It isn't ideal but is it planned to be changed (to only one 2FA on a set computer/location) or is it gonna stay like this?
I'm not sure what the long term plan is at the moment when it comes to remembering devices. There will be an official article coming out with more information sometime soon and I'd recommend checking that.
No thanks, im not that stupid to lose my account nor put simple or leaked password that are in password dictionaries
If I got compromised to this in 2016, you are absolutely capable of being pwned by it too.
Bitwarden is a good one I recommend. Otherwise Dashlane and LastPass are staples, not sure if LastPass allows for mobile and desktop sync or if you have to pay for that.
I use BitWarden in my personal life. It's alright. The autofill is a bit flakey on Android though.
Not trying to be hostile but what makes Riot better equipped now about MFA when lots of other gaming companies before seemed to be able to implement their versions of it just fine? Even more comprehensive versions too (at least for now).
Lots of reasons. Off the top of my head:
Shoutout to some random Riot security worker who a few years ago told me that League doesn't have and/or need 2fa because "it would annoy some players".
Hi.
I am that security worker, and that is not what I said. :) I do not believe I have ever said or implied that MFA is not necessary or something that Riot should implement, but I am the primary person within our team that has engaged on social media.
What I stressed back then was that MFA would likely not be enabled by players who need it the most, and would only really be enabled by people who would not benefit from it - Since the odds are that if you'll engage with a security measure without an incentive, then you're probably doing pretty good for security already.
That still stands. MFA will prevent a lot of attacks we see, but most of the attacks we see will be on players that are not and will not engage with security measures, and that is always going to be a challenge for us. The problem is that implementing something on this scale requires a large amount of investment that might be better spent elsewhere. If we're going into it knowing that it might...
Read moreThey're a meme that you have use Reddit and Twitter to get.
Ceci n'est pas une pipe.
Fun fact, a lot of those other places that use mobile identification have given your number to telemarketers.
not if they operate in the EU they don't
Wait, did they really say they needed more time to develop a rollover system? I don't pretend to know alot about game design and coding. But seriously how hard is it to carry a f**king number over to the next line?
It's not that it's hard to fix - it's that it's risky to deploy during a release train that is well underway right before a major holiday (Lunar New Year) on a global game with tens of millions of players.
That being said, we have identified a fix for overspill and aim to have it ready for the event after Lunar Revel 2022.
Hey, sorry for asking, but is this event pass would be the last with 2020 prestige points? Or there will be one more?
Yes, last event with Prestige Points.
Anyone know if enabling this will make you use 2FA every time you open league from the same computer?
Or is it just for new locations?
You will need to go through the prompt every time you log into the Riot Client - If you tick 'stay signed in', then you don't have to worry.
This is usually not a problem, but if you have multiple accounts, this might not be ideal. I would still recommend enabling it.
Yeah. I am starting to switch everything to a password manager. I lost my friends list cause someone got in my Riot account.
You guys are one of fewer and fewer services left where someone can log in from a new location and change their email address without any kind of mobile verification.
If you have a verified email address, it is not currently possible to change your email address without demonstrating you have access to the original email address; the account management portal has had two-factor authentication like this for quite some time.
We could add mobile verification to that, but like I said, our current policy (which is in line with most other services out there) is that if you have access to the email address of the account holder, you are the account holder. It also does not sit well with me personally that we would be required to collect your phone number, or that you need a smart phone, in order to benefit from a core security measure.
That said, if you don't have your email verified, yes, this is a big problem. We will revisit the scope of this problem in the future to see if we can't shift more players to have verified emails.
Why would anybody care enough about a league account to 2FA it
Emotional and time investment aside, as others have covered, accounts that are botted/scripted/sold - you get the idea - are overwhelmingly accounts that are compromised by someone.
Enabling MFA helps make your own account secure, but additionally, every account secured with MFA is one less account that is significantly less likely to get compromised and sold to someone who wants to script, bot, or be super toxic in games.
Wish we could use mobile authentication, so I don't have to put a secure password on my email account.
As things stand, your email account is the keys to the kingdom to your account, and this would not change even if we introduced mobile based authentication, or if you used OAuth. You should use a secure password and two factor authentication on your email.
If you don't wanna juggle multiple passwords like this, I would recommend using a password manager so you only have to remember one good one.
awesome, got it
looks like only email 2FA right now tho
Yes, for the time being this is only email MFA.
How does one make banger 2FA memes?
It's not something that can be taught, sorry
also who said they were 2fa memes?
Woah is the void pic new, I don't recall seeing it in season start since I only remember you getting possessed (was hilarious btw)
yeah well it was like superimposed while i was being possessed so it was kind of hard to make out
will there be more than email option in the future ?
At this time, I don't want to make any promises about future features.
hey dan i am ready for your memes
👉😎 👉
i was hoping no one would notice until i got my banger memes ready
y'all noticed this a bit earlier than we had anticipated, so the Learn More link is broken on the page. coming soon. promise!
we'll have a more official post coming soon as well. like i said, we weren't expecting it to be noticed, but y'all are observant
hey dan i am ready for your memes
It might have slipped by if not for the giant banner that popped up when I logged in.
hey i made that banner
devtrackers.gg