Jump to content
Shenna

Two-Factor Authentication & Fighting The Good Fight

Recommended Posts

2faanouncement.jpg

Dear Community,

Tomorrow marks our first major event of 2017! Since our project began, the community has voiced their desire for a fresh realm. Tomorrow, January 7th, we will be launching the Elysium PvP realm at 6:00 PM GMT+1. We hope you are all as excited as we are!

There has been a lot of discussion lately about hacked accounts and gold selling. As a result, we have developed some new tools to help combat these issues.

Two-Factor Authentication

As the first vanilla legacy server to use 2FA we feel it will not only protect countless accounts from hackers, but is also a big step in the direction of establishing legitimacy. Now, let’s get into the details of how the system will work.

You can enable one of the two following solutions:

IP Lock with authenticator: if you log in from an IP that is different from the last one you used to connect to the game, you will have to enter a verification code.

Always use authenticator: you will always have to enter a verification code on login.

Both solutions work for web and game authentication.

In order to enable (or disable) a two-factor authentication solution, you will have to confirm it through an email. We know there have been issues in the past with our web servers reaching the allotted amount of emails we can send certain providers such as Yahoo and Hotmail. Because of this, *we ask that you be patient in waiting for the confirmation emails and only retry them once an hour.

While this authentication will be optional, we strongly advise that you keep it enabled at all times. With the protection offered by 2FA in conjunction with having a strong, unique account name and password, your account is impenetrable. To add to that, you can also change your password regularly.

Fighting the Good Fight

As you know, we have a zero tolerance policy on gold selling and buying which means that once caught, you will have your account permanently banned. We will not apply a lighter sanction, as it would encourage such poor behavior.

We will always continue to combat gold sellers to the best of our ability. However, the only guaranteed way to stop gold sellers in their tracks is to stop buying. As long as there are buyers, there will be sellers which come from all over the world despite popular belief.

As we enhance our tools, gold buyers and sellers will become less and less common.

We are just getting started in this war, and we would like to share our first numbers: In the last 10 days, over 2,700 gold buyers and sellers have been banned. This has removed nearly 700,000 gold as a result.

It is important to note that the leaked goldseller database contained 1,100 names from Elysium. Of those 1,100 names, more than 90% were already investigated and banned prior to the leak.

Of these 2700 bans, there have been countless ban appeals and only 2 bans turned out to be a false positive. The gold sellers will no doubt explain that they have some convoluted method to securely transfer you the money. They are lying or we are not onto them, yet. Either way, you are paying them money to eventually ban your account.

There has been some talk on social media and in-game that these gold companies are attempting to DDoS us in retaliation for denying them. Our hosting providers are very good, but a 1,000 GB/s DDoS attack is not something any provider is going to be able to handle.

However, these attacks are a double edge sword. They are very expensive to maintain, and the majority of their threat lies in scaring their targets.

Too put it bluntly, we are not scared, and we are not going to stop hammering them from all angles. If the community bands together to put an end to buying gold on their end, and we continue to deny these sellers wherever possible, we will bleed them dry of resources. It is our goal to leave them no option but to give up and move on to prey that doesn’t bite back.

In the end, the message is simple: Gold. Not even once.

Share this post


Link to post
Share on other sites
Quote

Access denied. :(

You do not have the clearance to view this confidential page!

 

This happens when I click the link I get via mail.

Share this post


Link to post
Share on other sites

This is beyond awsome IF you keep it up and IF the community actually smartens up.

Very good job Elysium.

If you maintain this path then you truly are the champions that I hoped you are.

Share this post


Link to post
Share on other sites

Good to hear, compromised accounts is definitely a high priority issue here and 2 step authentication is the absolute best solution to it. 

Edited by Shiamorah

Share this post


Link to post
Share on other sites

Excellent progress and a useful feature to avoid further account scamming. Keep going like that and things will be fine :)

 

However, Elysium is not first server having 2FA. several other pservers had it already working years ago including apps for mobiles. An example I get in mind would be Neverendless WoW (Few years ago a popular realm, their app is still in the Playstore) and other servers with various expansions including Vanilla.

For example on Crestfall it has been implemented in 2014 (Related videos from that time still exist).

Share this post


Link to post
Share on other sites

How do you get access to this mail to enable Two-Factor Authentication? Can't find a link anywhere.

 

Oh and big thumbs up to the Elysium team for taking serious measures in the battle against the buyers/sellers!

Share this post


Link to post
Share on other sites

can not be confirmed.
mail came CODE. but then he says this is

Access denied. :(

You do not have the clearance to view this confidential page! 

 

 

 

Share this post


Link to post
Share on other sites

This is phenomenal news. I'm glad to see you guys are holding strong! There's a lot of passion on the Elysium team.

Two questions:

1) Will there be any two factor authentication option for those of us who don't have a smart device?

2) A few folks I know have been getting in-game mail from gold sellers. Ostensibly, one of those people was sent 1g through the mail, as a kind of "free sample." Is that something you've seen happening, and could a person get banned for randomly receiving gold through the mail system?

Share this post


Link to post
Share on other sites

Failing for me as well.

Trying to enable it, from the verification mail, just returns an "Access Denied :(" reply.

Edited by Gehere

Share this post


Link to post
Share on other sites
17 minutes ago, Scaevola said:

This is phenomenal news. I'm glad to see you guys are holding strong! There's a lot of passion on the Elysium team.

1) Will there be any two factor authentication option for those of us who don't have a smart device?

Well, I believe that just about any 2FA authentication software will do, and if you have Windows 10 as your main OS, just search for Authenticator from windows Store. Haven't tested myself yet, but *think* that would work. The only bad thing is, you are sort-of-like "PC-locking" yourself too... *edit* Well, at least the 2FA authenticator that pops up seems to work, Can't test 100% because get stuck (like many more) to "Access Denied" - window.

Share this post


Link to post
Share on other sites
56 minutes ago, Sasha301 said:

Access denied.

You do not have the clearance to view this confidential page! 

Seems to be the ongoing issue for everyone atm. :s

Share this post


Link to post
Share on other sites

Just read on Discord that it is not working yet.

Mesh is supposedly looking into it.

 

...   or so the rumour goes.

Share this post


Link to post
Share on other sites

Yes, unfortunately there is a little hitch with the website, which should be fixed soon.

Share this post


Link to post
Share on other sites

Enabled IP-lock, great to see this feature implemented.

Since I'm not getting prompted on my current IP I cant check, how do you actually enter the auth code in the game client?

And would it be possible for you to enable backup codes or something similar? What does the path of recovery look like if you lose your code generator, is the QR-code/text code in the mail valid forever?

Share this post


Link to post
Share on other sites

Using Google Authenticator. It scans barcode successfully, display Elysium Project(MyNickname) but when I try to enter six digit code to actually enable the lock, this is what i get all the time:

Quote

"The six-digit code you provided did not work. Please provide the latest one from the application."

 

Share this post


Link to post
Share on other sites

We in europe(or at least in sweden) does not have that particular authenticator in the windows mobile appstore howere we do have this one https://www.microsoft.com/en-us/store/p/azure-authenticator/9nblgggzmcj6#

However the QR code are missing in the mail and I can't enter the code manual since the microsoft authenticator doesn't allow us to use letters.  http://prntscr.com/dsl5qs

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×