Hi everyone,
To maintain the security and integrity of accounts, we are modernizing how both web and game logins are handled.
From Monday, 18 September at 22:00, if you do not already have Email Two-Factor Authentication or Google Two-Factor Authentication and In-game protection enabled, you will be prompted to enter a code when logging in. This code will be sent to the email address that's currently attached to your account.
The "in-game protection" setting will also be removed.
Overall, this system will function similar to other services. Once you've entered the required code to log in, you will not be prompted again unless you are connecting from a different location.
This change affects all accounts and will be a requirement to log in.
You can review your current email by logging into the website and visiting My Account.
Emails can also be updated within the Settings page.
---------------
Frequently Asked Questions
I'm not receiving any emails
Authentication emails may be slightly delayed during peak times.
If after a minute you haven't received the code, double check your emails Spam or Junk folders as it may have been filtered there.
If still no authentication email has been received, we recommend double checking you're logged into the same email as the one displayed within the My Account section of the website. You could also update your accounts email to a new one as your email service provider may have incorrectly labelled the email as spam.
Invalid code?
Ensure that you do not close the authentication request when logging in. Simply log in and when greeted with the authentication request, navigate to your email and then copy paste the newly sent code in without closing the request.
Repeatedly restarting the authentication process will cause the previous code to expire.
I have lost or forgotten my email and cannot access my account
Simply email us directly for assistance - [email protected]
It's helpful if you include anything you recall surrounding the account to assist us in verifying your ownership in a timely fashion. Such information includes but is not limited to:
- Account or Forum username (not passwords).
- Current email or a guess if you have forgotten
- Character information
- General account history. For example, "I claimed the holiday gift on my Paladin back in 2018, maybe 2019?"
- Country where you connected or registered from
You may also include a new email address that you would like your account to be updated to. If we have enough information, we'll be able to update your account immediately without the need for further verification.
---------------
Update #1:
The system has been re-enabled, the sending of codes should now be instant, regardless of volume.
We may enable the use of non-gmail emails over the coming days.
We will also introduce a username changing system, for those that receive a lot of suspicious TFA requests.
As someone mentioned, this is indeed a forced-2fa change, as with most modern platforms, security is paramount.
This is a step to bring us in line with other services, reduce our overheads for account compromise support and overall increase account security which is our #1 priority right now with recent compromising waves.
Regardless of players dislike for the system, It is a step in the right direction. The alternative is 'Bot Network' bans continue due to large target on our back, slower support due to amount of attention given to compromised accounts and restoring as much as possible for the player, following the hot-potato like movement of stolen items, gold, coins, characters between hundreds of accounts and so on.
Update #2:
Restrictions on what emails can be used have been lifted, this allows using your desired email provider.
Restrictions on usage of "." and "+" have also been lifted, allowing the use of the same email through gmail for multiple accounts for example.
-
Drink Man
Account security improvements
-
Overwatcher
How? You need an email to create the account, and it's also used for any sort of recovery. Not having access to the email you used to register is negligence on your side and that you should fix, not something we should take into account.
It's a similar case with sharing accounts. We don't support that, and, although not really heavily enforced, it's against our rules for an account to be shared. If you decide to do it anyway, it's on you how you will deal with any updates we implement that might get in the way, not on us to tweak any of it.
-
Field Medic
It's a minor inconvenience at worst. This is an industry standard. I don't think we'll be apologizing for heightening our community's account security.
Phone is the default for many people regarding such systems, but email is and has always been an alternative. Going forward, you might see that sort of integration. But for now, email is what we'll be using. Seeing as how you had to use an email to register your account, this shouldn't be an issue.
You speak about crappy updates, but you know what also gets constantly updated? Methods used to steal your information.
-
Member
At what point did anyone say we're forcing the use of email? It's simply going to your email if you don't already have it set up, it's not like we can enable 2fa with the app and inject your unique key into your phone or whatever you're using.
-
Field Medic
Also, "yeah that other guy has a point!"
The two of you have the exact same IP.
Imagine using an alt account to agree with yourself.
-
Overwatcher
Additionally on top of what Mercy stated, that's an user-created issue that these supposed email-less players should have fixed when it happened. We shouldn't and won't base our security decisions on players being imprudent with their registration email like that. It's them who should take the chance as a nudge to correct that mistake.
-
Member
Someone didn't read.
-
Field Medic
It's not "illegal". Also account sharing has been addressed by our TOS since day 1. Additionally, this change has nothing to do with what you consider to be "account sharing".
If checking your email one time is enough to get you to leave, then I'd argue you weren't very much attached in the first place.
-
Rock n' Roll Racing Champion
This is going to be really annoying for those who have a dynamic IP address.
-
Member
While I don't have access to the logs to run the numbers, but if you take out the people using VPNs or other systems to obfuscate their "home" IP address, I'd say that 90-95% of the remaining playerbase's "home IP" stays the same for at least a week. I'd also say around 75-80% stays the same for more than a month.
If 25% of the players have to check their email once a month to authenticate...and 10% once a week...I don't think that's a major hassle. Not for the added "I still have access to all my accounts" check.
-
Field Medic
We made that change a number of years ago because many of the other e-mail providers were unreliable for a number of reasons. Reasons that would include, but not limited to, deletion for inactivity, slow delivery of mails, irregularity of whether an email actually gets received.
-
Forum Veteran
I'm not sure where you got those ideas.
As the original post says if you do not already have Email Two-Factor Authentication or Google Two-Factor Authentication and In-game protection enabled, you will be prompted to enter a code when logging in. (Authentication and In-game protection will be enabled for you)
The "in-game protection" setting will also be removed. (You won't be able to disable in-game protection)
-
Member
This FAQ probably should have been included on this thread:
https://forum.warmane.com/showthread.php?t=325532
But can anybody confirm whether the Google authenticator app can be used for multiple accounts? I multibox and I'd prefer the app over email, but I don't know if it can work for 5-10 accounts.
-
Member
It does work, I play multibox as well and I'm using the google authenticator inclusively for all my login codes.
-
Forum Veteran
Switch over to google authenticator instead of email verification, you can get authenticator app on your phone and you can also get authenticator browser extention, with it a code is always instantly available to you.
