EA improves security by ensuring nobody gets into your game
-
For a good number of years, I’ve been spending a couple of minutes per day playing The Simpsons: Tapped Out. This game has the annoying habit every so often of logging you out, so I wasn’t too surprised to see that happen today as well.
However, it turns out EA changed the login procedure, apparently to improve security. Rather than the e-mail address and a password it used to require, the game now asks only for the former and then for a code it e-mails to you.
They don’t appear to have tested this at all.
Unless, of course, you complain … I couldn’t get it to work at all, the game kept sending me around a circle of address, get code, copy or type code, have it refused.
Then I came here to type this message, went through it one more time to get the facts straight, and — what do you know? The code worked this time!
-
@Gurth said in EA improves security by ensuring nobody gets into your game:
However, it turns out EA changed the login procedure, apparently to improve security.
What sort of security does a mobile game require? Just bind the thing to the system account (whether that's Google or Apple) and you're done; keeping logins secure (such as they are) is then someone else's problem…
-
Solution: Make single-player games without online functionality. No accounts required!
Also on topic: Trying to remember what moron login system that sent me in circles without logging me in recently. Was highly annoying.
-
@dkf said in EA improves security by ensuring nobody gets into your game:
Just bind the thing to the system account (whether that's Google or Apple) and you're done
$BIG_CORP using $OTHER_BIG_CORP's infrastructure?
Probably prevents them from tracking you somehow. Maybe won't get your email address.
-
Some person experiencing the same problem said:
The code to be entered has a time limit, so you have to hurry up before it expires! However, in my humble opinion, the fault lies in the fact that, to read the email with the code, you leave the application for a short time and this is not tolerated. To solve, temporarily, hoping EA solves the problem or rather, eliminates this ABSURD new login method, you need to help yourself with a PC or any other method that allows you to read the email with the code, without leaving the game screen.
I understand the security reasons that led to this decision, ...
I don't. What is the worst that can happen here? Someone hacks your account and then plays your game?!? Much wow, very dangerous.
I get asked by UPlay's retarded loging every time to "enable 2FA for security hurr durr" and all I can think is "get rekt, stop forgetting my password, and why the fuck do you need to be online in the first place?!"
I hate 2FA for things that don't need it. All it does is either 1) grab additional private info in the name of security (google, facebook) or 2) create a higher risk of locking yourself out even though you have the login credentials.
-
@topspin said in EA improves security by ensuring nobody gets into your game:
I hate 2FA for things that don't need it.
I'd mind it less if they could integrate into an existing system. Most don't need to SMSs me shit, Google Authenticator or whatever would be sufficient (if still somewhat annoying). But we're back on relying on somebody else's infrastructure. Still, SMS beats having to install yet another shitty app, so it could be worse.
I guess I see 2FA somewhat favourably ATM, since I recently got asked to provide my place of birth and my mother's maiden name (or whatever) as "(in)security questions" in case I lose my password. That fucking shit has no place in 2021. (Hello there important government functions and banking systems, I'm looking at you.)
-
@topspin said in EA improves security by ensuring nobody gets into your game:
I don't. What is the worst that can happen here? Someone hacks your account and then plays your game?!?
And changes the details and locks you out.
Which if the same account is for lots of games (Origin, UPlay etc) is a big problem.
-
@loopback0
Certainly if you paid for it and even more if there is reselling value for those accounts
-
@loopback0 said in EA improves security by ensuring nobody gets into your game:
And changes the details and locks you out.
This wouldn't be a problem if I didn't have to login to play single player games ...
But I don't know if it applies for the game in question, so ok.
-
@topspin
there is a vague make this a social game!-thing but it's mainly single player
-
@Atazhaia said in EA improves security by ensuring nobody gets into your game:
Also on topic: Trying to remember what moron login system that sent me in circles without logging me in recently. Was highly annoying
try
https://www.thelancet.com
It says you can create a free account. But it won't work. And when you click the "forgot password" link, it won't know your email address either.
-
@cvi said in EA improves security by ensuring nobody gets into your game:
Most don't need to SMSs me shit, Google Authenticator or whatever would be sufficient (if still somewhat annoying). But we're back on relying on somebody else's infrastructure.
Did you know that SMSs are also done using someone else's infrastructure?
-
@dkf Yeah, was going to comment on that, but for some reason EA et al. seem to think that Google / Facebook / ... = competition, whereas $CARRIER isn't. Not arguing that this makes sense.
After all, it's doubtful Google could not-cancel a project long enough to produce an actual game.
-
@cvi said in EA improves security by ensuring nobody gets into your game:
After all, it's doubtful Google could not-cancel a project long enough to produce an actual game.
Google's idea of gaming is spread betting on the lifetime of projects…
-
@Atazhaia said in EA improves security by ensuring nobody gets into your game:
Trying to remember what moron login system that sent me in circles without logging me in recently. Was highly annoying.
That happens when I try to get my paystub from the corporate overlords in Firefox. Only works in Edge.
-
@dcon said in EA improves security by ensuring nobody gets into your game:
@Atazhaia said in EA improves security by ensuring nobody gets into your game:
Trying to remember what moron login system that sent me in circles without logging me in recently. Was highly annoying.
