Page 2 of 28 FirstFirst 123412 ... LastLast
Results 11 to 20 of 275

  Click here to go to the first staff post in this thread.   Thread: How 'secure' is SCID?

  1. #11
    Well, instead on relying only on something that I know, use also something that I own/possess. I知 not a security expert here.
    Companies start moving from knowledge factores to recovery or do major changes on accounts. For instance, many use mobile number to send a text message with a code. Use questions to authenticate someone is not very secure, for the reasons you already said.

    And, I知 not naive to say I値l never fall in to it.
    Last edited by Terminator1986; January 18th, 2021 at 10:23 AM.

  2. #12
    Well, some additional layers of security should be added from preventing the scammer to change their email address.

  3. #13
    Forum Veteran Ullaspn's Avatar
    Join Date
    Dec 2019
    Location
    Forest of main village
    Posts
    1,753
    Quote Originally Posted by Terminator1986 View Post
    Well, instead on relying only on something that I know, use also something that I own/possess. I知 not a security expert here.
    Companies start moving from knowledge factores to recovery or do major changes on accounts. For instance, many use mobile number to send a text message with a code. Use questions to authenticate someone is not very secure, for the reasons you already said.

    And, I知 not naive to say I値l never fall in to it.
    What about international calls.

  4. #14
    Forum Veteran Ullaspn's Avatar
    Join Date
    Dec 2019
    Location
    Forest of main village
    Posts
    1,753
    Quote Originally Posted by Darian[Supercell] View Post
    I can't really stop you, can I? :-P
    Well you can't stop me but the coc reddit doesn't allow gallery post so couldn't upload the screen shots 😂

  5.   Click here to go to the next staff post in this thread.   #15
    Darian[Supercell]'s Avatar
    Join Date
    May 2017
    Location
    Under a Rock.
    Posts
    5,945
    Quote Originally Posted by Kannukanhashubhang View Post
    Well, some additional layers of security should be added from preventing the scammer to change their email address.

    Such as? If a person is so careless with their personal information that a malicious party is able to gain enough of it to take over account, it's likely additional security layers would be useless.

    However, 2FA is a route we could likely explore for extra security.
    AKA Tank Puppy
    https://twitter.com/Devourlick

    If you have account-related questions like account bans or Supercell ID issues, please contact Player Support at this link. Please note that Community Managers and Forum Moderators are unable to assist or answer any account-related questions.


  6. #16
    How about a waiting time period of minimum a month to get the email id changed. Till then a player should confirm via in-game inbox whether he wants to change his/her email id.

  7. #17
    Forum Hero JusMe's Avatar
    Join Date
    Feb 2017
    Location
    amongst the stars
    Posts
    6,932
    Quote Originally Posted by Darian[Supercell] View Post
    Again, this comes down to how secure someone is keeping their information. A Supercell ID will display the "Expired" message when the email address assigned to a Supercell ID has been removed and another email address has been attached to that Supercell ID. The most common situation this happens is when someone has gained access to enough of a person's account information and have provided it to a player support agent during the account verification process.

    Support generally allows a one-time exception to allow an email address assigned to a Supercell ID to be changed. This scam usually happens due to the above situation I mentioned when someone is "giving away" a high level account and provides an email address to the scammer, along with any relevant account information the scammer can use to steal the account.

    As I said before, this boils down to how willing people are to give away account information to scammers.
    Darian, part of the point of this post is that people are now capable (or at least it seems that way) to change the email for an account by merely giving the account name, account ID number and TH level in a chat screen with the sparky or otto thingy, without any checking taking place. For some also the clan the account is or was last in it seems... This information can easily be found by checking ClashOfStats ...

    If this is true, all of our accounts are at risk... so I will ask again: is this true? This should be easy to check for SuperCell, with all of the information you are saving for accounts. Check the thread I linked in my previous comment for examples?

    SC can check for all of these instances if for instance that one email change was requested from a different IP that the account is usually played from? and subsequent requests for codes were from the IP address commonly used for that account??

    And no, of course I'm not asking to have information from these examples published here in the thread, but at least some confirmation that our accounts are more secure than this?

  8.   Click here to go to the next staff post in this thread.   #18
    Quote Originally Posted by Darian[Supercell] View Post
    What do you mean by "ownership factor"?
    He is suggesting that there should be some form of two-factor authentication.

    Such as when you set up SCID, you also have to give a mobile number, and any change request would only be authorised after sending a code by text to that number which has to be confirmed by the person requesting the change (in addition to answering the questions, not as a replacement).

  9.   Click here to go to the next staff post in this thread.   #19
    Darian[Supercell]'s Avatar
    Join Date
    May 2017
    Location
    Under a Rock.
    Posts
    5,945
    Quote Originally Posted by Kannukanhashubhang View Post
    How about a waiting time period of minimum a month to get the email id changed. Till then a player should confirm via in-game inbox whether he wants to change his/her email id.
    So if a player gets fired from their job and loses access to their email address they registered, we have to force them to wait a month before they can play again? That's not a very efficient way of doing things.

    One of the challenges about adding extra security to SCID is that we also have to balance between convenience and ease of use. For example, if we added a 2-Factor Authorization system for every time you logged in to your account, this would be incredibly troublesome to those who have multiple accounts. One of the whole points of the SCID system is to allow you to swap between multiple accounts quickly as easily. If you had to verify your account through a 2FA app every single time you switched accounts, this would be a monstrous time consuming task for people with multiple accounts.

    The system has to be streamlined enough to allow players to get into the game as quickly as possible and swap between accounts as easily as possible. It should also allow players who can verify their information to manage that account as well. As long as people are secure in their data hygiene, there is no issue.

    Again, we could add a million layers of security. But we can't control how careless people are with their own information. There is NOTHING we can do about that.
    AKA Tank Puppy
    https://twitter.com/Devourlick

    If you have account-related questions like account bans or Supercell ID issues, please contact Player Support at this link. Please note that Community Managers and Forum Moderators are unable to assist or answer any account-related questions.


  10. #20
    Senior Member
    Join Date
    Nov 2016
    Posts
    251
    Quote Originally Posted by Darian[Supercell] View Post

    One big one is when multiple people in a Clan share a single account for purposes of doing each other's Clan War attacks. This is quite common in many social multiplayer games, and isn't isolated to Clash of Clans.
    Is this allowed?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •