Loading...

Top
PFQ Banner

This is PokéFarm Q, a free online Pokémon collectables game.

Already a user? New to PFQ?

Two-Factor Authentication

Forum Index > Core > Announcements >

Pages: 1234

Niet [Adam]'s AvatarNiet [Adam]
Niet [Adam]'s Avatar
As promised, I looked into it. Now we have it.
Update at end of post! What is Two-Factor Authentication (2FA)? When it comes to securing things - where "things" can range from an account all the way up to nuclear launch codes - there are three possible "factors" of authentication. - "Something you know", most commonly a password. - "Something you are", typically biometrics, although this can sometimes include your physical location for example in IP-based tracking. - "Something you have", such as a physical key. One factor is good. Two is better. Three is probably overkill but necessary for super important things. But the key thing to remember is that repeating the same factor doesn't increase security. There were some suggestions of "log in using your email address instead of your username", or even having a "login name". These are just more "things you know" and don't add any security. A real-world example of two-factor authentication would be using your bank card at an ATM. You insert your card (something you have) and type in your PIN (something you know) to get access to your account. How is it implemented on PFQ? Today I am adding a new page for handling two-factor authentication. You can use this page to pair your account to your smartphone using any Authenticator app. Desktop versions exist too. It doesn't matter which app you use - Google Authenticator, Authy, WinAuth and many more. Pick one you trust. PFQ will provide a QR code for easy scanning, or you can directly copy-paste the "secret key" into your app of choice. IMPORTANT: Do NOT save this secret key ANYWHERE other than the authenticator app. Once scanned, the app will start providing you with 6-digit codes, which change every 30 seconds. Enter the code into the form to confirm the pairing and enable 2FA. After enabling 2FA, the way you log in will change. In addition to username and password, you will also need to open the authenticator app and enter the code it gives you. This proves you have the device you paired, which is the "something you have" that makes this 2FA work. Work in progress! As of this post, the feature is mostly done but not completely. You can enable 2FA and use it to secure your account today, but the "emergency backup account recovery" option is not yet implemented. You also can't yet disable 2FA once enabled. This means that if you lose your smartphone, or can't get the 2FA codes for some other reason, you won't be able to log in to PFQ. If this happens, you can contact Support and we'll help you regain access. I will be working on the part of the feature that lets you recover the account yourself, but for now it's off to the Support Centre with you! Will this be required? No. 2FA is an extra layer of security that is completely optional. It is, however, strongly recommended - especially if you have spent money here. This post will probably get updated with more questions later. For now, if you want 2FA, you can have 2FA!
Update 13/Aug: Emergency Backup Code is now available. Head over to the 2FA page to set one up. This will allow you to log in even should you lose access to your 2FA codes. Keep this code safe and hidden. Also you can disable 2FA from the 2FA page just by using your 2FA paired device. Still to do: when important actions are taken on the 2FA page, such as setting it up or - more importantly - disabling it, an email needs to be sent to the user so that you know it's happened, just in case it wasn't actually you! That'll get done soon.
Clip from Pokémon anime, re-lined by me
-- OMNOMNOM!
Featured story: Injustice Feedback welcome!
Oh, cool.
Medium Dragon Gem

Medium Dragon Gem

Gem

(: 0)

A medium-sized Dragon-type Gem. Visit Ravyne at the Wishforge to convert it into 10 normal-sized Gems.

Sells for 100

Lv. 100 — +9,242,153
Aspear EggAspear Egg
Aspear Egg (SOUR)
Cheri EggCheri Egg
Cheri Egg (SPICY)
Chesto EggChesto Egg
Chesto Egg (DRY)
Pecha EggPecha Egg
Pecha Egg (SWEET)
Rawst EggRawst Egg
Rawst Egg (BITTER)
Likes:
Sweet food
GroundDragon
Happiness 94%
Timid nature
Faded's AvatarFaded
Faded's Avatar
Awesome, gonna go hunt a good authentication app down now haha Just to make sure though, if you're logged in, can you remove the authentication link if need be? I have an old phone that I may loose soon because of charger issues so I just want to make sure before I do anything. Nevermind .-.
{ Translation: Hello! }
carinae's Avatarcarinae
carinae's Avatar
Okay, help. I keep getting an error message that the code is wrong?? I copy-pasted everything??
elliot • they/them quit, dm xim#7352 if you need me
Fuecoco's AvatarFuecoco
Fuecoco's Avatar
Wooooo, thank you Niet! Hopefully, a lot of people who wouldn't normally use this can be tempted into enabling it somehow hahaha
24935
Hyperspace Ring