That happens when I try to get my paystub from the corporate overlords in Firefox. Only works in Edge.
I have one thing that I only use because of Covid, a French site for discussing stuff with your doctor (instead of seeing him/her in person(1)). It can also do video conferencing between the patient and the doctor, but ...
- It requires a camera on your PC, duh. (OK, I do actually have one, but I got it only recently and for other reasons.)
- The video conferencing part only works correctly on Chrome.
- On Edge, it almost works (I could see my doctor, and Edge asked to use the camera, and I could see myself, but my doctor could not.)
- On Firefox, it didn't work at all.
- I refuse on principle to use Chrome.
- Facetime works just fine instead.
- Facetime it is, then.
Yeah, this feature was more broken on Firefox than on Edge.
(1) A doctor's office and waiting room are naturally full of, um, er, sick people. At the beginning of the Covid process, my doctor recommended using this site instead of an in-person visit in order to renew my insulin and stuff prescriptions.
-
@Gurth said in EA improves security by ensuring nobody gets into your game:
For a good number of years, I’ve been spending a couple of minutes per day playing The Simpsons: Tapped Out. This game has the annoying habit every so often of logging you out, so I wasn’t too surprised to see that happen today as well.
However, it turns out EA changed the login procedure, apparently to improve security. Rather than the e-mail address and a password it used to require, the game now asks only for the former and then for a code it e-mails to you.
They don’t appear to have tested this at all.
Unless, of course, you complain … I couldn’t get it to work at all, the game kept sending me around a circle of address, get code, copy or type code, have it refused.
Then I came here to type this message, went through it one more time to get the facts straight, and — what do you know? The code worked this time!
I've had issues like this with places that take too long to send the code. You ask for a code, you don't get it in a few mins, you ask for a new one, then the first one comes in, you try it, it doesn't work, you ask for a new one, the second one comes in, etc, etc.
-
@dangeRuss said in EA improves security by ensuring nobody gets into your game:
I've had issues like this with places that take too long to send the code. You ask for a code, you don't get it in a few mins, you ask for a new one, then the first one comes in, you try it, it doesn't work, you ask for a new one, the second one comes in, etc, etc.
The one I always see is Android apps that ask for 2FA, but when you background them to retrieve the code, they forget where they were in the process.
-
@error said in EA improves security by ensuring nobody gets into your game:
@dangeRuss said in EA improves security by ensuring nobody gets into your game:
I've had issues like this with places that take too long to send the code. You ask for a code, you don't get it in a few mins, you ask for a new one, then the first one comes in, you try it, it doesn't work, you ask for a new one, the second one comes in, etc, etc.
The one I always see is Android apps that ask for 2FA, but when you background them to retrieve the code, they forget where they were in the process.
Definitely sounds like someone was testing on a simulator and never tested on an actual phone.
Some of the funny ones are the JPMorgan Challenge that they did last year using an app, except the app kept crashing and restarting, and so you basically had to submit your own time.
Another one is Geico, which is supposed to spy on your driving (in exchange for a discount), but doesn't work if you have power save mode on. I think power save mode may have been the problem with the JPMorgan app as well.
-
@dangeRuss said in EA improves security by ensuring nobody gets into your game:
Another one is Geico, which is supposed to spy on your driving (in exchange for a discount)
Welcome to 1984.
-
@topspin said in EA improves security by ensuring nobody gets into your game:
@dangeRuss said in EA improves security by ensuring nobody gets into your game:
Another one is Geico, which is supposed to spy on your driving (in exchange for a discount)
Welcome to 1984.
I like my discounts. Just like my free donuts/cheesecake on a stick for getting a vaccine.
-
@dcon said in EA improves security by ensuring nobody gets into your game:
works in Edge[dubious]
-
@dangeRuss said in EA improves security by ensuring nobody gets into your game:
I've had issues like this with places that take too long to send the code. You ask for a code, you don't get it in a few mins, you ask for a new one,
Or T-Mobile decides to just not deliver the text, and then a half-hour later delivers all 4 or 5 at once.
-
@dangeRuss said in EA improves security by ensuring nobody gets into your game:
JPMorgan Challenge that they did last year using an app, except the app kept crashing and restarting
I've had the problem with the Lyft app the last few times I've needed use it. (I don't use it often, so I don't know when it might have broken.) It puts up a small banner saying I need to accept the terms and conditions, then crashes. I have to use the website, rather than the app. Once I've successfully connected through the website and booked a ride, then the app works — until the next time I need it.
-
@dangeRuss said in EA improves security by ensuring nobody gets into your game:
free donuts/cheesecake on a stick for getting a vaccine
I just got several days of not feeling very well. There is distinct lack of cheesecake in my life right now.
-
@topspin said in EA improves security by ensuring nobody gets into your game:
Some person experiencing the same problem said:
The code to be entered has a time limit, so you have to hurry up before it expires! However, in my humble opinion, the fault lies in the fact that, to read the email with the code, you leave the application for a short time and this is not tolerated. To solve, temporarily, hoping EA solves the problem or rather, eliminates this ABSURD new login method, you need to help yourself with a PC or any other method that allows you to read the email with the code, without leaving the game screen.
