Feedback: Mobile Two-Factor Authentication
I worry, because they intend it to work that way -_-
Here was me thinking ArenaNet was really getting their security act together. But then they threw the baby out with the bathwater. They reduced their “2-factor” authentication to “occasionally-2-factor, but mostly just 1-factor” authentication… such that:
- We can’t tell if it’s in place and working or not, except by logging in from a different address
- It assumes your PC can never be infected by remote access/control malware
- It assumes Mr Account Thief can never spoof your address
- It assumes your PC can never be physically accessed by other people in your building/campus/whatever
- It assumes nobody on the same network as you, will ever try to rob your account
I like security too, and I look forward to having a variety of authentication options once this solution is released.
In the meantime lets not forget this is beta.
Is there an alternative authentication program? Some of us, unfortunately, don’t use a mobile phone that is compatible with this type of app. For those of us who use our mobile phones for just calling, and do not have that capability, it’d be wonderful if this program, or a similar one, was available for our PC or maybe through a keychain device. (I know there are a few other games that offer keychain devices for a fee.) I would be happy to plunk down the money for a keychain authentication device or a software program for my desktop. The mobile phone option is just not viable for me (and possibly other customers?) at this time.
Or maybe I misunderstand and this is also a program for my computer?
Is there an alternative authentication program? Some of us, unfortunately, don’t use a mobile phone that is compatible with this type of app. For those of us who use our mobile phones for just calling, and do not have that capability, it’d be wonderful if this program, or a similar one, was available for our PC or maybe through a keychain device. (I know there are a few other games that offer keychain devices for a fee.)
Yes – I have successfully used gauth4win, a third-party Windows program, and I am now using a third-party USB key (YubiKey, costs $25). Read back through the posts in this thread for details.
The Mobile Two-Factor Authentication is not prompting me when logging into both the game and forums. I have checked my security settings and the feature is enabled.
I am having the same issue as Milamber.
This started occurring about a week ago.
Level 80 Guardian, Thief
Minions of Grenth, Jade Quarry
Solid so far. I have two-factor auth for all my online games now. Thanks ANet.
I am having the same issue as Milamber.
This started occurring about a week ago.
So, again, keeping in mind we’re in beta, and key-code not needed after x number of logins from the same IP being consistent with how Anet described possible usage options.
I do find it odd no one official has come by to reassure us this is a feature and not a bug, after two pages of the above.
The authenticator is no longer functioning as far as I can tell.
My account says its activated, but i never get asked for the code anymore.
edit – i also dont think its a ‘feature.’ i plugged in the wrong password, got the error, and then put in the correct password and it still never asked me for authentication.
if it was a feature, i would assume it would ask for authentication after a bad password attempt.
(edited by Fritz.5026)
if it was a feature, i would assume it would ask for authentication after a bad password attempt.
Not necessarily; of course a correct login will always be required but if your IP is “white-listed” you may no longer need to enter a code. (until it changes and if that’s how its designed)
Wish I could test this by moving my PC or installing GW2 on another PC, but thats not possible atm.
Perhaps someone here can try it and let us know.
Well whatever change they made to the code so that I didn’t have to authenticate every login (game AND website) …. didn’t work.
I’ve just had to authenticate twice, even though my IP is the same as it has been for the last 2 weeks.
if it was a feature, i would assume it would ask for authentication after a bad password attempt.
Not necessarily; of course a correct login will always be required but if your IP is “white-listed” you may no longer need to enter a code. (until it changes and if that’s how its designed)
Wish I could test this by moving my PC or installing GW2 on another PC, but thats not possible atm.
Perhaps someone here can try it and let us know.
I have done that.
I do not get prompted for the Mobile Authentication code if I log into these forums from my “home” network – because it’s a “remembered” network from using email authentication.
But I do indeed get prompted if I login from a different network.
Putting in the worng password doesn’t change any of the above.
Furthermore, I get the prompt from the other network every time - because although it uses the same remembered networks as email authentication… mobile authentication does not let you add new remembered networks.
In other words, it seems to be working as they intended (for me, at least). I’m just waiting for them to make that UI to let us delete remembered networks. So I can be prompted from mobile authentication every time, no matter what.
Thanks Keiko.
I’m still curious though.
Is the other network prompting you for a code because the mobile auth doesn’t allow multiple networks, or perhaps because whatever the criteria for white-listing hasn’t occurred.
And ya, I’m looking forward to a configurable UI as well.
Please give us the option to never remember a network when using the mobile authenticator. It takes away most of the security that an authenticator provides.
It’s only a matter of time before the hackers figure out how to get in from players’ usual networks, for example by dropping trojans with a proxying functionality. I’ll happily enter a code every single time I log in to not be at risk from that.
My Mobile Google Authenticator (iOS 6) works fine, however setting it up was a little cumbersome. The displayed QR code did not work, the authenticator would not accept it as a valid URI, I had to manually enter my email address and security phrase thingy to get it to work.
Maybe the QR code has a malformed URL that the Google Authenticator on iOS does not support.
Whiteside Ridge (EU)
Disabling authentication via the Account Recovery page is BROKEN
might want to fix that……..
