Adding 2FA (Two Factor Authentication) for account

Hello! give me permission to send a suggestions to make gdevelop better :heart:

is it possible in the account settings to provide a 2-step verification option (such as requesting an authentication code from email to log in) when logging in? This makes gdevelop users’ accounts feel safer and more secure :smiley:

What is 2FA (Two Factor Authentication)?
2FA requires a second factor to verify a user’s identity. Common examples include tokens generated by a registered device, One Time Passwords, or PIN numbers. The mere presence of two authentication methods improves your security posture significantly—in fact, according to research from Symantec, 80% of data breaches can be prevented by 2FA, While the security benefits of 2FA are well documented, adoption has been a widespread problem. When Google first introduced the option to have two authentication methods applied to their accounts, less than 10% of users adopted 2FA over the course of over 7 years. According to Google one of the reasons why they did not require 2FA was due to the inconvenience it caused users, noting that >10% of users who tried 2FA, failed to enter the SMS authentication code correctly.
I really request that this feature be provided for the security and convenience of gdevelop users. I would love to have this feature implemented in the next version, I would really appreciate the developers trying to make gdevelop better!

type F2A which at least exists/desires
Email Confirmation:

The application that implements 2FA Email Confirmation will confirm the email by means of the user having to fill in the required code on the engine, where the code is listed in the user’s email, this code can be a numeric code which must be entered into the Engige application in order to log in.

Making authentication more about the user and less about the attacker
Forward-looking businesses will look beyond passwords and improve API authentication as a means of enhancing the user experience, reducing the success rates of phishing attacks. Attackers will no longer benefit from the weaknesses of passwords by incorporating more secure authentication methods. Imagine, so many developers try as hard as possible to develop their dream game, they put the game in the cloud , but suddenly their account is stolen and the game can’t be developed because it can’t access the cloud at all, and they lose complete control over what he creates and the account… this is very sad.

Thank you :heart:

Solution: just don’t go online to prevent attackers from stealing your never-made game.

1 Like

No way, like it or not we are required to enter a gdevelop engine account so we can build the results of the work we do for mobile or desktop using a one click package.

just info, I have made a game from gdevelop which has been published. more than that, there are many of my freelance client projects that use gdevelop, gdevelop means a lot to me.

Just for some clarity here, you are required to enter a account (not an engine account) to use the cloud services. You can build desktop and mobile games locally, without an internet connection, so long as you have Yarn and the electron-builder binaries (for desktop), or Cordova (for mobile).

Once it is set up it only requires two command line entries instead of one click in the menu, but it’s an easy viable alternative to using the online account system if you’re concerned about security.

The above is just clarification info. I agree that any account system should allow for TFA/2FA.

1 Like

thanks for the clarification!
That’s right, what I mean by engine account is the account, I hope the account allows the 2FA system to make gdevelop better :heart: