Improving security: 2 way verification

[KrustyTheClown]

Hello,

I just wanted to inform if this is being looked at?
I asked this to Andrew last year and he said it would be discussed if I'm not mistaken.

With all the recent security leaks I think security should be one of the priorities for Unibet, not just for poker players but for any Unibet client.
Just google "Blueborne" for example.
I feel like any decent hacker could easily hack a Unibet account if it is only protected by a password.
I don't know how easy it would be for a hacker to get the money out though?
What happens if "you" add a new withdrawal method? Do you have to wait x amount of days?
What happens if "you" login from an IP that is in a different country?

Anyway, I feel like adding 2 way verification would make a lot of unibet customers feel more comfortable keeping large amounts of money on the site.
The technology is there. For example RSA has very good solutions.
I'm not an expert but I don't think impleting this in the software would be that much of a hassle?

I'm not sure what the extra cost would be?
I would be glad to pay like €20 or something for an RSA security token...
It would certainly give me some extra piece of mind :happy:

Cheers

[Sweeedeeen]

I want 2FA too. Not with tokens or etc, i think sms code when user change ip or computer will be ok.

It will be good for unibet too, because players will make less cashouts and deposit(if they loosing after cashout) and unibet will pay less fee to skrill, neteller etc.

[Livertool]

I am happy as it is, easy way in and out :) First of all you have to withdraw the same way you have deposited, at least the same amount you have deposit. Second of all, when i get large amounts in my account i withdraw most of it right away. And i don´t think that is SO easy otherwise it would happen all the time. And when i have money on my account, i use the site all the time so it is easy to see if there is some action i havnt done my self.

[mgermo]

"I want 2FA too. Not with tokens or etc, i think sms code when user change ip or computer will be ok."

I second that. Just some verification from new ip.

[KrustyTheClown]

@DavidP_Unibet Will you please comment on this? :)

[KrustyTheClown]

Nevermind, I just saw your reply on 2p2 :) I'll hear it when there is some news about this...

[Zipfil]

@KrustyTheClown

1: Unibet would not accept a withdraw from your account unless it is verrifyed already, in your name and so on.

2: To "hack" your account is not as easy as you think, if you just do the following:

Do NOT tell anyone what your registred e-mail @ unibet is to anyone, if you have ask support to help you registre a new one.

Also make or have a password that even a "brute force" attack gonna have problems with, like minimum 10 letter\diget mixed and some Capital letter in there.

3: Never write down or let your Browser automatic save username\password for any web page.

Again , dont tell anyone and if you share or let family\friend use your computer, make a Guest account for them.

Zipfil

[KrustyTheClown]

thanks Zipfil :)

[MoreTBC]

2FA bump. Is this ever happening?

[RayL]

@MoreTBC This is something that is yet to be raised to the development team. I've heard talks and the Security department is aware of the request though. I also completely agree with what @Zipfil mentions above. Even though it's not obvious and players don't always notice them, the security processes are active and it's not only a password that protects an account.

Before a payout is mage for example the withdrawal passes through multiple filters within the Security and Payments departments. Allot of factors are taken into consideration like IP, Method used to withdraw in correlation with the one used to deposit, the verification of the account, number of unsuccessful deposits and withdrawals, 3DS used or not but I won't bore you guys with the specific details.

We'll be sure to update you guys whenever it will be implemented but at the moment it is not something that is on the front row in development.

 

/Ray