How 'secure' is SCID?

[maximooze007]

Hello
What is the meaning of Supercell Id login expired ?
I am not getting the code in email ?

(Few days back i contacted support to get removed login from all devices)

I am not asking any account recovery help just want to understand the meaning of these thing

Navigate all the way back to first page, Darian clearly explained what it is.

[JusMe]

Hello
What is the meaning of Supercell Id login expired ?
I am not getting the code in email ?

(Few days back i contacted support to get removed login from all devices)

I am not asking any account recovery help just want to understand the meaning of these thing

The 'expired' message means that the email address the account was linked to, has been changed to another email address. You no longer have access to this account.

Edit: Darian's post about it:

Again, this comes down to how secure someone is keeping their information. A Supercell ID will display the "Expired" message when the email address assigned to a Supercell ID has been removed and another email address has been attached to that Supercell ID. The most common situation this happens is when someone has gained access to enough of a person's account information and have provided it to a player support agent during the account verification process.

Support generally allows a one-time exception to allow an email address assigned to a Supercell ID to be changed. This scam usually happens due to the above situation I mentioned when someone is "giving away" a high level account and provides an email address to the scammer, along with any relevant account information the scammer can use to steal the account.

As I said before, this boils down to how willing people are to give away account information to scammers.

[APURV77]

The 'expired' message means that the email address the account was linked to, has been changed to another email address. You no longer have access to this account.

Edit: Darian's post about it:

Okay thanks

[NeoGen]

However, 2FA is a route we could likely explore for extra security.

I would like to see this implemented, 🤗

[NeoGen]

So if a player gets fired from their job and loses access to their email address they registered, we have to force them to wait a month before they can play again? That's not a very efficient way of doing things.

One of the challenges about adding extra security to SCID is that we also have to balance between convenience and ease of use. For example, if we added a 2-Factor Authorization system for every time you logged in to your account, this would be incredibly troublesome to those who have multiple accounts. One of the whole points of the SCID system is to allow you to swap between multiple accounts quickly as easily. If you had to verify your account through a 2FA app every single time you switched accounts, this would be a monstrous time consuming task for people with multiple accounts.

The system has to be streamlined enough to allow players to get into the game as quickly as possible and swap between accounts as easily as possible. It should also allow players who can verify their information to manage that account as well. As long as people are secure in their data hygiene, there is no issue.

Again, we could add a million layers of security. But we can't control how careless people are with their own information. There is NOTHING we can do about that.

but you could have an option to trust that device the first time you log on with MFA like some other sites do?