Quote from J.E.R.E_254 :

Hi Scawen, I have a simpler suggestion for recognizing accounts in the game (like passwords).

When you enter your username, a message will appear below confirming that the account exists on the page.

And with passwords, you could put an x if it doesn't match or a ✓ if it does.

I don't think it's necessary or sensible to show the confirmation "live" before unlocking - it does show "Your user name was not found" when you try to unlock with a non-existing user name.

Quote from Scawen :

Test Patch F15...

This test patch update reseted my Training completion. fix

Quote from J.E.R.E_254 :

And with passwords, you could put an x if it doesn't match or a ✓ if it does.

To make it more secure, the unlocking system should be changed from 2 to 4 attempts (since unrestricted accounts can still be accessed), not because of me, but because of people with bad intentions.

personally I wouldn't like it from security reasons, one of them being that it would potentially make 'getting access' to accounts-licensed accounts more easy.


And your second thought makes it even easier, honestly don't think there's much explanation that needs to be done.

Scawen, one question about unlock codes: I know they're not one-time type codes, meaning you can use that same code as many times as you want.

However, if I (or in worse case, someone else) request to send an email containing that new unlock code, will the old code that I've already used in-game instantly become obsolete? Or is it that unlock code becomes obsolete only after the new unlock code has been used in-game at least once?

If it's the former, better not to accidentally click that link In any case, the latter option is definitely safer, because there's always a possibility someone has found out user's LFS password for the site, but doesn't know how to access their email. In case the current unlock code becomes obsolete instantly when someone requests a new one, one can simply annoy other users by requesting new unlock codes and preventing them accessing LFS with their older unlock code.

Quote from tankslacno :

Scawen, one question about unlock codes: I know they're not one-time type codes, meaning you can use that same code as many times as you want.

However, if I (or in worse case, someone else) request to send an email containing that new unlock code, will the old code that I've already used in-game instantly become obsolete? Or is it that unlock code becomes obsolete only after the new unlock code has been used in-game at least once?

If it's the former, better not to accidentally click that link In any case, the latter option is definitely safer, because there's always a possibility someone has found out user's LFS password for the site, but doesn't know how to access their email. In case the current unlock code becomes obsolete instantly when someone requests a new one, one can simply annoy other users by requesting new unlock codes and preventing them accessing LFS with their older unlock code.

AFAIK it functionally works like your old password which gets checked by the master server when you request server list.

Quote from tankslacno :

If it's the former, better not to accidentally click that link In any case, the latter option is definitely safer, because there's always a possibility someone has found out user's LFS password for the site, but doesn't know how to access their email. In case the current unlock code becomes obsolete instantly when someone requests a new one, one can simply annoy other users by requesting new unlock codes and preventing them accessing LFS with their older unlock code.

When someone else gets access to your account and keeps requesting new unlock codes, you will see the e-mails in your inbox that you didn't request, which means you should immediately change your web password so they get logged out automatically.

Yes, clicking it does instantly make all obsolete.

I think it would be better if that link led to an intermediate page, where you could choose to:

1) send your existing unlock code to your email address
2) generate a new unlock code and send to your email address

(If you don't already have a valid code then only option 2 would be available)

So you would select one option then "Send" (or maybe just clicking one of the options does the send instantly). I don't think it causes any security issue and might be helpful sometimes.

I think this is also one way to solve the current issue that refreshing the page sends another code again.

Someone keeps resetting my unlock code. I logged into my profile page and changed website password. I don't use it on any other website and my e-mail is highly secured. This just brought a lot of complications.

Quote from Armageddon :

Someone keeps resetting my unlock code.

Can you explain what you mean, exactly what you saw?

The new version is now available.

Thank you for all the reports, help and discussions.

Forum thread: https://www.lfs.net/forum/thread/112094