Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 25

  Click here to go to the first staff post in this thread.   Thread: Supercell id Can I see all logged in devices?

  1. #11
    Forum All-Star mattyboo1's Avatar
    Join Date
    Mar 2015
    Posts
    4,166
    Quote Originally Posted by Noctaire View Post
    Actually, this is a significant miss on SC’s part and a major flaw in the SCID implementation that I’ve mentioned before. Players should be able to manage requests and review authorized devices through some means. I would like to be able to deauthorize a device before giving away an old tablet and to reject unauthorized requests (I see them in my e-mail regularly). Not having this ability is a security risk to our game accounts and not in line with industry standards for ID administration.
    I 100% agree with this. There should be some sort of user control panel that we can manage our supercell ID.

  2. #12
    Senior Member
    Join Date
    Mar 2018
    Location
    Universe 7
    Posts
    450
    Quote Originally Posted by Noctaire View Post
    Actually, this is a significant miss on SC’s part and a major flaw in the SCID implementation that I’ve mentioned before. Players should be able to manage requests and review authorized devices through some means. I would like to be able to deauthorize a device before giving away an old tablet and to reject unauthorized requests (I see them in my e-mail regularly). Not having this ability is a security risk to our game accounts and not in line with industry standards for ID administration.
    I like this idea just like gmail or Facebook account where you can check which device is link in to your account so you can disconnect immediately those unwanted devices who accessed you account.
    Last edited by Nevera; December 31st, 2018 at 05:34 AM.
    Main : Th12
    2nd : Th12 (mid)

  3. #13
    Forum Champion BloodyIrishman's Avatar
    Join Date
    Nov 2015
    Location
    Dublin, Ohio
    Posts
    5,602
    Playing Devils advocate here why should the user be the one in full control versus Supercell when ultimately the account isn't yours to begin with?

    Level 18
    - 6,103/18,500| Master I
    BloodyIrishman - TH12 [Level 205] - #2 in TH12 Hall of Fame
    Follow this link if you're interested in joining!

  4. #14
    Fresh Spawn
    Join Date
    Sep 2015
    Posts
    2
    Quote Originally Posted by Josh4908 View Post
    I think the point is being missed here. OP gave away their account info. I'd suggest contacting support and explaining that. They'd help in a heartbeat.
    Contacting the support could solve the problem but I don't want to risk it unless it's necessary. A friend of mine tried to recover an account but got himself banned for some reason. I have contacted the support for some SCID problems for my clash royale account but that wasted the only chance to recover the account. I'm hesitant about contacting support as it's not a big deal, I'm using my account with no problems
    Last edited by xurimx; December 31st, 2018 at 08:20 AM.

  5. #15
    Forum All-Star JusMe's Avatar
    Join Date
    Feb 2017
    Location
    amongst the stars
    Posts
    4,319
    Quote Originally Posted by BloodyIrishman View Post
    Playing Devils advocate here why should the user be the one in full control versus Supercell when ultimately the account isn't yours to begin with?
    For instance, I recall your own issues with SC ID and SuperCell customer support. You had never given out your information, yet one of your accounts all of a sudden had an SC ID without you creating it and subsequently, your recovery option is gone now. Thankfully you weren't banned.... Had you been able to see from where or through which device your account had been changed - now that could have provided valuable information [and SC isn't giving out any of that information to the users].

    Part of the point (mine at least) is that SuperCell isn't dealing with issues that are brought to their attention in a consistent manner. I can deal with things for my accounts very consistently. I know which devices I log on to. Yes, there will be those who won't know how to use it. MANY will know just what to do though... asking for this basic information and being able to control it is not too much to ask (in my view).

    For SC ID and 'additional security measures', as Noctaire points out (again, as also done before): this type of control (or at least being able to check) is part of the industry standard for many corporations now - and has been for some time.
    Last edited by JusMe; December 31st, 2018 at 09:29 AM.

  6.   This is the last staff post in this thread.   #16
    Kaptain Kat's Avatar
    Join Date
    Oct 2012
    Location
    Cruising
    Posts
    11,011
    Quote Originally Posted by Josh4908 View Post
    I think the point is being missed here. OP gave away their account info. I'd suggest contacting support and explaining that. They'd help in a heartbeat.
    I don't think so many people are missing the point however OPís point was already answered and a wider discussion emerged.
    As for missing the point, shall we not give the OP advise that will likely get him banned ?
    Sharing an account is a TOS violation and this is very likely to get him/her banned if he/she contacts support.

    Quote Originally Posted by Noctaire View Post
    Actually, this is a significant miss on SCís part and a major flaw in the SCID implementation that Iíve mentioned before. Players should be able to manage requests and review authorized devices through some means. I would like to be able to deauthorize a device before giving away an old tablet and to reject unauthorized requests (I see them in my e-mail regularly). Not having this ability is a security risk to our game accounts and not in line with industry standards for ID administration.
    Well personally Iím on the fence about this one. On one hand I can understand all the reasonings for wanting to have this control as a user. I would actually like to be able to manage these things myself as well.

