Jump to content
Bathory Bane

A Detailed Guide on Adding 2-Step Verification for Windows [Image Heavy]

Recommended Posts

You should change the winauth link

 

Take note of this on the google winauth page:

 

Google code has changed their policy with regard to downloads so all future pre-built downloads will be available at WinAuth.com

Noted, thank you. :) Changing this now.

 

Edit: Done and done. Changed all instances of Wildstar for WildStar as well, may I be forgiven. :P

Share this post


Link to post
Share on other sites

hmm.. ive had a guide for this since launch.. eh. people are still going to be too stupid to understand or care for the importance of the authenticator .. 

Sorry, haven't found yours before writing this. Did a topic search and found a couple walkthroughs, but wanted to write this in more detail, so it's clear to someone who doesn't even know where to begin. As long as people start using the authenticator, no matter how they found their way, it's all good to me. :)

Share this post


Link to post
Share on other sites

Sigh. Every day i find at least a couple people on the forums wondering about this issue, either being confused or not sure if possible or how to get it done. So, bumping for them.

Share this post


Link to post
Share on other sites
Chillia   

An easier way to get approval for this sort of stuff is to PM your request to a moderator ;) 

 

- Team WildStar 

Share this post


Link to post
Share on other sites

Sigh. Every day i find at least a couple people on the forums wondering about this issue, either being confused or not sure if possible or how to get it done. So, bumping for them.

 

Congrats :)

Share this post


Link to post
Share on other sites
Kestriel   

do you know offhand if I need to deactivate 2 step to move it from my pc to a phone?

 

or is it just as simple as loading the app on my phone and continuing on?

Share this post


Link to post
Share on other sites

do you know offhand if I need to deactivate 2 step to move it from my pc to a phone?

 

or is it just as simple as loading the app on my phone and continuing on?

 

Pretty sure you can just use the same code and set it up on another device.

 

That's correct, I have WinAuth and use the smart phone app, I used the secret code to enable WinAuth then scanned the barcode to enable it on my phone, this way I can deal with any concerns on my account if I am not able to use my computer.

 

And this thread just continues to be useful for me, just learned to sync time to stop invalid errors and a bonus, setting a password for WinAuth (the entire reason I use it on two devices so I can combat a malware intrusion as OP described.)

  • Like 1

Share this post


Link to post
Share on other sites
KyDay   

Dear Carbine Community Manager Guy,

 

please please please forward this request to your designers.

 

I know why you did it, I know you were afraid of hacked clients, and in your panic you turned to the 2-step-authentication service.

 

Generally, this is a great idea: -> match a password with a code coming from a function calulating with a timestamp and another code.

This increases security to a level of unreasonable time to be hacked -> jackpot right?

 

Well it's the ultimately bad design of ur security that makes me wanna eat my fist every time i have to login ingame as well as to your website.

 

Let me go first against the website:

 

First of all, ncsofts website security from usability point of few is utter failure, pure shit.

The IPv4 tokens dont work outside of america. Having to enter a verification code from my mailbox every single day is just plain annoyance.

Please remove that crap and provide a setup of an ingame password, which need to be used in order to change it via webinterface and allow a different password for the webpage.

Even better, connect ur account with the authenticator generator - gg.

 

Anyhow the current setup is shit as it is, due to technical failure. Your websites encryption level is bad. As of now, the ciphersuits awailable on your servers TLS/SSL implementation are outdates,

meaning already hacked. Guess why so many users lost their accounts. They logged into the web and god screwed.

 

If people tend to have keyloggers on their pc, their fault. But offering a seemingly secure connection with bad ciphersuits is just plain technical incompetence.

Please redesign.

 

The second part goes to the ingame authenticator input system - yeah that cliky interface game.

Nice effort but coloring crap pink doesnt make become better smelling.

 

The issue here is that it is annoying like hell without any benefit.

There simply is discussion point that justifies this design.

 

Keylogger? Doesnt matter with 2-way auth but still loggable via robotics api reading pixels. -> design reason busted

Bruteforcing? 2-way auth alone kills this pattern -> design reason busted

 

All other unconventional attacks are also taken care of by 2-way auth.

 

So there is no reason whatsoever to come up with this nasty input interface.

Please please make it so we can input the code via keyboard.

 

Lastly,

 

just give as an option to remove the freaking password entirely and solely rely on auth code login.

 

The mathematical unlikelyhood of hacking someone with a keylogger or bruteforce doesnt even reduce due to the fact that auth code is required after password,

which means that the password is already known at that time -> therefore completely useless.

 

Summarizing, please redesign, propely, update openssl implementation on webserver, remove verification email or at least check versus registered ISP, remove auth code input.

If in future you need any design consulting I will be happy to offer my services to actually come up with a good solution. 

 

Regards

KyDay

Share this post


Link to post
Share on other sites

I tried it for a day, but it was so annoying to go get my cell phone at EVERY login - and I get bumped/have to login like 10+ times a day.

 

My suggestion: limit 2-step to "machine authentication" so you have to use it to verify a new computer, but from then on, don't require it for every single login from that computer.  Until then, it is too high a barrier of entry.

Share this post


Link to post
Share on other sites
Scyrow   

I accidently deleted the app and now i cannot generate any codes, so i cant play and cant deactivate, what do i do???

Share this post


Link to post
Share on other sites
Chillia   

I accidently deleted the app and now i cannot generate any codes, so i cant play and cant deactivate, what do i do???

 

Contact our support team here with a ticket, and they'll look into it for you. 

 

- Team WildStar

Share this post


Link to post
Share on other sites
Eomark2   

How would this work if I have two accounts? Wouldn't the app on my computer generate a 6 digit code for only one secret code that I verified? How would the app know which account I logged onto and provide a good 6 digit code? Thanks.

Share this post


Link to post
Share on other sites
exotler   

Hello,

 

I returned to WildStar after few years and now I cannot login in game any more because I need to resynch the authenticator and I got a new mobile.

Also on my old account (exotrax) some how I cannot post on forums.

I e-mailed 3 times NCSOFT support but still no answer.
 

Any one can assist me please so I can get back my old account ?

Thank you in advance.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×