This is also the impression I have. The code it mails you is like an authenticator: if you try it twice quickly enough, you get the same five-digit number mailed to you as the previous time.
Anyway, every time I switched over to my mailer to get the number, it was refused. The last time it did work, I strongly suspect it was because iOS gave me a “new e-mail” notice at the top of the screen, and I looked at it quickly enough to see the number (which, bonus , is not just in the e-mail but in the subject line) so I could type it in without switching away from TS:TO.
I understand the security reasons that led to this decision, ...
I don't. What is the worst that can happen here? Someone hacks your account and then plays your game?!? Much wow, very dangerous.
They can spend your money on donuts (in-game currency). As I’ve never seen the need to buy those, I have no idea how that goes, but I would kind of expect there to be further ID checking at that point, though of course, if someone has access to your phone or tablet, sending another authenticator number to your e-mail address isn’t likely to stop anyone.
@topspin said in EA improves security by ensuring nobody gets into your game:
@loopback0 said in EA improves security by ensuring nobody gets into your game:
And changes the details and locks you out.
This wouldn't be a problem if I didn't have to login to play single player games ...
But I don't know if it applies for the game in question, so ok.The game saves your progress on EA’s servers, apparently so you can play on multiple devices. I don’t see the point, but then, I only play it on one device.
-
I've lost more accounts to mandatory 2FA than I've lost to hackers. And I've been hacked.
I fucking hate 2FA.
-
@Gąska I dislike it primarily because of the unreliability of getting confirmation codes by text messages in a timely manner. Waiting 20 minutes for a text message, or being unable to get the code because I'm in a location with no cell signal, or my phone died is more than a little inconvenient.
-
@error said in EA improves security by ensuring nobody gets into your game:
@dangeRuss said in EA improves security by ensuring nobody gets into your game:
I've had issues like this with places that take too long to send the code. You ask for a code, you don't get it in a few mins, you ask for a new one, then the first one comes in, you try it, it doesn't work, you ask for a new one, the second one comes in, etc, etc.
The one I always see is Android apps that ask for 2FA, but when you background them to retrieve the code, they forget where they were in the process.
I was trying to set up an account for a banking app, using KeePass for the password like a good secure citizen. When I switched to KeePass to get the password, the app quit and went back to the start, so I had to write it down on paper and type it in. Same when I tried to go into SMS to get the 2FA code they sent there. The notification didn't show enough of the message to let me preview the code, so I had to connect my phone to my computer using the Your Phone thing so I could read it on there and type it in. I hate the security theatre some of these apps go through
-
@Jaloopa said in EA improves security by ensuring nobody gets into your game:
Same when I tried to go into SMS to get the 2FA code they sent there. The notification didn't show enough of the message to let me preview the code, so I had to connect my phone to my computer using the Your Phone thing so I could read it on there and type it in. I hate the security theatre some of these apps go through
iOS makes this is a bit easier - if it detects a 2FA code in an SMS, then it gives you a button on the keyboard to paste it straight in. No need to switch apps.
Same for passwords. You can access stored passwords straight from the keyboard, and 3rd party apps are allowed to integrate with it so it works with Keepassium etc and not just iCloud.
-
@loopback0 Android makes this even easier. Since it has no sensible concept of security, the app itself just reads your text messages and automatically accepts the code.
Filed under: I have personally witnessed this
-
@loopback0 the default SMS app has the ability to detect codes and let you copy them to the clipboard from the notification, but not the manufacturer provided one on this phone. There's also password manager integration but it switches to the manager app to unlock it via fingerprint or password, which is what killed the banking app.
You can also copy usernames and passwords from an opened password entry via notification, but I think in this case the banking app also had its own text entry and keyboard that didn't support pasting. You know, for security
-
@topspin said in EA improves security by ensuring nobody gets into your game:
@loopback0 Android makes this even easier. Since it has no sensible concept of security, the app itself just reads your text messages and automatically accepts the code.
Filed under: I have personally witnessed this
Yeah, that's possible too if the app has requested the manage SMS permission
-
@dkf said in EA improves security by ensuring nobody gets into your game:
@dangeRuss said in EA improves security by ensuring nobody gets into your game:
free donuts/cheesecake on a stick for getting a vaccine
I just got several days of not feeling very well. There is distinct lack of cheesecake in my life right now.
Take your vaccine card down to the nearest white castle stat
-
@dangeRuss I don't think they sell cheese cake.
-
@Jaloopa said in EA improves security by ensuring nobody gets into your game:
@topspin said in EA improves security by ensuring nobody gets into your game:
@loopback0 Android makes this even easier. Since it has no sensible concept of security, the app itself just reads your text messages and automatically accepts the code.
Filed under: I have personally witnessed this
Yeah, that's possible too if the app has requested the manage SMS permission
I think the permission for that can be limited to handling messages from specific senders, similarly to the way that URL handling by an app can be limited to specific sites.
-
@topspin said in EA improves security by ensuring nobody gets into your game:
I don't think they sell cheese cake.
Apparently, there's a vineyard close to there. That'll do.