Looking at the recent forum posts about account breaches and stuff, I wondered why LFS doesn't have a two-factor authentication system? I think it could be a good addition as an optional choice for additional account security, via phone number or similar. I don't know how feasible this is technially, but is an interesting discussion point, what do other users think?

I dont think you need 2FA for a game, just be hygienic about internet exposure/security :
- Use password manager[pwm] (you only memorize one big password that you only use in one place to unlock the pwm. all generated passwords are random (attached image as example)
- Check the browser address bar and/or check the hyperlink text on the bottom of the browser before clicking hypertext or when visiting a website
- When using an app and someone sends you a link instead of clicking and opening the link, copy the link, paste it on the browser, verify website is what you expect or recognize
- If it's too good to be true, then don't.

I could bet my money that the 10% of LICENSED valid accounts "stolen", are "new" accounts, i.e iPad kids

Quote from cuni :

I dont think you need 2FA for a game, just be hygienic about internet exposure/security :
- Use password manager[pwm] (you only memorize one big password that you only use in one place to unlock the pwm. all generated passwords are random (attached image as example)
- Check the browser address bar and/or check the hyperlink text on the bottom of the browser before clicking hypertext or when visiting a website
- When using an app and someone sends you a link instead of clicking and opening the link, copy the link, paste it on the browser, verify website is what you expect or recognize
- If it's too good to be true, then don't.

I could bet my money that the 10% of LICENSED valid accounts "stolen", are "new" accounts, i.e iPad kids

The way LFS auth is setup though, there's really no great reason as to not have 2fa (even if it's email codes, but TOTP better) because you already have separation between securing your game account vs accessing the game.

Pretty much every online platform, including gmaes like iRacing and Steam offer some 2FA option or even OAuth (to allow another platform's TOTP/Passkey to secure the account)

From the latest post by Scawen it looks like only breach were people entering their LFS username and password in other websites or apps. Sounds harsh,but that's pretty much their own stupidity.

2FA shouldn't be a priority, sure better security is better, later update is worse.
The current system is working for 99(.9?)% of users.

Quote from gu3st :

including gmaes like iRacing and Steam

iRenting and Steam are not games, more like bank accounts where users dump hundreds (more like thousands) of FIAT money.

FYI: Fiat money is a type of government-issued currency, authorized by government regulation to be legal tender. Typically, fiat currency is not backed by a precious metal, such as gold or silver. Since the end of the Bretton Woods system in 1976 all the major currencies in the world are fiat money.
source

Quote from cuni :

2FA shouldn't be a priority, sure better security is better, later update is worse.
The current system is working for 99(.9?)% of users.


iRenting and Steam are not games, more like bank accounts where users dump hundreds (more like thousands) of FIAT money.

FYI: Fiat money is a type of government-issued currency, authorized by government regulation to be legal tender. Typically, fiat currency is not backed by a precious metal, such as gold or silver. Since the end of the Bretton Woods system in 1976 all the major currencies in the world are fiat money.
source

And was your LFS account free?