Saturday, June 05, 2021
Security gone crazy
My bank account is using an app on my phone to validate my login; and as my phone has facial recognition, I just need to press confirm, and I'm in. Relatively painless, fast, and easy. Other applications are not quite that easy:
On the Epic Games Store there are free games every week, so I login once per week to check out whether I want that game. That is already more complicated than getting into my bank account. Although I am always on the same desktop PC, the Epic Games Store app always forgets me, in spite of the "remember me" setting. So first I am presented with an extremely long list of options of how I might have identified myself to Epic. I need to remember which of them I chose initially, then type in my userID and password, then Epic sends an SMS to my phone and I need to put is that security code.
This week I decided to "buy" the free game of the week, Frostpunk, for €0. And for this "purchase", Epic gave me a €10 coupon to use in their ongoing mega sale. Now I had already considered buying Assassin's Creed Valhalla at €15 off, and with the coupon it was €25 off, so I tried to buy it. Which kicked into gear another series of security measures, culminating in a screen popping up asking for my parental control PIN. I never set up a parental control PIN! So I had to navigate to Epic Games website, log into my account there, set up parental control, and then disable it. That caused the parental control screen of the Epic Games Store app to freeze, so I needed to kill the app, and start anew. Only of course when I tried to buy AC Valhalla, the Epic Games Store told me that I couldn't purchase it because I already was in the process of purchasing it.
I close all programs and reboot my computer. Now suddenly the Epic Games Store app tells me that I have already bought AC Valhalla, and I can install it. Only, to install it, I need to link my Epic Games Store account with my Ubisoft Connect account. Which of course requires me to go through the whole rigmarole again, this time for the Ubisoft site, userID, password, two-factor identification code via my mobile phone. The whole process of buying a game online took nearly as long as driving to a shop and buying a physical copy!
Is it just me, or have the security measures for games stores gone completely crazy? Why is it easier for me to do a €1,000 bank transfer than to buy a game for €34.99?
Comments:
<< Home
Newer› ‹Older
I think it is a combination of buggy processes (the not working remember me, parental lock and crashes) and every darn company demanding its own implementation of the store, the drm and the authentication. Because they could have used some openID thing, like appleid or googleID.
One thing banks can do very well is verify that their customers are who they say they are - they have access to the ID documentation used to set up your account, a history of activity going back years, and the face ID on your phone isn't the only way they can verify that it's actually you using it. Games companies don't have all of that... although it sounds like Epic has a pretty shoddy implementation and crappy user journey.
I think there's a role for banks to provide identity and access management services for customers to other companies, in the same way they provide credit card payment services. That way instead of every website potentially holding your personal data for ID purposes, they would pop up a secure login screen that connects to the bank, and the bank returns a token that says "Yup, this is Tobold". That way all of your personal data is kept in one secure basket that's already subject to regulators. Some of the Scandinavian countries are already moving this way, I understand.
I think there's a role for banks to provide identity and access management services for customers to other companies, in the same way they provide credit card payment services. That way instead of every website potentially holding your personal data for ID purposes, they would pop up a secure login screen that connects to the bank, and the bank returns a token that says "Yup, this is Tobold". That way all of your personal data is kept in one secure basket that's already subject to regulators. Some of the Scandinavian countries are already moving this way, I understand.
Well, that's anecdotal and almost the complete opposite for me.
My Epic Store starts with the PC, automatic login and barely ever any relog required. Login to Ubisoft is seamless as well, saved password from the browser and I'm in.
That said I don't have 2FA active on either.
My main bank has an app that requires you to type you password. No facial recognition or fingerprint like my other bank. You know what's annoying? Typing a password on a phone.
My Epic Store starts with the PC, automatic login and barely ever any relog required. Login to Ubisoft is seamless as well, saved password from the browser and I'm in.
That said I don't have 2FA active on either.
My main bank has an app that requires you to type you password. No facial recognition or fingerprint like my other bank. You know what's annoying? Typing a password on a phone.
I haven't had any problems with the Epic store. It's just a password. I like using passwords. They're simple and easy. Facial recognition, though? That's super-creepy.
I think you've been very unlucky, maybe a combination of events. I've never had an issue to be honest. The occasional "forgotten" user is always easy to fix (sometimes I just update the password, if I can't remember it).
Post a Comment
<< Home