1. osu! forums
  2. osu!
  3. Feature Requests
  4. Completed Requests
This is a feature request. Feature requests can be voted up by supporters.
Current Priority: +0
show more
posted
You put a lot of effort in to being lazy.

Naturally these security measures wont do you any good if you don't use them effectively.
I've got two step authentication on my email as well, it's very unlikely to get stolen unless somebody gets hold of my phone, which is not happening.

As such I've effectively got phone authentication on my account on here as well, making it pretty secured even if somebody gets hold of my password. *

  • 1. Preventing account theft is not really a waste of the users time.
    Having staff dealing with people forgetting their passwords or losing their accounts when given plenty of options to secure them looks to me like a huge waste of time.

    2. Pretty sure it's not supposed to prevent account sharing. Fairly certain there are other measures in place to combat this.

    3. *

    4. As unimportant as my account may be, I still wouldn't want it stolen.

    5. This is just you being lazy and/or not using it effectively. In the year of 2016 do you yet still not have a phone capable of reading emails?

    6. Isn't supposed to combat multi-accounting either. Fairly certain there are other measures in place to combat this.

    7. There has been a few cases of people (me included) getting their accounts stolen.


A toggle off button can exist but in reality it's not as big of a deal as you make it out to be. If used correctly it will do you more good than harm.
posted
You just got a reply on your other unnecessarily long post on the help forums from Peppy himself. Sorry bud, better learn to use an email
posted

boat wrote:

You put a lot of effort in to being lazy.

Naturally these security measures wont do you any good if you don't use them effectively.
I've got two step authentication on my email as well, it's very unlikely to get stolen unless somebody gets hold of my phone, which is not happening.

As such I've effectively got phone authentication on my account on here as well, making it pretty secured even if somebody gets hold of my password. *

  • 1. Preventing account theft is not really a waste of the users time.
    Having staff dealing with people forgetting their passwords or losing their accounts when given plenty of options to secure them looks to me like a huge waste of time.

    2. Pretty sure it's not supposed to prevent account sharing. Fairly certain there are other measures in place to combat this.

    3. *

    4. As unimportant as my account may be, I still wouldn't want it stolen.

    5. This is just you being lazy and/or not using it effectively. In the year of 2016 do you yet still not have a phone capable of reading emails?

    6. Isn't supposed to combat multi-accounting either. Fairly certain there are other measures in place to combat this.

    7. There has been a few cases of people (me included) getting their accounts stolen.


A toggle off button can exist but in reality it's not as big of a deal as you make it out to be. If used correctly it will do you more good than harm.
1. It is a waste of time if the users are smart enough to keep their account safe on their own and don't want or need the feature.

2. Whew, that's a relief.

3. ?

4. Then why not be more careful with your passwords? More importantly, just because the feature is useful for you, why force it on others?

5. It's exactly that. Not only do I not have a smartphone, I do not have a phone WHATSOEVER. Because surprise, not everybody has the means for it. And now that you have talked about laziness. How hard is it to put a simple checkbox toggle into user profiles to enable disabling of an unwanted, un-needed and obnoxious security feature which disables the need for verification? Hint: not hard at all. You don't even need to be any good at scripting, some HTML and there you go, you have your toggle. All you need to do next is merely have that toggle ignore whatever script forces the verification. You don't need to write an entire script to disable the feature. Not implementing the toggle in the first place is lazy. Not wanting to do upwards of 20 verifications a month, is wanting more convenience. Surely, there is a difference.

6. A relief, as well.

7. There are also cases of people who are irresponsible enough to shoot themselves with their own gun due to forgetting to use their safety. But again, just because a few users are irresponsible enough to lose their accounts, must these security features for these irresponsible people be forced on everybody? Especially on users who have managed to keep their accounts perfectly secure without changing their password even once? All because they are responsible enough to not need handholding?
posted
wouldn't verifying your account be easier than making a second account? JS
posted

Kibbleru wrote:

wouldn't verifying your account be easier than making a second account? JS
You know, to be honest I'm starting to think he just wants to steal someone else's account. lol. Seems like a lot of work to just click a link on your email
jk jk
posted

Kibbleru wrote:

wouldn't verifying your account be easier than making a second account? JS
It is. Except when you don't upkeep your e-mail. And having a toggle to disable the verification once, is even easier than having to do upwards of 20 verifications a month if you primarily play out of internet cafes. Why such a toggle has not been implemented is beyond me.
posted

CFW Magic wrote:

Kibbleru wrote:

wouldn't verifying your account be easier than making a second account? JS
It is. Except when you don't upkeep your e-mail. And having a toggle to disable the verification once, is even easier than having to do upwards of 20 verifications a month if you primarily play out of internet cafes. Why such a toggle has not been implemented is beyond me.
i suppose, in your situation, it would be rather useful.
posted

CFW Magic wrote:

Why such a toggle has not been implemented is beyond me.
I think the main reason it hasn't been implemented is because your scenario is so unique that it hasn't been brought up before. I can see how that would be annoying, but it is still a measure of security that can save accounts from being taken.
I think a lot of time could have been saved if you just wrote that in the OP instead of all that other stuff
posted
lol @ the gun analogy, yeah gun laws are totally not a thing.

You need this feature in order to properly secure your account and the staff needs this feature to not have to deal with peoples accounts getting stolen.
Preventative measures are not a waste of time when they save a lot of it in the long run. The feature is useful to everyone if they put a minute or two in to setting it up correctly, and if you don't then you're the one wasting everyones time including your own.

You don't need a high end phone to be able to check your email on it. You could probably just skip going to internet cafés once a month and be able to pay for a plan with a decent phone.

CFW Magic wrote:

4. Then why not be more careful with your passwords?
Nothing wrong with my passwords, but security breaches happen. Two step authentication is a solid way to prevent problems.

