July 19th 2016
With the introduction of Two-Step Authentication Security for Star Citizen, you can now protect your account with an additional level of security.
As a standard security measure, your accounts are protected by a username and password. However, against a determined security breach attempt, this might not always be enough to keep your account safe. This is where two-step authentication comes in.
When you have two-step authentication enabled, you will sign in with your username and password, then you will be required to enter a uniquely generated code, which is sent to your email address or through our new authenticator app (available on Android and iPhone). So even if your username/password is compromised, a unique access code will also be required to enter your account.
On top being able to get your randomly generated access codes from the Star Citizen Authenticator, users are also able to use, Google Authenticator, Authy, Microsoft Authenticator and any other TOTP/HOTP-based applications.
You might think the extra layer of security is just an annoyance, having to enter a unique code every time. Not true! When your extra layer of security is enabled, you will have the option (in the settings) to make certain devices, desktop, laptop, tablet, etc “trusted” devices for a specified period that you choose. Once this is done, the devices you use most frequently will not require you to enter the unique code each time. Also, in case you no longer wish to have a device be part of your trusted circle, you have the ability to remove its trusted status so that the next time that you login using that device you will have to use a unique code. You are in full control.
Securing your account is extremely simple and will only take a minute. First you will need to login to your RSI account at https://robertsspaceindustries.com. Once logged in, navigate to the settings in “My Account”. Here you will find a new tab on the left menu, called “Security”, where you will find all your security settings, including email, username and password.
If you have not setup two-step authentication yet, then you will have the option to activate two-step authentication. This is done by choosing the method by which you would like to get the uniquely generated codes, (email or mobile application). If you choose the email option, you will be sent an email to an address which you will have to confirm. From then on, you will get the uniquely generated access codes at that email address. If you decide that the new mobile authenticator app is more convenient, then you will see a QR code which you can scan from the app once it is downloaded on your phone. From then on, the app will be linked to your account.
You may also have multiple accounts on the authenticator app. Whichever method you choose, both can easily be activated from the new security tab in My Account settings, which will now act as the hub for your account’s security.
In addition to adding two-step authentication to your account, there are also a number of other simple steps that can be taken to ensure the security of your account and your information.
- Change your password occasionally. By doing this you avoid having a password that has been used for awhile, making it less susceptible to be compromised over time.
- Do not use the same password as other sites. As mentioned above, even if your password for RSI is safe, if you have used it for another site and that site is compromised, your RSI password has now also been compromised.
- Use a different email address than your account email, for receiving two-step authentication codes. Just in case your primary email is compromised or access is lost, you will still be able to get the security code to access your RSI account.
- Do not share your two-step authentication codes/backup codes or any other account secrets with anybody. Sharing your two-step authentication/backup codes on social media or with friends can increase the chance that these codes will end up in unsafe hands.