Looking at the recent forum posts about account breaches and stuff, I wondered why LFS doesn't have a two-factor authentication system? I think it could be a good addition as an optional choice for additional account security, via phone number or similar. I don't know how feasible this is technially, but is an interesting discussion point, what do other users think?

I dont think you need 2FA for a game, just be hygienic about internet exposure/security :
- Use password manager[pwm] (you only memorize one big password that you only use in one place to unlock the pwm. all generated passwords are random (attached image as example)
- Check the browser address bar and/or check the hyperlink text on the bottom of the browser before clicking hypertext or when visiting a website
- When using an app and someone sends you a link instead of clicking and opening the link, copy the link, paste it on the browser, verify website is what you expect or recognize
- If it's too good to be true, then don't.

I could bet my money that the 10% of LICENSED valid accounts "stolen", are "new" accounts, i.e iPad kids

Quote from cuni :

I dont think you need 2FA for a game, just be hygienic about internet exposure/security :
- Use password manager[pwm] (you only memorize one big password that you only use in one place to unlock the pwm. all generated passwords are random (attached image as example)
- Check the browser address bar and/or check the hyperlink text on the bottom of the browser before clicking hypertext or when visiting a website
- When using an app and someone sends you a link instead of clicking and opening the link, copy the link, paste it on the browser, verify website is what you expect or recognize
- If it's too good to be true, then don't.

I could bet my money that the 10% of LICENSED valid accounts "stolen", are "new" accounts, i.e iPad kids

The way LFS auth is setup though, there's really no great reason as to not have 2fa (even if it's email codes, but TOTP better) because you already have separation between securing your game account vs accessing the game.

Pretty much every online platform, including gmaes like iRacing and Steam offer some 2FA option or even OAuth (to allow another platform's TOTP/Passkey to secure the account)

From the latest post by Scawen it looks like only breach were people entering their LFS username and password in other websites or apps. Sounds harsh,but that's pretty much their own stupidity.

2FA shouldn't be a priority, sure better security is better, later update is worse.
The current system is working for 99(.9?)% of users.

Quote from gu3st :

including gmaes like iRacing and Steam

iRenting and Steam are not games, more like bank accounts where users dump hundreds (more like thousands) of FIAT money.

FYI: Fiat money is a type of government-issued currency, authorized by government regulation to be legal tender. Typically, fiat currency is not backed by a precious metal, such as gold or silver. Since the end of the Bretton Woods system in 1976 all the major currencies in the world are fiat money.
source

edit- additional non-requested or relevant (for the thread) information
FYI: Fiat money is a type of government-issued currency, authorized by government regulation to be legal tender. Typically, fiat currency is not backed by a precious metal, such as gold or silver. Since the end of the Bretton Woods system in 1976 all the major currencies in the world are fiat money.
source

Quote from cuni :

2FA shouldn't be a priority, sure better security is better, later update is worse.
The current system is working for 99(.9?)% of users.


iRenting and Steam are not games, more like bank accounts where users dump hundreds (more like thousands) of FIAT money.

FYI: Fiat money is a type of government-issued currency, authorized by government regulation to be legal tender. Typically, fiat currency is not backed by a precious metal, such as gold or silver. Since the end of the Bretton Woods system in 1976 all the major currencies in the world are fiat money.
source

And was your LFS account free?

I'm not saying that 2FA absolutely needs to be implemented right now,I don't want to slow the actual game update progress at all. I just wanted to see what thoughts of other people are on the topic. I agree with gu3st that more seperation between the game and the accoutn is better, but also cuni has a good point as in not to prioritise this.

It doesn't matter if it's iRental or steam or LFS or any other random paid or free platform, it should have some way of 2FA IMO. Passkeys would be great as well.

Make it optional, but implement it.
Those that care to use it will use it, everyone else can sit on their bum.

Quote from cuni :

...more like bank accounts where users dump hundreds (more like thousands) of FIAT money

I bet Porsche money would work better.

Optional 2FA would be nice, but also Scawen working on the main update would be even nicer, this incident doesn't look that huge.

About "just being stupid" - we are all stupid, one way or another. So anything protecting users better without adding too much friction would be nice. Nice to have. But also eating into development time.

Quote from gu3st :

And was your LFS account free?

Free = 35 eur / 1 500 eur = 2.33% ?

PS-I edited my previous post for your confort

ok guys i went on another tangent, so i went digging and searched "LFS wiki prices" to know how the price applied in average around europe and found this -


Didnt found what I wanted but found its pretty much free

It makes no sense why you're defending so strongly against security lmao.

Do you have a vested interest in making it easier for accounts to be stolen?

With an existing requirement for separate web and game passwords, a 2FA protection purely on the web account would be a good stop-gap solution.

Quote from gu3st :

It makes no sense why you're defending so strongly against security lmao. ...

Exactly, why is more security so bad? Even if we follow all of cuni's instructions in his first post in this thread, your account can still be compromised, more is always better.