Thank you SE for adding Google Auth support

**Krojack** · 04-28-2021 02:53 AM

I now feel even more secure being able to use the Google Auth (or compatible app) rather than your own one time password app. This means I can have the one time password on my primary phone, on a second device that sits on my computer desk 24/7 AND I can backup my codes incase I need to restore it to another device later. I no longer have to deal with using the emergency removal code. It's literally a last means effort to get back into my account now.

Now if only you could add an optional "remember me" for the PC login so I don't even have to enter my password each time I want to play the game.

**Valkyrie_Lenneth** · 04-28-2021 02:58 AM

Originally Posted by Krojack

I now feel even more secure being able to use the Google Auth (or compatible app) rather than your own one time password app. This means I can have the one time password on my primary phone, on a second device that sits on my computer desk 24/7 AND I can backup my codes incase I need to restore it to another device later. I no longer have to deal with using the emergency removal code. It's literally a last means effort to get back into my account now.

Now if only you could add an optional "remember me" for the PC login so I don't even have to enter my password each time I want to play the game.

Hooray added security! Now let me disable it.

It's not 2fa if you can disable it. Not really anyway.

Besides, it takes like, 5 seconds to log in.

Also, definitely recommend using something other than Googles. Not because it's bad, but because it's tied to your Google account. And if anything ever happens to that, poof.

I've never understood the complaint of having to log in every time. It doesn't take that long. I've had the physical token since 2010 and never felt the need to use the digital one. Push button type code play

**Krojack** · 04-28-2021 03:18 AM

Originally Posted by Valkyrie_Lenneth

Hooray added security! Now let me disable it.

It's not 2fa if you can disable it. Not really anyway.

I never disabled it.

Originally Posted by Valkyrie_Lenneth

Also, definitely recommend using something other than Googles. Not because it's bad, but because it's tied to your Google account. And if anything ever happens to that, poof.

100% false. Google wrote the code and made it open source. The app I use that stores all my codes doesn't even have access to the Internet. It's not even coded into the app to use the Internet. Also the app is open source.

Please learn about a system before making claims about it.

**Valkyrie_Lenneth** · 04-28-2021 03:20 AM

Originally Posted by Krojack

I never disabled it.

100% false. Google wrote the code and made it open source. The app I use that stores all my codes doesn't even have access to the Internet. It's not even coded into the app to use the Internet. Also the app is open source.

Please learn about a system before making claims about it.

I didn't say the app you use, I said the Google token specifically.

And not requiring it on login is basically disabling it.

I see most people recommending Authy.

**Krojack** · 04-28-2021 03:52 AM

Originally Posted by Valkyrie_Lenneth

I didn't say the app you use, I said the Google token specifically.

What does that even mean? Again using this on your FF14 account in no way links it to your Google account at all.

SE generates a unique code that's linked to your FF14 account. You input that code into the authenticator app of your choice. BAM you're done. Google is no where in the loop.

I've literally implemented this system into my own personal web sites and my companies administrative systems.

Here, go read how TOTP works. https://tools.ietf.org/html/rfc6238

Originally Posted by Valkyrie_Lenneth

And not requiring it on login is basically disabling it.

Take a lesson from other good providers. If I want to remember my login on MY OWN COMPUTER it's not any less secure. The one time password is to prevent people from logging into your account from other locations. I'm pretty sure some hacker isn't going to break into my house to use my computer and get into my FF14 account. Even then the OTP is still needed to log into my mog station account.. I'm referring to the game login. Consoles have the option to remember their passwords so they don't have to enter it every time.

P.S. Having to manually enter your password every time on your PC is a bigger security risk than remembering your login. Those that don't have the OTP on their accounts are more likely to get hacked this way if they get a rootkit virus on their PC.

**Valkyrie_Lenneth** · 04-28-2021 04:02 AM

Originally Posted by Krojack

What does that even mean? Again using this on your FF14 account in no way links it to your Google account at all.

SE generates a unique code that's linked to your FF14 account. You input that code into the authenticator app of your choice. BAM you're done. Google is no where in the loop.

I've literally implemented this system into my own personal web sites and my companies administrative systems.

Here, go read how TOTP works. https://tools.ietf.org/html/rfc6238

Take a lesson from other good providers. If I want to remember my login on MY OWN COMPUTER it's not any less secure. The one time password is to prevent people from logging into your account from other locations. I'm pretty sure some hacker isn't going to break into my house to use my computer and get into my FF14 account. Even then the OTP is still needed to log into my mog station account.. I'm referring to the game login. Consoles have the option to remember their passwords so they don't have to enter it every time.

P.S. Having to manually enter your password every time on your PC is a bigger security risk than remembering your login. Those that don't have the OTP on their accounts are more likely to get hacked this way if they get a rootkit virus on their PC.

If you use the Google authenticator app. The common one people will use seeing that it's easily available and has Google in the name, the app is tied to your Google account. (people commonly call otp applications "tokens")

If you then use that app as your XIV authenticator, and you lose access to your Google account, you lose access to XIV unless going through support of course.

I don't think you were reading what I was saying, only what you thought I was saying.

And if you have a rootkit, your XIV login is the least of your worries at that point.

I know what totp is. I was mostly just making a comment for people reading to be careful with the Google app.

It's a common issue if you read Google Auth app reviews.

**Doozer** · 04-28-2021 06:18 AM

Imagine seeing a thread thanking SE for adding extra security support and using it as an opportunity to talk down to or argue with someone. These forums are really something.

**Axxion** · 04-28-2021 06:44 AM

Originally Posted by Doozer

Imagine seeing a thread thanking SE for adding extra security support and using it as an opportunity to talk down to or argue with someone. These forums are really something.

And thats why these forums are best ^_^ /s

but going back on topic. I really like that added that as an option. The more options the better.

**Meta** · 05-04-2021 11:45 PM

Thank you so, so much for adding third party Authenticator support!

The official Software Token was major liability and massive inconvenience on mobile devices that can switch carriers on the fly. Carrier switching resets the Software Token, requiring the Emergency Removal Password to access your account. This would happen several times a week on my device, making it impossible to log into the game without digging up the Emergency Removal Password, removing the Software Token, and re-registering the Software Token.

Thank you, thank you, THANK YOU!

**MiniTofu** · 05-05-2021 01:37 PM

There are many 2FA you can use aside from Google Auth. I am using 1Password with built in 2FA.

Thread: Thank you SE for adding Google Auth support

Thread Tools

Search Thread

Display

Hybrid View

Thank you SE for adding Google Auth support