Page 3 of 28 FirstFirst 1234513 ... LastLast
Results 21 to 30 of 275

  Click here to go to the first staff post in this thread.   Thread: How 'secure' is SCID?

  1.   Click here to go to the next staff post in this thread.   #21
    Darian[Supercell]'s Avatar
    Join Date
    May 2017
    Location
    Under a Rock.
    Posts
    5,933
    Quote Originally Posted by armshouse View Post
    Is this allowed?
    Of course not. Account sharing is strictly forbidden, but that doesn't stop people from doing it when they think it's harmless.
    AKA Tank Puppy
    https://twitter.com/Devourlick

    If you have account-related questions like account bans or Supercell ID issues, please contact Player Support at this link. Please note that Community Managers and Forum Moderators are unable to assist or answer any account-related questions.


  2. #22
    Quote Originally Posted by Darian[Supercell] View Post
    Such as? If a person is so careless with their personal information that a malicious party is able to gain enough of it to take over account, it's likely additional security layers would be useless.

    However, 2FA is a route we could likely explore for extra security.
    Well, is it trully personal information? Or is information of a clash of clans account? Who is the owner of that account? I remember on previous threads saying that Supercell owns the accounts.

    It was only through this forum that I knew that account creation date is a security risk information. Is this something that people usually understands as highly secret information that cannot be leaked?

    2FA is something that I would like to have on my SCID account.
    Last edited by Terminator1986; January 18th, 2021 at 10:49 AM.

  3. #23
    Senior Member
    Join Date
    Jul 2020
    Posts
    429
    People really need to learn a vital lesson in life here. With the issues that Darian is posting and the traps people have.

    NOTHING GETS YOU NOTHING.

    Random acts of charity on the internet for something like a game are extremely uncommon.
    No one is really giving away thier maxed base they've spent years working on.
    No one is giving you free gems.. they don't have access to do this do they? Have you ever seen them for sale elsewhere? It's SCs own currency that they have the captive on.. how can some random spammer have a supply, that they can give you for free? You can't even give them to your own clan mates can you? Not possible.

    Have you ever had the email from the Nigerian prince whom has 50m dollars on an account he can't access but if you give him your account details he can send the money to you, to hold onto?

    Think about it. The golden rule.. if it's too good to be true.. it probably is. Nothing is free.

  4. #24
    Senior Member
    Join Date
    May 2017
    Location
    Noida
    Posts
    307
    Its true that people are falling to scams and traps by accidentally sharing account information, but what about those people like myself who have never come across the hacker/phisher and yet their id got phished/stolen.

    Account info cant be divulged when the owner hasnt even spoken to the scammer even once.
    Last edited by arjunchopra333; January 18th, 2021 at 11:21 AM.

  5. #25
    Senior Member eitiel's Avatar
    Join Date
    May 2016
    Posts
    468
    I think a phone-based 2FA could be limited to prove your identity to Support, in order to make sure it's you that want to recover your account.

    Then the"hacker/phisher/scammer" would have to have access to SMSs, or other locally-generated secure OTPs, in order to gain access.

    I would gladly activate a 2FA option of this type if it was available.
    Last edited by eitiel; January 18th, 2021 at 11:23 AM. Reason: typos & punctuation

  6.   Click here to go to the next staff post in this thread.   #26
    Darian[Supercell]'s Avatar
    Join Date
    May 2017
    Location
    Under a Rock.
    Posts
    5,933
    Quote Originally Posted by JusMe View Post
    Darian, part of the point of this post is that people are now capable (or at least it seems that way) to change the email for an account by merely giving the account name, account ID number and TH level in a chat screen with the sparky or otto thingy, without any checking taking place. For some also the clan the account is or was last in it seems... This information can easily be found by checking ClashOfStats ...
    This is simply not true and there is likely more going on than what is being shared publicly. There are a variety of system checks that happen in the background and just having that information alone will not allow someone to recover an account.
    AKA Tank Puppy
    https://twitter.com/Devourlick

    If you have account-related questions like account bans or Supercell ID issues, please contact Player Support at this link. Please note that Community Managers and Forum Moderators are unable to assist or answer any account-related questions.


  7.   Click here to go to the next staff post in this thread.   #27
    Darian[Supercell]'s Avatar
    Join Date
    May 2017
    Location
    Under a Rock.
    Posts
    5,933
    Quote Originally Posted by arjunchopra333 View Post
    what about those people like myself who have never come across the hacker/phisher and yet their id got phished/stolen.
    How do you know who the scammer/thief was or where they got their information? It's incredibly surprising what information people share that they thought was harmless.

    Accounts cannot be stolen out of thin air without having access to very specific information.
    AKA Tank Puppy
    https://twitter.com/Devourlick

    If you have account-related questions like account bans or Supercell ID issues, please contact Player Support at this link. Please note that Community Managers and Forum Moderators are unable to assist or answer any account-related questions.


  8. #28
    Senior Member
    Join Date
    May 2017
    Location
    Noida
    Posts
    307
    Quote Originally Posted by Darian[Supercell] View Post
    How do you know who the scammer/thief was or where they got their information? It's incredibly surprising what information people share that they thought was harmless.

    Accounts cannot be stolen out of thin air without having access to very specific information.
    I know positively about it because the day before my account got phished there were only my alternate accounts in my clan along with a few friends i know personally. But the next day when i login into my account, i get supercell id has expired and when i tried to get the otp from my linked email id, i did'nt receive it.

    Secondly when i logged in from an alternate account i saw my phished account being operated by someone else and right away he brought one of his accounts and made himself leader.

    The most shocking thing was that i hadnt come across him even once ingame as well as outside the game. So its puzzling that how they were able to phish the account without my divulging the details.
    Last edited by arjunchopra333; January 18th, 2021 at 11:30 AM.

  9. #29
    Senior Member eitiel's Avatar
    Join Date
    May 2016
    Posts
    468
    Quote Originally Posted by arjunchopra333 View Post
    I know positively about it because the day before my account got phished there were only my alternate accounts in my clan along with a few friends i know. But the next day when i login into my account, i get supercell id has expired and when i tried to get the otp from my linked email id, i did'nt receive it.

    Secondly when i logged in from an alternate account i saw my phished account being operated by someone else and right away he brought one of his accounts and made himself leader.

    The most shocking thing was that i hadnt come across him even once ingame as well as outside the game. So its puzzling that how they were able to phish the account without my divulging the details.
    Have you ever told any of your clanmates, or even on global chat when it was a thing, the place where you live? Are you using the facebook link option, so they may know some personal info about you and maybe guess your email password? Are you using 2FA on your supercell ID-linked email address? The simple fact that you have no means to tell who is the player behind an account means you should never ever divulge any of your personal info through the game. The most I tell my clan mates is that I live in Europe, and they could tell that already by my wake-sleep pattern.

    I saw new joins ask questions about "how long have you been playing" (my answer: "too long") or "where are you from?" or anything else that could, maybe-if-I'm-a-lucky-scammer, be used to convince a Support agent that it's me who lost access to my email address.
    Last edited by eitiel; January 18th, 2021 at 12:01 PM. Reason: punctuation, again

  10. #30
    Quote Originally Posted by Darian[Supercell] View Post
    One of the challenges about adding extra security to SCID is that we also have to balance between convenience and ease of use. For example, if we added a 2-Factor Authorization system for every time you logged in to your account, this would be incredibly troublesome to those who have multiple accounts. One of the whole points of the SCID system is to allow you to swap between multiple accounts quickly as easily.
    It would be inconvenient if there was a 2FA for every login. But can't it be applied only for the email change requests?
    Last edited by BlazeStormz123; January 18th, 2021 at 12:13 PM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •