devtrackers.gg
Hi all. Apologies for the lengthy delay in an update concerning account security. Here we have an update from the web team and the player support team.
In this comment I'll be maintaining an FAQ in order to help information sharing. I've pre-empted some questions from you all just to kick things off...
Why aren't you doing an Authenticator Delay?
An Authenticator delay won't solve things like your email account being compromised by a hijacker, and in the event you'd get hijacked, it could keep you out of the game for longer. We've opted instead to proceed with backup codes as described in the blog.
What happens if I lose a backup code?
You'd have to manually contact the Player Support team. A lot of the reasoning behind your request for an Authenticator delay was to ensure that you'd have time to counter any hijacking attempt. That's why we're going to ensure that no action is taken for at least 72 hours upon receiving the appeal.
All you're doing is telling us that nothing has happened yet, but it will soon. / Why has it taken so long for nothing to happen?
At the beginning of the blog we explained that we've been subject to a sustained multi-month attack on our servers. The work needed for account security is the top project priority for the web team, but ensuring the game is kept online is our number one concern. That's meant that work for other projects has been pushed back.
You said it's coming in 2020, but when in 2020?
We want to implement these updates as soon as possible. The work to implement the security features is our top project priority. We're unable to offer a more precise timeline, because as we mentioned the work has already been pushed back in order to defend from sustained multi-month server attacks.