I just saw that they plan to force you to change your password on a regular basis. I’d wish they’d just do that for people not using an authenticator. My password is safe enough and I’m only using it for GW2.
PS: I don’t want to try this now, but can you change the password here without entering another code or verifying the change by mail?
I just saw that they plan to force you to change your password on a regular basis. I’d wish they’d just do that for people not using an authenticator. My password is safe enough and I’m only using it for GW2.
Where did you see that? I am aware that they will force people one-time to change their passwords if they didn’t already. But on a regular basis? That’s sounds like a support disaster in the making!
Authentication is cool except for when it prompts you with ‘invalid username or password’ while in game and proceeds to autolog you even though there’s no security risk to be found.
Couple that with a fractal run which you CANT ENTER after a dc and my piss runs to a boil.
Might wanna work on that.
So I am a little confused with this. Am I suppose to get a verification code box when logging in thru the Guild Wars 2 client?
I logged in at my friend’s computer which had never been used to log in my account before, and it didn’t ask for authentication at all. I definitely have mobile authentication activated. Something seems off.
http://youtube.com/user/Royblazer
I logged in at my friend’s computer which had never been used to log in my account before, and it didn’t ask for authentication at all. I definitely have mobile authentication activated. Something seems off.
Is that friend using the same ISP as you and in the same city/region? The authentication checks by “networks”, i.e. pools of IP addresses labeled by ISP as belonging to a certain region/city/area. If your friend’s IP address is in the same pool, you won’t get an authenticator prompt.
I logged in at my friend’s computer which had never been used to log in my account before, and it didn’t ask for authentication at all. I definitely have mobile authentication activated. Something seems off.
Is that friend using the same ISP as you and in the same city/region? The authentication checks by “networks”, i.e. pools of IP addresses labeled by ISP as belonging to a certain region/city/area. If your friend’s IP address is in the same pool, you won’t get an authenticator prompt.
I checked with him. Different city, same ISP, different service. I can’t even disconnect any connections to my account, it just brings me to an error page.
With the rise of account hack threads popping up, I would rather have ANet revert the change that made it so it doesn’t ask for authentication from a remembered network.
http://youtube.com/user/Royblazer
(edited by Sera.6539)
I just installed this app and set up my account to have this but when I just logged into the game, nothing ever had me put in a code.
I just installed this app and set up my account to have this but when I just logged into the game, nothing ever had me put in a code.
Do you have your IP as a remembered network? If so, it won’t ask you at all. You cannot remove or change the remembered networks either, according to support.
http://youtube.com/user/Royblazer
Since I have not ever been asked to provide an authentication code for logging into the game or into the official forums from two different IP addresses, then it is obviously failing 100% to provide any security whatsoever.
Downloaded the app, and activated it on my account, and have confirmed that authentication for the account is active. It seems that my definition of ‘active’ is different than yours.
3 months and still in beta?
will this ever be released, what about, physical authenticators will they ever gonna be implemented?
Member of A Ordem
I decided to take the plunge tonight and set this up on my fairly recently acquired WP8 phone. I thought it was all setup as it said it was linked. But when I fired up the GW2 client, entered my password it’s not asking me for a code. I see from looking above this isn’t just me this is occurring.
Is this something that will be resolved soon? Because if it isn’t can I suggest deactivating 2 step authentication on accounts until the issue is resolved so at least we have the email authentication. Just a thought…
I’m digging it. Asks for a code when I log into my account every time it should and doesn’t when it shouldn’t (when I’ve told it to remember my network).
so I linked my account to the authenticator with the numbers generated on my smartphone.But when i log in it never asks the numbers(not that i’m bothered about that)
but is this because it knows i’m logging in from the same place?
I just linked my account. Works like champ.
The login pages will not ask for a code when you have selected “Remember this network” in the past (even prior to the 2-factor authentication feature).
I verified that the authenticator works by going into the “Security” page in Account Management and clicking on the Remove button next to my current network. Then logged out of the game. When logging back in, I got the prompt for the security code. Nice!
I verified that the authenticator works by going into the “Security” page in Account Management and clicking on the Remove button next to my current network. Then logged out of the game. When logging back in, I got the prompt for the security code. Nice!
Oh! They finally added the facility to remove “Remembered” Networks! THAT’S AWESOME!
Now people like me have the option to remove all remembered networks for TRUE 2-factor authentication (ie. authenticate at every login). And those who don’t take their account security quite so seriously, still have the option to have remembered networks. Excellent.
I’m sorry if someone else has already mentioned this – I was filling a bit too lazy to read all four pages to check.
I’ve found the authenticator to work well, and I’m one of the people who never toggles on the remember networks functionality so that I have true two-factor authentication.
My only issue so far has been the actual entry; that is, after you type in your username and password and press enter, the launcher doesn’t automatically set the cursor in the entry field for the authenticator code.
I can’t count the number of times I’ve tried to type in my code only to realize that the entry field wasn’t selected. If they could auto-set the cursor here after password entry it would be great.
There’s no option for Blackberry, please, make one!!!
[Quote]Life may not be fair, but at least we can make games fair.[/QUOTE]
2 factor authentication not working again, removed it than tried to add it again but says the new code I’m using is invalid.