How do mmo authenticators work

The two-step verification scheme used for Blade and Soul is fully compatible with this app. Can I use the same authenticator for multiple Blade and Soul accounts? Each Blade and soul account will be provided with a separate, unique authenticator "secret code. However, the Google Authenticator app does support linking multiple accounts, each with their own unique secret code.

What should I do if I lose or want to unlink the mobile device linked to my account? You can unlink the authenticator at any time by logging in to Account Management and proceeding to the Security section. Please note that to log in while two-step verification is configured on your account, you will need to have access to your mobile device. If you want to unlink your authenticator but no longer have access to your mobile device and do not have the CODE, you can now unlink your authenticator without having to contact support.

To do this, please follow the steps found HERE. But the responsibility falls on adults to know the basics of safe. How to spot dangerous links sent in messages and other tricks scammers use to steal your data.

Gamer accounts are in demand on the underground market. You don't even need to go about getting a custom SSL cert. There are online app hosting providers that give you a subdomain and use a wildcard SSL cert. You can put your authentication service at mygame. The idea here is that the user logs in to your service, which generates a unique session cookie, which the user can then pass into your main game server.

The server then asks the login system if the cookie is valid for the requested user. There's usually a very short timeout on the cookie, on the order of seconds , for example , and it's generally invalidated once used, making replay attacks impossible. Note that HTTPS is my most recommended option if you plan on sending payment information over the wire from inside the client itself.

However, it's significantly better to use a third-party for this. If you think securing something as simple as a password is too much work, you don't even want to even think about trying to meet the minimum and honestly quite inadequate PCI compliance rules for storing and processing credit card numbers.

You'll have better sales uptake anyway if you have users use trusted third-party payment services that they're already on file with. One strong advantage of separating your login service from the main game server is that it allows external functionality to be tied to user accounts independent of the game. You might have some account features viewing avatars or such on your website, or perhaps you allow linking Facebook accounts into your accounts, or perhaps you have multiple games sharing a single underlying account platform e.

It is possible to use third-party services like Facebook Connect or Google with a native client. If the target service does not having a native SDK and requires the use of a Web browser, you could just embed a browser in your game. However, some users may be distrustful of using an embedded browser to enter login information. You can also use an external browser. There are a few ways to pull this off. Some require a little bit more OS-integration than others. Some require you to have an external Web service running alongside or at least reachable by your main game server.

Note that since Facebook and Google generally require a URL that is authenticated, you will need a public website landing page to use these protocols in almost all cases. The most fool-proof and reliable, if not quite the easiest, is to bounce your login request from your client through your main website. Your client connects to the main game server as an authenticated guest user and receives a unique session token.

The game server does not allow the client to actually do much while in this state; the game doesn't know who the player is, so the player cannot yet chat, start a match, or so on. The client then launches the external browser pointing at the login URL of your game's domain, passing this session token as a parameter in the URL.

At this point, your webserver knows that the user has logged in, and can associate that with the session token it received from the client. This verification can then communicated to the game server, elevating the client's unauthenticated guest connection into an authenticated user session.

This can be done by having the webserver directly communicate with the game server, if possible. Or the game server can periodically poll the webserver for authentication status of pending guest connections. Or the client can periodically poll the webserver to see if login is complete and, when it is, signal the game server to request verification from the webserver.

All of these require that your game server and webserver be able to communicate, but any third party authentication service will require your game server to be able to communicate with the outside world, so this shouldn't be a surprise. Note that this all also works for making payment requests through an external service, like PayPal, Amazon Payments, Google Wallet, etc.

It is not too difficult to start a TLS session over a custom stream protocol. You generally just need to feed bytes through the wrapper API and it deals with the handshake and encryption. The tricky parts here are ensuring your use of TLS is safe. Some of the common libraries for example will by default require a valid signed certificate from a trusted authority. Some of the common libraries require that, but by default don't trust any authorities. Jump to content.

Posted 30 June - AM. Posted 30 June - PM. Fire for Effect, on 30 June - PM, said:. Jfrost, on 30 June - PM, said:. Posted 01 July - PM. Posted 02 July - AM. Posted 06 July - AM. Co Starring, on 06 July - AM, said:. Posted 09 December - AM. RenegadeMaster, on 06 July - AM, said:. Posted 10 December - PM. You cannot reply to this topic Go to first unread post.