After more than 11 years of this game's release, there's still no added security for Riot accounts.
Here, in August 2017, a rioter said (deleted account now):
> We are working on implementing a two-factor authentication solution, but unfortunately it's a long process with a lot of considerations that have to be made that might not be so obvious - for example, 2fa for players that don't necessarily have smartphones, that kind of thing - as well as the age old meme of putting new features into legacy (spagetti) code.
In February 2019, they replied:
> I have no new information to share unfortunately - we're working on it and it is coming soon and I appreciate how non-committal, vague and frustrating this response will be :(
Not talking about an authentication app or even SMS verification but not even a simply opt-in 2FA e-mail code?
Every single major online game has some sort of 2FA. It's honestly ridiculous that for the playerbase size that league has we still lack such a basic security feature.
Seems baffling that you can spend thousands of dollars in this game but there's no extra added security like most online services nowadays.
I only want to know what has come of it, has it been delayed? Is there any kind of ETA or has it been postponed indefinitely?
The infrastructure is already there, there is e-mail verification upon login on riotgames.com so I wonder why there isn't for the League launcher?
Starting in Android 10, anytime you connect to any network, the default setting is to use dummy MAC address. Its a security feature to help people not to get tracked (some stores use it to track people). Its on by default. At my work we use MAC auth for our secure network and I was having issues getting on, kept giving me an IP error. I didnt know dummy MACs was on by default.
To use the MAC of your device, go to wifi and go to the network you are trying to connect to, and click the gear icon. At the very top, click on the pencil. When the menu opens up, click advanced settings. All the way at the bottom under privacy is the option to change it from randomized MACs to device MAC. I hope this helps someone.
I guess this just applies to iPhone users. Sorry android people (or maybe there’s a similar dispute for android- idk).
I don’t want to upgrade from my iPhone 8 even though my camera is broken because I don’t want to lose the fingerprint recognition feature.
Especially with COVID, fingerprint authentication for tap pay methods is so convenient. My sister has iPhone 11 and complains that she can’t use her phone’s Apple Pay in stores now because it would require her to remove her mask. Meanwhile I can still easily use Apple Pay without a problem, and it is fully contactless. She also says facial recognition doesn’t really work at night when it’s dark. I’ve also heard facial recognition is flawed when it comes to differentiating between identical twins, but correct me if I’m wrong.
I think Apple regressed with the facial recognition on all their new hardware, and by trying to keep up with all the features Android has, they really lost sight of ease of use and user-centric design. But apparently I’m the only one who thinks so.
Riot already uses it in Clash tournaments, they know how much it reduces smurfing. In CS:GO you need to link your mobile number to your account so you're able to play prime matchmaking.
"But you can get a fake number online!!" Yeah no one does that in league and we've already seen it.
So why isn't Riot actually adding the easiest anti-smurf tool to Valorant?
Is there no stable, reliable way to get in on this action? I've been trying for weeks now! Gosh dang.
Edit: I finally got through to customer service at Shakepay and the issue was quickly resolved. Shakepay - you guys rock.
Friend has been fighting against adults chatting with teenagers. He has a large list of PP logins from these creeps but there's 2FA to get into them. I am open to sharing my listing with a few people to help me punish these guys bank accounts with buying random expensive crap and shipping to random addresses. I don't just want to hand the list over to someone without knowing that they can be hit properly.
So please DM with a method to bypass 2FA or phone verification without OTP. In exchange you know your fighting against sickos and I'll give you some from the list to help me out. I just want every account to be hit, so the more ppl to help the better.
This post by CleanTechnica references Elon confirming that Bluetooth Authentication (for easy access key-fob alternative) would be coming “soon” to existing S/X back in 2018.
Well 2.5 years later and to my understanding, this still does not exist for S/X. I ask this because I am considering switching from my 3 to an S, and the lack of this feature is the one thing that annoyed me the most when using S-loaners.
It's absolutely ridiculous. You can verify your phone number via SMS with Clash but you can not use any sort of two-factor authentication for your account.
I've come to accept how absolutely terrible the client is, but even after 10 years of terrible choices and not being able to fix major bugs I have just slightly enough faith in Riot Games to know how to make 2FA available.
Is it too much to ask for?
Since I see way too many comments about it: It would of course be OPTIONAL. If you don't care about security then you don't have to use it.
Next blog is online. Do you know companies who are still using ADFS? Want to migrate them smoothly from local authentication to cloud authentication? Use the new feature that was released earlier this year called Azure AD staged rollout. I wrote a blog about this cool feature! Enjoy the read!
Azure AD staged rollout - Microsoft Cloud Technologies (bilalelhaddouchi.nl)
Hello there. How do web scale companies implement authentication? Companies like Netflix, Amazon Prime, Disney+, zoom or airbnb may not be using cognito for authentication.
