Security Update (2FA)

Any important server news or announcements will be posted here.

Moderators: Lead Developers, Senior Lead Admins

Locked
User avatar
Mmartin
Head of Development
Head of Development
Posts: 7231
Joined: Thu Mar 01, 2012 10:05 pm
Ingame name: Lucas Foreman
Location: Basement

Security Update (2FA)

Post by Mmartin » Mon Nov 06, 2017 6:39 pm

Image


Introduction
Securing your account is one of these things you don't really pay attention to until it's too late. The process is usually tedious, you have to remember things and write them down, change your settings around periodically to stay safe and use many different methods to get into your account, often relying on third party services, such as emails. In effort to make security better and easier to understand at the same time, we're gonna talk about Two Factor Authentication today. We'll also go over the current security features on LS-RP and the changes that await them.

What is Two Factor Authentication?
Enabling Two Factor Authentication (2FA from here on) provides another layer of security to your account. It'll require you to provide a code generated by an application on your phone to prove your identity when logging in from a new device. This code changes every 30 seconds, making it practically impossible to guess.

How does that work? Why do I need to install a LS-RP App?!
The "Time-based One-time Password Algorithm" method for two-way authentication is a universal standard supported by many websites and services out there. You only need one application to generate codes for all your internet accounts that support it. Here's how it works in action:
  • Download a 2FA application for your mobile device. There's a few out there, I can personally recommend Authy (Android, iOS. protip: it has a Chrome extension too, if you don't want to reach for your phone when you need the app)
  • Visit our website here and enable 2FA for your account. This'll give you a QR code you can scan with your mobile application.
  • Scan the QR code and confirm it by providing the current six-digit code to the UCP when asked. I highly recommend writing down the "Secret code" the site gives you in case you lose access to the app or your phone, you can input this into your new phone manually without losing access to your LS-RP account.
  • Whenever you connect to the UCP or game with a new device or IP address, you'll be asked to write down the code that's currently displayed on your phone.
While this feature is in sort of a transition phase right now, eventually it'll replace some of the existing features, so it's in your best interest to familiarize yourself with it and set it up now. It is optional for players and mandatory for all staff accounts. 2FA is currently functional on the UCP and an in-game implementation will go live in the next update.

I lost/changed my phone, or don't have access to my application anymore. Is my account gone?
If you're getting a new phone, remove the 2FA from your account first. Set it up again on the new phone after you install everything. It also helps to write down the "secret code" given to you by the UCP when you're setting the 2FA up, this can be entered into the application manually (it's the same thing as scanning the QR code) and you'll be all set on your new phone/device. If you don't have access to your phone and didn't write the secret code down when setting it up, you'll have to make a ticket to get your issue resolved.

Keep in mind at no point we have access to any data on your phone, or your phone number. What you see is for your eyes only and provided by third-party applications (such as Authy) which work offline as well (your phone doesn't need to be connected to the internet to generate the six-digit, one-time code).

The concept is really simple and easy once you understand it. If you're having a trouble understanding it from what I wrote, you can always google "How does Two Factor Authentication work" or something similar.

Overview of Security Features

Currently, your account has the following security features:
  • Main account password - for when you need to log into the UCP.
  • Character passwords - individual password for each of your characters, used in-game
  • Secret word - second password you need to use when logging into your in-game account from a new device. This will be ignored when you have 2FA set up, and eventually the feature will be removed altogether.
  • Memorable word (+memorable hint) - you're asked for this when someone from staff needs to verify your account (for example on the ticket page). This will be likely removed soon and replaced with a more intuitive, automated system rather than a hint/answer combination.
  • Security question (+security answer) - used on the UCP when you need to change your password, memorable word or hint, or e-mail. Also used during recovery of your account. This might be replaced by 2FA to a certain extent, or reworked in the future.
Feel free to ask questions related to the topic at hand below.

Dmora
Civilian
Civilian
Posts: 15
Joined: Fri Aug 25, 2017 3:56 pm

Re: Security Update (2FA)

Post by Dmora » Mon Nov 06, 2017 6:50 pm

Is this obligatory?

r0yal
Wannabe Don
Wannabe Don
Posts: 1327
Joined: Sun Mar 03, 2013 7:47 pm

Re: Security Update (2FA)

Post by r0yal » Mon Nov 06, 2017 7:11 pm

Dmora wrote:
Mon Nov 06, 2017 6:50 pm
Is this obligatory?
It is optional for players and mandatory for all staff accounts.

