just going to put a few things here, others have probably mentioned it in the past but stricter account safety is needed.
you have 2 auth - but have us handle it via a third party which is still kind of risky.
account log in attempts - not only do you allow 10 attempts per ip which is circumvented by IP - yes i failed to log in 10 times on purpose & it's only a 5 minute lockout only makes it easy for bruteforcers and people looking to randomly guess emails and passwords.
i also minimized it and tried it again in less time than the lockout mentioned and it actually allowed me to try an 11th time before actually giving consistent lockout notices.
i believe we should have three attempts before being forced to either reset our passwords or wait a literal 30 minute timer.
as far as account safety goes some measures are in place but their either bad, non existent or slightly lacking in some spots vs even games such as Tibia.
since our support tickets revolving this matter aren't handled by a real person at times in cases where a real hack incident happened and it wasn't a keylogger or account sharing, security could be handled slightly better.
- this is the only game where 2 auth is actually needed to avoid being hacked by someone just typing in random things with a list of passwords there in-game reccomedations i have as well because ill be honest with an authenticator on my bank pin i still don't see it as secure with todays improvements in technology, but thats a discussion for another time.
27-Nov-2021 18:32:49