CFW Magic wrote:

Wouldn't it be fair to let the users sacrifice their security for convenience, especially if they know what they are doing?
This would mean trading off the convenience of the staff so you can be lazy. Not particularly fair.
posted

Sandy Hoey wrote:

CFW Magic wrote:

Why such a toggle has not been implemented is beyond me.
I think the main reason it hasn't been implemented is because your scenario is so unique that it hasn't been brought up before. I can see how that would be annoying, but it is still a measure of security that can save accounts from being taken.
I think a lot of time could have been saved if you just wrote that in the OP instead of all that other stuff
I don't disagree that this security feature can indeed be useful, especially for users who genuinely have issues to keep their accounts secure. That is true. I'm not saying that it should be completely removed, it won't be anyway and I got over that. But why not toggle it? I mean, after all, if the user wants to remove it and understand the consequences, why still force them to go through this verification process? And if you want the used to be absolutely aware of their security, why not have the user to read and agree to terms which would claim that shall the user chose to disable this feature, they are the sole responsible for their security and as such security support will not be provided shall the account be stolen. Wouldn't it be fair to let the users sacrifice their security for convenience, especially if they know what they are doing?

EDIT: Good point. Added the precise explanation of my situation in OP.


@ Boat > Again, you seem to misunderstand my statement. This security feature is particularly useless in MY case, since I have kept my account secure for years. I never said that this feature is useless for those irresponsible users who can't keep their accounts secure, or those unlucky users who have no idea how to periodically maintain their computer safety to avoid possible viruses, keyloggers e.t.c.

But once more, why is this feature mandatory? It may not be a waste of time in everybody's case, but it is a waste of time in my case in more ways than one. Not only it literally wastes my time, as I often play out of internet cafes and thus switch computers often enough to have to verify each time, thus losing valuable playing time that I bought with REAL money. But it also wastes my time because I'm confident enough with security to not need a forced preventative measure. My account hasn't been stolen or lost once. This feature has zero use for me, as I simply do not get my accounts stolen or lost.

More importantly ... Are you seriously telling me to invest into a phone just to play osu? I don't need a phone. Whatsoever. At all. I don't have any money to waste for a smartphone either, even a low end one. More importantly, having a phone is a breach to my security and privacy, as government agencies here in France use these same phones to possibly track the user's location. Having a phone is a breach in security I can not allow myself to have.

EDIT: Have you failed to read my statement? The user disabling the feature would have to ready and accept terms which would claim that the staff hold no responsibility over accounts which disable the security feature and will not recover or assist the users with the feature disabled in any way. How would be the convenience of the staff be impeded, if they will not be recovering an account which is lost if it's verification feature is not enabled? The security staff wouldn't have to lift a finger. Or are you talking about the convenience of the programming staff who wouldn't have to implement a simplistic checkbox into the user profile? If the programming team is incapable of this, I will gladly write this simple checkbox myself in HTML and present the staff with it. Again, how is it an inconvenience, if the user explicitly acknowledges full responsibility and renounces the right to security support by disabling the feature?
posted
Oh I see what's going on here, sorry, I did not notice the tinfoil hat.

I'm done here lmao
posted

boat wrote:

Oh I see what's going on here, sorry, I did not notice the tinfoil hat.

I'm done here lmao
Pleased to see you go. I'm sorry that I faced you with too many valid arguments such as this one:

"The user disabling the feature would have to ready and accept terms which would claim that the staff hold no responsibility over accounts which disable the security feature and will not recover or assist the users with the feature disabled in any way. How would be the convenience of the staff be impeded, if they will not be recovering an account which is lost if it's verification feature is not enabled? The security staff wouldn't have to lift a finger. Or are you talking about the convenience of the programming staff who wouldn't have to implement a simplistic checkbox into the user profile? If the programming team is incapable of this, I will gladly write this simple checkbox myself in HTML and present the staff with it. Again, how is it an inconvenience, if the user explicitly acknowledges full responsibility and renounces the right to security support by disabling the feature?"

And that you had to resort to aim for my privacy preferences instead of responding with a constructive argument. As for tinfoil hats ... I'm also pleased to see that you are the kind of people who enjoys talking without knowing. Not only you do not live in France and are not aware of recent political and law events, but you also seem to believe you know it all. Please, inform yourself on latest developpements before making uneducated assumptions. Recent French emergency laws EXPLICITLY allow french law enforcement to go through your phones, plant bugging software on your cars, examine your social network activity and more. All of it without the authorization of a a judge. Do you even realize what kind of implications this is? It basically means that the law enforcement organizations can arbitrary have anybody spied upon, so long as they pull the excuse of "terrorist suspicions". Of course, you never knew any of this and I can't blame you for it, but must you talk and judge without knowing? Anyway, this is going off topic. Please feel free to come back and talk again, once you have an informed, educated and constructive opinion.

Here's a little example of actual information on French surveillance law, just to point out how quick you were to make an uneducated judgement about "tinfoil hats": http://www.recode.net/2015/11/14/116206 ... llance-law
posted

peppy wrote:

Sorry but this isn't up for discussion. It should only take around 20 seconds per new PC to complete verification, so I'm going to have to ask that you just deal with it. Do note that verification is only required under certain circumstances, for instance when you are attempting to change account settings. It is designed to be as non-intrusive as possible.

peppy wrote:

It's preventing bad things happening. It's called being cautious. It's present on most other services, including google, steam, facebook, microsoft accounts, apple to name a few.

It is not toggleable because users will turn it off without realising the implications and then bad things will happen. Recently there have been hundreds of accounts compromised each week due to people sharing passwords between services or using weak passwords in the first place. Adding one more step ensures that we aren't just relying on passwords any more.
Conversation thread: t/487371
Please sign in to reply.