logging in (if something happens to your email account).
posted
I'm not sure if all e-mail services have 2FA support for their consumers but it should be best to move to a service that provides a great level of security (e.g. Google) so they can secure their accounts (and recover via e-mail) not just by 2FA but also by other means that are provided by them.
posted
I think it's okay to put this security measure! Because the only security that has osu! At this time is verification of the email with the code! And I tested several computers and cell phones (which were mine and my family) to enter and change the password and the fourth attempt I started to ask for verification of the mail with the code! I think they should implement more security in osu like 2FA if Google has it because we do not? I worry on my own! For me, my account is more than gold! Since I spend money on it and buy things to improve my gameplay like graphics tablets and others! I hope to implement this! Thank you very much for reading greetings
posted
I don't really see the need. There isn't really much to gain from hacking an account and it should also be very hard to do if you have good password hygiene (use long random passwords + password manager like Lastpass).

It's a whole lot of hassle for very little reward.
posted

Philosofikal wrote:

I don't really see the need. There isn't really much to gain from hacking an account and it should also be very hard to do if you have good password hygiene (use long random passwords + password manager like Lastpass).

It's a whole lot of hassle for very little reward.
Sorry, but you're a bit wrong, if you get to hack the pc that happens? Get your data hack your account, but what if the 2FA? Or if at least before changing the password or hotmail asked you for verification to do it because I do not ask even if I am with another pc or some other cell phone (my family) I see it absolutely necessary
posted

Caleb Correa wrote:

Philosofikal wrote:

I don't really see the need. There isn't really much to gain from hacking an account and it should also be very hard to do if you have good password hygiene (use long random passwords + password manager like Lastpass).

It's a whole lot of hassle for very little reward.
Sorry, but you're a bit wrong, if you get to hack the pc that happens? Get your data hack your account, but what if the 2FA? Or if at least before changing the password or hotmail asked you for verification to do it because I do not ask even if I am with another pc or some other cell phone (my family) I see it absolutely necessary
Then don't get hacked, simple as that, you can just write it on a piece of paper, and then just keep it and make sure you don't lose it, that's all.
posted

Faustas156 wrote:

Then don't get hacked, simple as that, you can just write it on a piece of paper, and then just keep it and make sure you don't lose it, that's all.
There only have to be a database leak and your account data can be compromised. Yahoo for example lost 1B user account details to hackers in 2013 including emails, passwords, telephone numbers, ... and then it's wayne if you wrote down your password.
posted

Caleb Correa wrote:

Philosofikal wrote:

I don't really see the need. There isn't really much to gain from hacking an account and it should also be very hard to do if you have good password hygiene (use long random passwords + password manager like Lastpass).

It's a whole lot of hassle for very little reward.
Sorry, but you're a bit wrong, if you get to hack the pc that happens? Get your data hack your account, but what if the 2FA?
They hack your account and then what? Steal all your pp and osu!coins? What could anyone possibly have to gain by hacking your account?

2FA is something that should be reserved for things that actually need protection, like a Google, Facebook, or bank account.
posted
Adding 2FA in game itself is not really necessary and the e-mail verification is good enough. Securing your e-mail is also securing your account that uses it not just in osu! but also from other places you've registered. As I said before, use an e-mail service that provides these security measures.
posted

Philosofikal wrote:

They hack your account and then what? Steal all your pp and osu!coins? What could anyone possibly have to gain by hacking your account?

2FA is something that should be reserved for things that actually need protection, like a Google, Facebook, or bank account.
----------------

Several people already made drama over this issue in reddit, calling out support + peppy himself for how they got nothing (afaik there was a guy who constantly complained for over 2 months before he got unbanned). As far as I remember, all cases was handled by Emphemeralis and this people got unbanned. Maybe support situation right now got better but you never know.

As it goes for PC - as far as you use Windows/IOS (especially IOS) it isn't hard to get access to your pc IF you don't use dedicated firewall/active malware scanner. Windows defender is worth jack shit and it is proven in every DEFCON Conference that person with enough knowledge and tools (which are open for everyone in internet) needs up to 10 min to get full access to your PC with basic security.

2FA is not only for "valuable" things but services which contain one or more information which may cause trouble to you. If service require your e-mail / real name / etc - it should have 2FA for security reasons.

Tbh if you use 2FA on your actual e-mail in term of confirming logging, not just recovering - email auth should be enough but I still don't trust it (yeah, I have trust issues).
show more
Please sign in to reply.