What ways are they managing customer auth on aws in an efficient way? what services are such companies using as auth providers. Is it frameworks like passportjs, are they building authentication services ontop of Dynamodb and KMS or are they using third party services like auth0. Anyone care to share how companies are authenticating over 30million users? I am curious about this topic and would like to hear from those who have worked on such in aws
Edit: Another reason i am curious about this is the multi-region HA authentication that some companies like Netflix could need to be able to fail over to other regions as even though it might be comfortable to use cognito which i use alot, cross region replication of users does not come out of the box
🙌 Hi folks,
We have been working on a passwordless authentication protocol called, Hypersign for a year. The protocol is ready to be integrated into the node js project (SDKs for other languages are being developed now). Here is a short demo on how one can integrate Hypersign authentication protocol by just 4-5 lines of code or 5mins of work in node js project using hypersign-auth-js-sdk npm module.
We are looking for feedback from developers. I request you to kindly try out the project.
YOUR FEEDBACKS ARE EXTREMELY IMPORTANT FOR US, IT WILL NOT TAKE MORE THAN 5 MINUTES OF YOUR TIME. 🚀
I’m looking for a lightweight alternative for keycloak/fusionauth to handle user management, login and authentication. Specifically I need it to handle:
I like Keycloak and FusionAuth, but they both require a minimum of 512MB RAM, which is about half of my VPS allocation and overkill for my needs — I only have a dozen or so users over a handful of apps.
I'm doing a project with a guy mentoring me. He gave me a task to make a web api project following clean architecture and with jwt authentication. I have Pluralsight subscription if that helps.
Until today I just kept my Australian number as it only cost $50/year (to keep active, I never used it except to receive 2FA), but they just made it so it doesn't work internationally.
I do have a local number, but I travel a lot so that changes, and don't want to change all my accounts 2FA number every time I move.
I tried Google Authenticator once, but some accounts don't allow it and it breaks
if you get a new phone (I think). EDIT - causes problems if your phone dies.
I'm wondering about Google Voice or other alternatives?
(Note, I'm leanFIREd so after solutions at the cheaper end)
Current guacamole.properties config:
postgresql-hostname: localhost postgresql-port: 5432 postgresql-database: guacamole_db postgresql-username: guacamole postgresql-password: null ldap-hostname: homelab.local ldap-port: 389 ldap-encryption-method: none # ldap-max-search-results: 1000 # ldap-search-bind-dn: # ldap-search-bind-password: ldap-user-base-dn: cn=Users,dc=homelab,dc=local ldap-username-attribute: sAMAccountName # ldap-user-search-filter: (objectClass=*) enable-clipboard-integration: true
Appreciate if anyone can provide advice on what can be done for Guacamole to authenticate user accounts without having to manually create a duplicate in the Guacamole database.
Happy New Year's everyone,
I'm developing an application that uses Rails in API mode as a back-end and React SPA as a front-end. What would be the best gem to use for authentication in this case?
I have found a few popular gems (jwt, devise_token_auth) which are used for token-based authentication, but I'm not sure how secure it would be to use token-based authentication as it would probably require to store the token in the browser's localstorage on the front-end side. Is there a session-based authentication gem for APIs with simple but secure implementation?
So far I've worked only on server-side rendered Rails applications that used Devise gem for authentication.
All insights and recommendations would be highly appreciated.
This shit is annoying as hell. Especially since I have almost nonexistent cell reception where I am now and cant get the codes for a couple minutes sometimes.
It's that time again: https://status.plex.tv/
> Investigating - We're investigating issues impacting API services for some users. This can affect account auth (sign-in & PIN verification) and creation, access to Downloads page items, and more. You may experience slow responses or failures. Jan 7, 10:08 UTC
I know people on this sub have discussed H.R.1865 before, but I think people who actually don't use AT&T's provided equipment might have a case to get the equipment fee taken off. To refresh anyone's memory: the bill is now in effect, after enforcement was put off for 6 months or so, and states the following:
>[[Page 133 STAT. 3201]]
``(c) Consumer Rights to Accurate Equipment Charges.--A provider of
a covered service or fixed broadband internet access service may not
charge a consumer for--
``(1) using covered equipment provided by the consumer; or
``(2) renting, leasing, or otherwise providing to the
consumer covered equipment if--
``(A) the provider has not provided the equipment to
the consumer; or
``(B) the consumer has returned the equipment to the
provider, except to the extent that the charge relates
to the period beginning on the date when the provider
provided the equipment to the consumer and ending on the
date when the consumer returned the equipment to the
``(d) Definitions.--In this section:
``(1) Broadband internet access service.--The term
`broadband internet access service' has the meaning given such
term in section 8.1(b) of title 47, Code of Federal Regulations,
or any successor regulation.
``(2) Covered equipment.--The term `covered equipment' means
equipment (such as a router) employed on the premises of a
person (other than a provider of a covered service or fixed
broadband internet access service) to provide a covered service
or to provide fixed broadband internet access service.
``(3) Covered service.--The term `covered service' means
service provided by a multichannel video programming
distributer, to the extent such distributor is acting as a
multichannel video programming distributor.''.
To me, it seems clear that
a) if the "equipment fee" can be determined to actually be a charge for using AT&T's equipment
b) if someone is bypassing AT&T's gateway using extracted EAP certs, etc.
then such a person might be able to return AT&T's gateway to them and demand that the fee be taken off their bill. If I were in such a position, I might pursue this and file official complaints or disputes.
PSA: Looks like MFA support rolled out earlier this year. I would highly encourage those who can to enable it.