Are you sure about that? That didn't happen to me when I logged in at my GF's apartment.

It says it is added in patch .18 for the game and is already on the account page.

My concern is not about people who get keylogged, but rather people who have their passwords brute forced.

I honestly don't see this becoming an issue. If a player uses a password like "password1" or "apples" or "elderscrolls", then they deserve to be hacked. People should be creative with their passwords and not be ignorant with them.

I agree, this needs to go!

They'll get the username anyways. I mean, to hack someone you need two pieces. It doesn't change really anything.

Weak fact. We'll soon see how that works I guess.

Other triple-A mmos have authenticators because they realize account security is a risk.

What is going to be funny is all the 15 year olds who pick a really dirty perverted totally inappropriate username are going to have that visible to everyone. So they are going to have to have some mechanism in place to change a persons username. Should be quite entertaining to say the least hehe.

Or they don't pay for security and pass the cost of authenticators to the user.

That's my point. Public usernames = only passwords need to be guessed. If usernames were hidden, a would be hacker would need to obtain a username first.

No offense but your password must be really really bad if you think that your username is halfway there to hacking you. It definitely is not, and other MMO's have used this system in the past with no problem.

It's not the hackers fault that your password is rubbish and easily hacked.

If that's the case then it's a good extra layer of security.

They..will..do it though. Someone deadset is going to hack you, public username or not.

Works just fine in every other game its used in.

@Sakiri.

Come at me.

what a one time password does is pretty much the exact same thing as an authenticator, just without an extra program or piece of hardware (btw authenticators can be hacked as well).

My password is fine, and my concern is not for those savvy enough to create one.

I can guarantee you a substantial percentage of users will not have a strong password. I also think that when thousands of them start complaining about getting hacked, it will harm the game's image and appeal.

What other major MMOs use this system? Not WoW, Rift, SWTOR, WAR, or any other big name title I'm aware of. There isnt as much money to be made by account theft in small games, and virtually none in P2W games.

How much does an authenticator cost to download? Probably less than a penny.

If I have your username and brute force the pw, since my computer is untrusted it will ask me fpr a code that is sent to the associated email address... that I dont have.

Id like that code to be able to be sent to my phone as an aside. Yahoo took over 3 hours to get the one for my website login after they added the system.

But..... why give everybody already half of your account login information for free? This account has your creditcard information tied to it. It is asking for problems. Do you know that many passwords are actually easy to gues? Here is a list of most common passwords used:

1 123456

2 password

3 12345678

4 qwerty

5 abc123

6 123456789

7 111111

8 1234567

9 iloveyou

10 adobe123

11 123123

12 admin

13 1234567890

14 letmein

15 photoshop

16 1234

17 monkey

18 shadow

19 sunshine

20 12345

21 password1

22 princess

23 azerty

24 trustno1

25 000000

I bet you can hack at least 1% of all accounts on ESO. And many of these people never come to this forum and read this message: Don't make easy to guess passwords!

and if the hacker already has that email, you are sol no matter what.

Lol. Im going to Hate for laughing at this.

Someone trying to hack you is going to do it. It doesn't matter if you are on a character name or a handle. That's all I'm saying.

Does that mean: Why bother to make it harder for them?

No, you're twisting my words.

As I said, we'll see.

Btw, authenticators rarely get hacked other than by researchers. Whenever you see hacks associated with authenticators in the real world, they are usually due to mistakes in installation and implementation.