Hyperspace Ring

Summon Item

(: 0)

A sinister-looking gold ring. Peering into its depths is like looking into another universe. It is said it is deeply connected with the Legendary Pokémon, Hoopa.

View/use Summon Items

Unsellable

Lv. 1 — Locked
Aspear EggAspear Egg
Aspear Egg (SOUR)
Cheri EggCheri Egg
Cheri Egg (SPICY)
Chesto EggChesto Egg
Chesto Egg (DRY)
Pecha EggPecha Egg
Pecha Egg (SWEET)
Rawst EggRawst Egg
Rawst Egg (BITTER)
Likes:
Spicy food
Electric
Happiness MAX
Brave nature
pfp = my cat
Peachi's AvatarPeachi
Peachi's Avatar
Awesome, thanks so much! I've enabled it already and re-logged in already and everything went smoothly. c: Can an option be considered to check off "remember this device for 30 days" when you log in on different devices/locations? This way you could choose to only need to enter your 2FA code monthly on devices you trust. I'm not sure if this is possible for Pokefarm, but I do ask because I use this option on other games. This is a helpful choice for people who want the security of 2FA from strangers who might be trying to log into their account to steal (such as the recent Account Breach situation), but aren't as worried about local log-ins. It can be a good balance between security and convenience.
My fields are optimized for clicking! 10k S&S Timid (Sweet/Pecha) Pokemon ♡
sprite made by sojussimblr
sprite made by Lonely Heart
sprite made by Matamoja
sprite made by Matamoja
Addison1134's AvatarAddison1134
Addison1134's Avatar
thank you for making it optional =3 I useually get annoied with 2 factor if it ever signs out a computer I frequent and the cookies on this site with renaming get annoying to me so when I clear them it logs me out. this isn't often but is something that happens and I like that I can opt out until I feel it is required for myself =3
Thanks, Niet! I tried it out and enabled it! I *think* it's working, I've never had to use one of these on the desktop before xD The extension I added to my Chrome seems to be working so far :>




Avatar is my sona, drawn by Saapricots!
×7/1000


Jana Kennedy's AvatarJana Kennedy
Jana Kennedy's Avatar
Thank you for implementing this!
Always looking for quirky pokemon!
  • Typerace
  • Shop
Current Type Current Points 556 Clicklist Next month=
My shop! I offer shelter hunts, free fields, shiny/albino, variants/exclusives and more. Please post in shop rather than send a pm. Buying
Spectral Leiomano
for anywhere between 20 - 40zc depending on market price - send pm to see if i have enough money ^.^
Avatar is from Unus Annus, free to use image from the 'pick a side' part
selocon's Avatarselocon
selocon's Avatar

QUOTE originally posted by Peachi

Can an option be considered to check off "remember this device for 30 days" when you log in on different devices/locations? This way you could choose to only need to enter your 2FA code monthly on devices you trust. I'm not sure if this is possible for Pokefarm, but I do ask because I use this option on other games. This is a helpful choice for people who want the security of 2FA from strangers who might be trying to log into their account to steal (such as the recent Account Breach situation), but aren't as worried about local log-ins. It can be a good balance between security and convenience.
i second this. Im hesitant to use 2FA because there's a lot of locations/devices I use to log in.
Avatar by the best lizard ever, Bananalizard #standwithEMS #ELM
Score: 2659

Pages: 1234

Cannot post: Please log in to post

© PokéFarm 2009-2024 (Full details)Contact | Rules | Privacy | Reviews 4.6★Get shortlink for this page