1. osu! forums
  2. osu!
  3. Feature Requests

This is a feature request. Feature requests can be voted up by supporters.
Current Priority: +171
show more
posted
I think it's okay to put this security measure! Because the only security that has osu! At this time is verification of the email with the code! And I tested several computers and cell phones (which were mine and my family) to enter and change the password and the fourth attempt I started to ask for verification of the mail with the code! I think they should implement more security in osu like 2FA if Google has it because we do not? I worry on my own! For me, my account is more than gold! Since I spend money on it and buy things to improve my gameplay like graphics tablets and others! I hope to implement this! Thank you very much for reading greetings
posted
I don't really see the need. There isn't really much to gain from hacking an account and it should also be very hard to do if you have good password hygiene (use long random passwords + password manager like Lastpass).

It's a whole lot of hassle for very little reward.
posted

Philosofikal wrote:

I don't really see the need. There isn't really much to gain from hacking an account and it should also be very hard to do if you have good password hygiene (use long random passwords + password manager like Lastpass).

It's a whole lot of hassle for very little reward.
Sorry, but you're a bit wrong, if you get to hack the pc that happens? Get your data hack your account, but what if the 2FA? Or if at least before changing the password or hotmail asked you for verification to do it because I do not ask even if I am with another pc or some other cell phone (my family) I see it absolutely necessary
posted

Caleb Correa wrote:

Philosofikal wrote:

I don't really see the need. There isn't really much to gain from hacking an account and it should also be very hard to do if you have good password hygiene (use long random passwords + password manager like Lastpass).

It's a whole lot of hassle for very little reward.
Sorry, but you're a bit wrong, if you get to hack the pc that happens? Get your data hack your account, but what if the 2FA? Or if at least before changing the password or hotmail asked you for verification to do it because I do not ask even if I am with another pc or some other cell phone (my family) I see it absolutely necessary
Then don't get hacked, simple as that, you can just write it on a piece of paper, and then just keep it and make sure you don't lose it, that's all.
posted

Faustas156 wrote:

Then don't get hacked, simple as that, you can just write it on a piece of paper, and then just keep it and make sure you don't lose it, that's all.
There only have to be a database leak and your account data can be compromised. Yahoo for example lost 1B user account details to hackers in 2013 including emails, passwords, telephone numbers, ... and then it's wayne if you wrote down your password.
posted

Caleb Correa wrote:

Philosofikal wrote:

I don't really see the need. There isn't really much to gain from hacking an account and it should also be very hard to do if you have good password hygiene (use long random passwords + password manager like Lastpass).

It's a whole lot of hassle for very little reward.
Sorry, but you're a bit wrong, if you get to hack the pc that happens? Get your data hack your account, but what if the 2FA?
They hack your account and then what? Steal all your pp and osu!coins? What could anyone possibly have to gain by hacking your account?

2FA is something that should be reserved for things that actually need protection, like a Google, Facebook, or bank account.
posted
Adding 2FA in game itself is not really necessary and the e-mail verification is good enough. Securing your e-mail is also securing your account that uses it not just in osu! but also from other places you've registered. As I said before, use an e-mail service that provides these security measures.
posted

Philosofikal wrote:

They hack your account and then what? Steal all your pp and osu!coins? What could anyone possibly have to gain by hacking your account?

2FA is something that should be reserved for things that actually need protection, like a Google, Facebook, or bank account.
----------------

Several people already made drama over this issue in reddit, calling out support + peppy himself for how they got nothing (afaik there was a guy who constantly complained for over 2 months before he got unbanned). As far as I remember, all cases was handled by Emphemeralis and this people got unbanned. Maybe support situation right now got better but you never know.

As it goes for PC - as far as you use Windows/IOS (especially IOS) it isn't hard to get access to your pc IF you don't use dedicated firewall/active malware scanner. Windows defender is worth jack shit and it is proven in every DEFCON Conference that person with enough knowledge and tools (which are open for everyone in internet) needs up to 10 min to get full access to your PC with basic security.

2FA is not only for "valuable" things but services which contain one or more information which may cause trouble to you. If service require your e-mail / real name / etc - it should have 2FA for security reasons.

Tbh if you use 2FA on your actual e-mail in term of confirming logging, not just recovering - email auth should be enough but I still don't trust it (yeah, I have trust issues).
posted

[Taiga] wrote:

Philosofikal wrote:

They hack your account and then what? Steal all your pp and osu!coins? What could anyone possibly have to gain by hacking your account?

2FA is something that should be reserved for things that actually need protection, like a Google, Facebook, or bank account.
----------------

Several people already made drama over this issue in reddit, calling out support + peppy himself for how they got nothing (afaik there was a guy who constantly complained for over 2 months before he got unbanned). As far as I remember, all cases was handled by Emphemeralis and this people got unbanned. Maybe support situation right now got better but you never know.

As it goes for PC - as far as you use Windows/IOS (especially IOS) it isn't hard to get access to your pc IF you don't use dedicated firewall/active malware scanner. Windows defender is worth jack shit and it is proven in every DEFCON Conference that person with enough knowledge and tools (which are open for everyone in internet) needs up to 10 min to get full access to your PC with basic security.

2FA is not only for "valuable" things but services which contain one or more information which may cause trouble to you. If service require your e-mail / real name / etc - it should have 2FA for security reasons.

Tbh if you use 2FA on your actual e-mail in term of confirming logging, not just recovering - email auth should be enough but I still don't trust it (yeah, I have trust issues).
Just use Private Browsing on your chrome/firefox, it won't save your gmail in there now will it ? I don't think there's something really this big to riot about, same applies for osu.ppy.sh, just use private browsing.
posted

Faustas156 wrote:

Caleb Correa wrote:

Philosofikal wrote:

I don't really see the need. There isn't really much to gain from hacking an account and it should also be very hard to do if you have good password hygiene (use long random passwords + password manager like Lastpass).

It's a whole lot of hassle for very little reward.
Sorry, but you're a bit wrong, if you get to hack the pc that happens? Get your data hack your account, but what if the 2FA? Or if at least before changing the password or hotmail asked you for verification to do it because I do not ask even if I am with another pc or some other cell phone (my family) I see it absolutely necessary
Then don't get hacked, simple as that, you can just write it on a piece of paper, and then just keep it and make sure you don't lose it, that's all.
I'm sorry, but I still think you're wrong, I do not have to put a long password to avoid hacking or stealing my account or something, and you said you did not win a lot by hacking an account, it's not just that, maybe the hacker is envious of you or something and hack it to make you have a bad time or something, I think there are more options to protect the account much better, the 2fa is the best option
posted

Faustas156 wrote:

Then don't get hacked, simple as that, you can just write it on a piece of paper, and then just keep it and make sure you don't lose it, that's all.
Obligatory
Please sign in to reply.