User avatar
Simon_Throne
Gnag
Posts: 211
Joined: Fri Sep 02, 2016 8:23 pm

Re: Security Update (2FA)

Post by Simon_Throne » Mon Nov 06, 2017 7:14 pm

I like it

User avatar
Picky
Wannabe Don
Wannabe Don
Posts: 4970
Joined: Tue Nov 26, 2013 3:31 pm
Ingame name: [Mask 205713_83]
Location: Picky#6313

Re: Security Update (2FA)

Post by Picky » Mon Nov 06, 2017 7:15 pm

Amazing, thanks Mmartin! Just added myself, interesting :D

User avatar
0.0.0.0
Gangster
Gangster
Posts: 42
Joined: Wed Jul 13, 2016 8:07 pm

Re: Security Update (2FA)

Post by 0.0.0.0 » Mon Nov 06, 2017 7:33 pm

Thanks for the information! Will greatly improve security on LSRP.

User avatar
barneymk
BMW
Posts: 6034
Joined: Mon Oct 06, 2014 5:04 pm
Location: 828

Re: Security Update (2FA)

Post by barneymk » Mon Nov 06, 2017 7:33 pm

the update that nobody wanted, but good to see something is being worked on.

User avatar
0.0.0.0
Gangster
Gangster
Posts: 42
Joined: Wed Jul 13, 2016 8:07 pm

Re: Security Update (2FA)

Post by 0.0.0.0 » Mon Nov 06, 2017 7:34 pm

barneymk wrote:
Mon Nov 06, 2017 7:33 pm
the update that nobody wanted, but good to see something is being worked on.
Better than nothing tbh

NCIS
Wannabe Don
Wannabe Don
Posts: 990
Joined: Tue Mar 25, 2014 4:54 pm
Ingame name: Adriano_Gonzales
Location: Podgorica, Montenegro

Re: Security Update (2FA)

Post by NCIS » Mon Nov 06, 2017 7:39 pm

Very useful, thanks for going into details on the Two Factor Authentication. We all know these things have happened in the past, might as well get the security of our accounts to the maximum level.

Jeremy_Holden
Wannabe Mafia
Wannabe Mafia
Posts: 214
Joined: Tue Feb 16, 2016 12:44 am

Re: Security Update (2FA)

Post by Jeremy_Holden » Mon Nov 06, 2017 7:39 pm

barneymk wrote:
Mon Nov 06, 2017 7:33 pm
the update that nobody wanted, but good to see something is being worked on.
No one may have wanted it but it was needed, should've been implemented a while ago.

Definitely partaking.

User avatar
DeadlyMuffin
-= Don =-
-= Don =-
Posts: 472
Joined: Thu Dec 24, 2015 2:26 pm
Ingame name: Big Joey

Re: Security Update (2FA)

Post by DeadlyMuffin » Mon Nov 06, 2017 8:02 pm

barneymk wrote:
Mon Nov 06, 2017 7:33 pm
the update that nobody wanted, but good to see something is being worked on.

User avatar
$PARKY
Mafia
Mafia
Posts: 367
Joined: Sat May 13, 2017 11:13 pm

Re: Security Update (2FA)

Post by $PARKY » Mon Nov 06, 2017 8:11 pm

barneymk wrote:
Mon Nov 06, 2017 7:33 pm
the update that nobody wanted, but good to see something is being worked on.

Mackers
Wannabe Don
Wannabe Don
Posts: 2095
Joined: Wed Dec 23, 2015 7:18 pm

Re: Security Update (2FA)

Post by Mackers » Mon Nov 06, 2017 11:57 pm

the fuck is this my nigga

User avatar
Kane
Retired Administrator
Retired Administrator
Posts: 5539
Joined: Thu May 30, 2013 2:50 am
Contact:

Re: Security Update (2FA)

Post by Kane » Tue Nov 07, 2017 12:23 am

Definitely needed.

dom
Head of Support
Posts: 1808
Joined: Sun Jun 11, 2017 8:34 pm

Re: Security Update (2FA)

Post by dom » Tue Nov 07, 2017 12:27 am

All those complaining are pathetic. Gonna be funny when your shit gets hacked on day and you'll be like damn should've used this marvelous security update instead of complaining. On topic, thank you Mmartin.

Locked

Return to “Announcements”

Who is online

Users browsing this forum: No registered users