    However the more control options a user has the more they can also screw up or give away when theyíre phished for their log in information. For example instead of losing one account players could much more easily lose all their accounts and yes obviously theyíve had a hand in that as well but still. So itís a difficult situation and I think Iíd have a slight preference for having more control as a user.

    That being said SCID is still pretty new and obviously it can be improved. Personally I would also like it if a user was able to manage (change) their email address which is tied to an account. There can be quite a lot of valid reasons why someone would want to change their email address.

    Side note: if you give away an old tablet or phone one should always wipe the device and do a factory reset

    Thank you! ClashOfHolmes for an awesome sig!

    Just call me K, my name is too difficult to spell.
    Hay Day | Level: 120 | # VL8GVUL | Main Hay Day Topics | Forum Rules | HD Wiki
    Clash of Clans | Level: lost count at 200 | #Y0VJUJG

  7. #17
    Quote Originally Posted by Noctaire View Post
    Actually, this is a significant miss on SC’s part and a major flaw in the SCID implementation that I’ve mentioned before. Players should be able to manage requests and review authorized devices through some means. I would like to be able to deauthorize a device before giving away an old tablet and to reject unauthorized requests (I see them in my e-mail regularly). Not having this ability is a security risk to our game accounts and not in line with industry standards for ID administration.
    Agreed. My solution ... a bit extreme ... I have given (2) of my old tablets to my 8 year old. His assigned mission is to strip them down to circuit boards.

    I'm pretty sure my accounts are secure when he's done

  8. #18
    Forum All-Star JusMe's Avatar
    Join Date
    Feb 2017
    Location
    amongst the stars
    Posts
    4,319
    Quote Originally Posted by Kaptain Kat View Post
    <snip> Personally I would also like it if a user was able to manage (change) their email address which is tied to an account. There can be quite a lot of valid reasons why someone would want to change their email address. <snip>
    Totally and absolutely agreed for all of my accounts!!

  9. #19
    Forum Hero Noctaire's Avatar
    Join Date
    Oct 2015
    Location
    USA
    Posts
    6,805
    Quote Originally Posted by Kaptain Kat View Post
    Well personally Iím on the fence about this one. On one hand I can understand all the reasonings for wanting to have this control as a user. I would actually like to be able to manage these things myself as well.

    However the more control options a user has the more they can also screw up or give away when theyíre phished for their log in information. For example instead of losing one account players could much more easily lose all their accounts and yes obviously theyíve had a hand in that as well but still. So itís a difficult situation and I think Iíd have a slight preference for having more control as a user.

    That being said SCID is still pretty new and obviously it can be improved. Personally I would also like it if a user was able to manage (change) their email address which is tied to an account. There can be quite a lot of valid reasons why someone would want to change their email address.

    Side note: if you give away an old tablet or phone one should always wipe the device and do a factory reset
    The individual is always responsible for managing his or her IDs. Even without this access, that responsibility still rests with the user. E-mail accounts can be compromised, providing access for a game to be stolen, just as easily if not more so.

    The SCID system needs to include 2-factor authentication and a management interface. These are the industry standards for what we have here and they work fairly well. The 2-factor auth should be cell phone (text/SMS) and/or a single e-mail account that can be different from the one the account login is tied to and without the 1-per limitation. There should be a recovery option based on the same and anytime a new device is added, the primary auth (cell/separate e-mail) should be included in the process.

    The management system could be linked to a primary device - hash the ID or otherwise generate a unique identifier for the primary device. Then 2-factor auth would be used to change it when necessary.

    Likewise, requests should also be tied to the device from which they originate with a similar unique identifier and each device should have a unique name applied to it by the user.

    These concepts are just basic ID admin and go a very long way in securing accounts from fraud. Theft of an account would be MUCH more difficult if these were implemented (especially the 2-factor auth). In fact, current methods of stealing an account already on SCID would likely be eliminated. A mandatory use feature could be added that would prevent slamming of accounts as well.

    As to wiping a tablet before giving it away...that does not always work. I got the surprise of my life recently when I powered up an old tablet to test it and my ID came up on it. I had wiped it not long before. Additionally, many people allow others to use their tablets (especially in a family) and sometimes they end up just being given away over time (Johnny uses it and takes it to college with him, etc).

    Iím really hoping SC sees the need to improve this system. Although I would have liked to see all this from the get-go, the conclusion of initial deployment and subsequent roll-out to all their games (even Brawl Stars) makes the initial design mature enough to implement proper IDA protocols.
    Last edited by Noctaire; December 31st, 2018 at 02:14 PM.
    Clan/Task Force: Divergent Void (#P8CGRG0C / #8GG02YRP)
    Noc's Clash Journal
    Gaming with Noc (Videos)
    Chance favors the prepared mind; quit yer whingein' and find a solution.


  10. #20
    Forum Veteran
    Join Date
    Dec 2015
    Posts
    1,664
    Quote Originally Posted by Kaptain Kat View Post
    I don't think so many people are missing the point however OPís point was already answered and a wider discussion emerged.
    As for missing the point, shall we not give the OP advise that will likely get him banned ?
    Sharing an account is a TOS violation and this is very likely to get him/her banned if he/she contacts support.
    So, are you saying he shouldn't be banned? He broke the rules didn't he?

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •