How 'secure' is SCID?

[Tollboothwillie]

But when you have 20 accounts on a several devices (3-6 different Apple IDs) that you have interchangeably bought gems and packs on over the years, now try answering that question. It’s completely impossible.

Bottom line, I totally get what you’re saying overall and hopefully if my email address ever changes I’ll get a great support agent. But the horror stories don’t instill confidence, and the only point of my reply is to hammer home the point to Supercell that THEY really should come up with a better way of authenticating accounts, and f2a would be an obvious improvement.

Most people don't create an account in the forums when they get their issues fixed because support worked like they thought it would. Those who have issues are more likely to vent or give negative reviews. As it's been said in this thread and many of the ones in bugs forum the more you dig the more you find the story fall apart.

[Thegreatpuma]

And if someone did place a listening device in your house, they would know the passphrase. (Just an example for the rest below on how your security can get compromised)
Like a keylogger on a computer, or infos given away for free on social media.

Good grief. OK yeah I will give you that. Nothing is fool proof if someone is going to this sort of length to try and to gain access to my accounts. All that said, it's far better for me to configure and KNOW the information I need to recover my account rather than having it be some random, possibly years old data, that I didn't even realize I needed to keep secure.

[shepherdgirl]

Most people don't create an account in the forums when they get their issues fixed because support worked like they thought it would. Those who have issues are more likely to vent or give negative reviews. As it's been said in this thread and many of the ones in bugs forum the more you dig the more you find the story fall apart.

Well, that is rather the point of this whole thread isn’t it. Is it really only ever users being dishonest, or is there room for improved in scid security? Me, I’m not so sure.....

[Ajax]

Well, that is rather the point of this whole thread isn’t it. Is it really only ever users being dishonest, or is there room for improved in scid security? Me, I’m not so sure.....

I think it is very rarely users being deliberately dishonest. They just leave out information they didn't think relevant.

Is there room for improved security? Yes, I'm sure there is.

I do think it more secure than many of the posts here would suggest, but that doesn't make it perfect, by any means.

Personally, I would like to see the addition of 2FA. Which should only be required when first connecting from a new device, or at intervals of something like 90 days when connecting from the same device(s) you have before. But I am already familiar with 2FA (I use it for my gmail, for slack, for lastpass, and a couple of other things), many players wouldn't be. I suspect this is another thing where people on here tend to be a bit more tech savvy than the average.

[JusMe]

In that scenario you basically started looking for trouble by playing in ways which was never supported in the first place.. let’s not forget that.

And let's not forget that many players don't even know that ... and yes you'll come back with 'then they should have read the ToS and the circle might be square anyway... but how many of those truly have bad intentions? I'm sorry but the 'starting looking for trouble by' really irks me.

But when you have 20 accounts on a several devices (3-6 different Apple IDs) that you have interchangeably bought gems and packs on over the years, now try answering that question. It’s completely impossible.

Bottom line, I totally get what you’re saying overall and hopefully if my email address ever changes I’ll get a great support agent. But the horror stories don’t instill confidence, and the only point of my reply is to hammer home the point to Supercell that THEY really should come up with a better way of authenticating accounts, and f2a would be an obvious improvement.

Make that Apple ID's, Android devices and through gift cards received ... and I've had people over who logged on with their accounts on my tablets so I could gift them a gold pass, or some gems ....

I think it is very rarely users being deliberately dishonest. They just leave out information they didn't think relevant.

Is there room for improved security? Yes, I'm sure there is.

I do think it more secure than many of the posts here would suggest, but that doesn't make it perfect, by any means.

Personally, I would like to see the addition of 2FA. Which should only be required when first connecting from a new device, or at intervals of something like 90 days when connecting from the same device(s) you have before. But I am already familiar with 2FA (I use it for my gmail, for slack, for lastpass, and a couple of other things), many players wouldn't be. I suspect this is another thing where people on here tend to be a bit more tech savvy than the average.

This seems like an excellent solution, it's something already used widely and yes, it's not perfect, but Darian, others and you (and even me myself) are correct when you/we say: the weakest link is the human factor. And there are remedies to at least mitigate the damage (and I'd say make life easier for Support, A LOT easier even)

[Kaptain Kat]

And let's not forget that many players don't even know that ... and yes you'll come back with 'then they should have read the ToS and the circle might be square anyway... but how many of those truly have bad intentions? I'm sorry but the 'starting looking for trouble by' really irks me.

You know what really irks me... that people get themselves into all sorts trouble in all sorts of different ways and then it’s everyones fault except their own and they fail and refuse to take ownership of their own screw ups. However everyone else need to shovel their dirt for them and fix their problem and then also on top of that hand over accounts they can’t prove is theirs and has a dodgy history at best ... it’s everyone’s fault and they point fingers in all directions. Where’s the ownership in the mistakes they made here in the first place ? Which are several at that point I might add.

Someone always gets a bad itch for a phrase used to explain things but people need to take some bloody responsibility for their own damn bull manure.

Come on. That’s not fair one bit.

[chilepepper101]

You know what really irks me... that people get themselves into all sorts trouble in all sorts of different ways and then it’s everyones fault except their own and they fail and refuse to take ownership of their own screw ups. However everyone else need to shovel their dirt for them and fix their problem and then also on top of that hand over accounts they can’t prove is theirs and has a dodgy history at best ... it’s everyone’s fault and they point fingers in all directions. Where’s the ownership in the mistakes they made here in the first place ? Which are several at that point I might add.

Someone always gets a bad itch for a phrase used to explain things but people need to take some bloody responsibility for their own damn bull manure.

Come on. That’s not fair one bit.

In total agreement. just about every thread about lost account becialsy says "account stolen! support wont help me! not at all my fault!

and they reply to every piece of advice with "no! That Wont Work!'

makes me sigh in exasperation every time i see one now.

[ESCANOR0803]

We need to remember that help and support people are also humans, mistakes can be on their part as well.

[chilepepper101]

We need to remember that help and support people are also humans, mistakes can be on their part as well.

in game support is run by sparky and auto. do they hook you up with an employee if your problem isnt resolved?

[JusMe]

We need to remember that help and support people are also humans, mistakes can be on their part as well.

An important part of being human is accepting that mistakes happen - for everyone.

But when someone from an external company to SC (support it outsourced) decides some account gets a ban, like often happens when for instance clannies try to help a clannie, or someone trying to get back one of their old bases to which they don't have access, there is nobody a player can turn to in case of a mistake ... Everything is cut off from the moment the base is locked....

From the responses we receive from support it's clear that many of them don't play the game, which doesn't help.

Now I am the first to always type - in caps even sometimes - to NEVER contact support on someone else's behalf ... especially since the 'support' option is disappearing for F2P accounts, when someone comes on here and complains, but still...

Support has a tough job, I totally agree, and having worked in other types of support myself I know how hard it can get.
What comes to mind is (as stated before) that here also an extra layer of security with SCID would be of great benefit.

But - this is a different topic altogether, so I'll stop my response.