Jump to content

Increased MDC Security


Sabess

Recommended Posts

I've realized with the uptick in compromised accounts/attempts to breach accounts as of late that the MDC is kind of lacking in security.

 

You need someone's password, but if you do have that, there's no two-factor authentication or any other method of security for the MDC specifically, which feels like an oversight considering the damage one can do to the whole server through the MDC if it's abused, rather than just to the hacked account specifically.

 

Could we add some sort of additional security to it? Two-factor authentication, an additional PIN not connected to the account itself, something like that? It would reduce the damage one can do if they hack a player's account.


Honestly, there should also be two-factor authentication for logging in in-game, which currently there is not, but that's a separate issue.

Edited by Sabess
  • Upvote 1
  • Applaud 1
Link to comment
8 hours ago, Sabess said:

I've realized with the uptick in compromised accounts/attempts to breach accounts as of late that the MDC is kind of lacking in security.

 

You need someone's password, but if you do have that, there's no two-factor authentication or any other method of security for the MDC specifically, which feels like an oversight considering the damage one can do to the whole server through the MDC if it's abused, rather than just to the hacked account specifically.

 

Could we add some sort of additional security to it? Two-factor authentication, an additional PIN not connected to the account itself, something like that? It would reduce the damage one can do if they hack a player's account.


Honestly, there should also be two-factor authentication for logging in in-game, which currently there is not, but that's a separate issue.

There's 2FA ingame, but not on mdc.

Edited by sky~
Link to comment
  • 2 weeks later...

biscuit that's not writing at 3am here.

 

I've just looked at the code that processes OTPs for UCPs and ugh.

 

This will take some more time then anticipated, given that I don't wanna fuck about and break security-related implementations for the MDC. I'll sort it out but no ETA as of yet.

  • Upvote 1
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...