90344-carbine-2-step-verification-explained

Content
{| style="width: 100%;"

The keypad has very little to do with adoption. It's annoying the first few times. You're just sensationalizing. Having a physical authenticator, as Blizzard does, is the best solution to greater adoption. There's a lot of people without smart phones, and they are either ignorant of software-based MFA clients, or they are not software-savvy enough to use them. Hardware-based MFA devices are dead simple. Perhaps Carbine could make existing devices, such as Ezio devices, work with WildStar.


 * }
 * }

{| style="width: 100%;"

They are working on that.


 * }
 * }

{| style="width: 100%;"

The issue is that randomized keypads and clicking instead of typing does not increase security by any meaningful amount. It's the same thing as his "adding inches to a mountain" metaphor. The fact that these 2FA codes need to be obtained in real time means that someone is being targeted, and if someone is being targeted, the person who is hacking them will know what needs to be done in order to get that code. There are easy ways to get the code even through the way Wildstar handles it. There was even a video posted on reddit of someone creating something and doing this I believe. So there's no "weakened" account security by typing in a 2FA code. You really think banks and WoW and almost every other company that uses 2FA and lets users type in the codes are wrong? There are tons of better explanations about why it doesn't make a difference on reddit as well, much better explained than I could.


 * }
 * }

{| style="width: 100%;"

The input being on a separate screen is indeed a better idea then what Blizzard later changed their system do. Blizzard recently launched a launcher that saves your authentication state at your current location, this is basically what steam guard does, and that could be a possible solution. Every new location the code is requested, every known approved location does not, but Blizzard still deals with thousands of compromised accounts daily even after all their options to protect your account

They have already implemented a solution similar to Steam Guard.


 * }
 * }