Sabess Posted January 21, 2023 Share Posted January 21, 2023 (edited) I've realized with the uptick in compromised accounts/attempts to breach accounts as of late that the MDC is kind of lacking in security. You need someone's password, but if you do have that, there's no two-factor authentication or any other method of security for the MDC specifically, which feels like an oversight considering the damage one can do to the whole server through the MDC if it's abused, rather than just to the hacked account specifically. Could we add some sort of additional security to it? Two-factor authentication, an additional PIN not connected to the account itself, something like that? It would reduce the damage one can do if they hack a player's account. Honestly, there should also be two-factor authentication for logging in in-game, which currently there is not, but that's a separate issue. Edited January 21, 2023 by Sabess 1 1 Link to comment
i dont wanna od in LA Posted January 21, 2023 Share Posted January 21, 2023 Good idea honestly. @Biscuit you could maybe take a look at this. Link to comment
LizziePup Posted January 21, 2023 Share Posted January 21, 2023 If cell phones can have it without issue, I don't see why it couldn't be added to much more sensitive data. +1 Link to comment
Kari Posted January 21, 2023 Share Posted January 21, 2023 with the whole 'ur account ur responsibility' thing, this is.. kinda important. account hacked, MDC abused, LFM banned & LEO fac banned all being 'ur fault' because MDC doesn't have 2FA isn't pog. Link to comment
sky~ Posted January 21, 2023 Share Posted January 21, 2023 (edited) 8 hours ago, Sabess said: I've realized with the uptick in compromised accounts/attempts to breach accounts as of late that the MDC is kind of lacking in security. You need someone's password, but if you do have that, there's no two-factor authentication or any other method of security for the MDC specifically, which feels like an oversight considering the damage one can do to the whole server through the MDC if it's abused, rather than just to the hacked account specifically. Could we add some sort of additional security to it? Two-factor authentication, an additional PIN not connected to the account itself, something like that? It would reduce the damage one can do if they hack a player's account. Honestly, there should also be two-factor authentication for logging in in-game, which currently there is not, but that's a separate issue. There's 2FA ingame, but not on mdc. Edited January 21, 2023 by sky~ Link to comment
Thekillergreece Posted January 21, 2023 Share Posted January 21, 2023 In favor for 2FA in MDC. Link to comment
Jorgensen Posted January 21, 2023 Share Posted January 21, 2023 (edited) Definately in favour, or make it so your password has to be different from your UCP/Ingame password at least. Edited January 21, 2023 by Jorgensen Link to comment
Paenymion Posted January 21, 2023 Share Posted January 21, 2023 I personally would not be in favour of forcing 2fa upon every single person who can access MDC. Separate password or a pin would be fine though. Link to comment
Biscuit Posted January 22, 2023 Share Posted January 22, 2023 i'll work on this next week. 3 Link to comment
Biscuit Posted January 31, 2023 Share Posted January 31, 2023 biscuit that's not writing at 3am here. I've just looked at the code that processes OTPs for UCPs and ugh. This will take some more time then anticipated, given that I don't wanna fuck about and break security-related implementations for the MDC. I'll sort it out but no ETA as of yet. 1 Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now