League of Legends Dev Tracker

This depends on a service, and ones that have extensive 2FA support generally tend to not treat email address as enough authentication to do anything with the account - doing so would cause problem of having a single point of vulnerability to access everything, with potential problems being caused from bad email account security, security breach for email account provider, or domain registrar/DNS provider (for people using their own domain). Last time I checked, both Github, Google, Apple and Microsoft - with hardware 2FA (U2F or another authorized device) enabled and proper configuration - were still inaccessible even if you got full control of someone's email address.

This is true, a lot of services do better than Riot does in this regard. I think we might want to revisit the policy that your email is the key to the kingdom, but that is where we are right now, and that would be a far more broad-reaching change than enabling MFA.

...

So, I never want to say never, but we probably won't support U2F devices like Yubikeys for the time being. There are a lot of reasons for this that I can't get into here, but it's primarily that as of current U2F devices are not prevalent.

I think these devices make a lot of sense in scenarios where you are willing to distribute those devices to the individuals using them. I think it goes without saying that this is not an option at Riot's scale.

My opinion following - I do not have the power to effect this view across Riot:

If I had infinite time and resources, my focus would be on building security solutions into mobile phones, including taking advantage of Secure Enclave in iOS which is sort of similar to U2F. There are a lot of things we can do that provide a better user experience than what we have now that don't involve getting a dedicated hardware device.

I'm no oracle, but with the way tech is going, I think the bet that mobi...

Could you clarify? Do you mean that your email provider does not offer 2FA to it's customers? Or are you somehow encountering issues with MFA from Riot due to your email provider?

I would strongly recommend changing email provider if that is the case.

Hi, sorry for the late response. Most of my concerns with SMS are not actually based on security, but practicality.

• SMS hijacking/swapping attacks - it's relatively straight forward to break SMS 2FA for specific targets. This is the main security reason to not enable SMS 2FA but it's not something I am concerned about that much - The number of players that would be affected by this are miniscule. However, the people who would be impacted by it would be rather high profile and this would undermine trust in both Riot and the 2fa syste.
• SMS 2FA requires cell service. I live in the middle of a city and cell service is very patchy here. Some cell providers will also charge you for receiving automated texts, or you may need to pay a contract to have cell service at all.
• Phone numbers are an extra piece of tier 1 personal information we would need to collect. When designing a system, it's important to minimize the amount of personal information you need to ...

Do you wanna break that news to Faker, or shall I?

https://gol.gg/game/stats/35833/page-game/

The game rarely requires you build both - usually it doesn't go on long enough, or there's a different utility item you might want, but you can absolutely build void and shadowflame together

Either way, the point is that Viktor is not broken b/c of Lich Bane because he doesn't build it, and regardless of your thoughts on Shadowflame + Void, Viktor isn't really building LB to replace either of those

(not in that order)

Hi, just letting you know I've seen this and will reply when I can.

Hi, just letting you know I've seen this and will reply when I can.

Hi, just letting you know I've seen this and will reply when I can.

Hi, just letting you know I've seen this and will reply when I can.

I realise it's splitting hairs here but Facebook are not "selling" your phone numbers - they're not making them visible to other people. They definitely use contact numbers to determine who to connect you with and determine what interests you have from that.

It's rather moot though because as I've outlined elsewhere it's very unlikely we will support SMS MFA

• SMS - 99% likelihood will not be supported
• TOTP - I would consider it a core feature but I can't make promises on timelines, it's not my place to do that

If account security is a widespread problem and y'all want try to reach those people who 2FA would benefit more, ya'll could take a page from Jagex + Runescape who offer an incentive to all players who enable 2FA. Maybe some blue essense and a skin? Or something.

That was easier a few years ago but it's very difficult to make an incentive that would appeal to everyone. I'm not ruling incentives out but our immediate focus will be making the accessibility of stuff like this easier rather than trying to bait you into enabling it with skins.

I've really liked the idea of a unique skin that's only enabled if you have opted into MFA but this is expensive for one game, let alone all of them - and we would need to have something for all of them - and due to the nature of our games it's difficult to come up with an incentive that would appeal to many players; what's the point in a cool Braum skin if you only play top lane, for example?

Can't make promises about features but, yes, I would consider TOTP a core requirement

Yeah, sorry, I lumped that in with 'stay signed in'. I had major brain worms later on yesterday evening

Viktor's build is Crown into Shadowflame, Void, Rabadon, Zhonya and boots (not in that order). That might change with the Lich changes but right now, LB is not built on him except by 3% of all players (according to op.gg).

Love playing him but I'm not looking forward to the balance team hitting him over the head. All of my favourite mid laners are strong right now.. it does not bode well for my winrate in a few weeks x)

I've seen this a few times here, so to clarify: Weekly Wins have consistently awarded 1,000 tokens total over the past several events. The only difference is that the first 3 weeks used to award 230 tokens, and the final week awarded 310 tokens (again, for a total of 1,000 tokens).

We have made each Weekly Win mission award 250 Tokens to even that out, but it's still 1,000 tokens total.

Basically this. It's moving some of the shieldbow champs' power budget out of shieldbow and into other aspects of their kits/items.