BoardsGameplay

@Riot: How to Improve Matchmaking & Security While Reducing Toxicity, Smurfing, & Account Selling

Subdue·2/24/2020, 5:01:42 PM·1 votes·4,466 views

Disclaimer: The suggestions below are specific to the NA server as different regions already have their own account creation requirements and I am not familiar with those.

Suggestion:

In order to improve matchmaking and account security while reducing toxicity, botting, account selling, and smurfing, Riot needs to implement two already commonly available and in-use features:

  1. Riot needs to require a mobile number for account creation.
  2. Riot needs to require two-factor authentication. For those unfamiliar with the concept, two-factor authentication basically means that in addition to providing a password to log in, the user enters a string of characters. This string is provided at the time the user is attempting to log in, either by text message or via an app which provides a new number every few minutes.

Why This Will Work:

On its own, requiring a mobile number for account creation will eliminate most casual smurfs – people who created a new account on a whim. With the additional barrier to account creation, most will simply opt not to smurf. Furthermore, by requiring a phone number, Riot can definitively tie users to accounts and thus prevent users that have been permanently banned from easily creating new accounts. Note: Some users will still be willing to change phone numbers, get a new phone, etc, but there will undoubtedly be fewer returners than we have currently.

With the addition of two-factor authentication, we accomplish several additional goals. First, the user will need to maintain the phone number associated to the account in order to keep using it. This basically eliminates account selling, as passing a phone number to a person is far more difficult than passing an email address. It also prevents people from using one-time online phone numbers for account creation, as they will lose access to their accounts if they lose access to the number. Finally, it eliminates the risk of accounts being stolen by password brute force or any other mechanism of password theft, as the thief will not be able to log into the account even with the password if they do not also have the phone that will receive the two-factor authentication code.

With the two above features together, Riot more effectively ties a person to their account, making an individual’s account far less expendable. As such, users are more likely to adhere to the rules, as account loss is closer to permanent. Furthermore, with fewer smurfs, matchmaking will improve as the newbie zone will be filled with mostly newbies. Finally, as a small added bonus, high elo players will experience slightly better queue times. Currently, due to the very long queue times for high elo players, many of them will create a smurf in order to play more quickly. Of course, this results in the pool of high elo players available to play being smaller than it needs to be. By reducing high elo smurfing, the high elo pool at any given time increases in size, reducing queue times.

Some Common Responss:

  1. People don’t have phones. This may be true in some parts of the world, but it is not true in NA. 99% of people ages 18-49 have mobile phones, which accounts for the majority of League’s player population. The number is likely close to that for 13-17, which is also within the target demographic.
    Furthermore, lack of a mobile phone most likely correlates with lack of solid, in-home internet connection as well, which further reduces the overlap between League players and people without mobile phones. https://www.pewresearch.org/internet/fact-sheet/mobile/

  2. Privacy concerns. Yes, a phone number is one more piece of information that players would be providing to Riot, but in the grand scheme of things, it is a relatively small and insignificant piece of information. There are already games out there that require a phone number, including basically every mobile game created in the last decade. Far more information gets posted on the likes of Facebook and LinkedIn. You even give your phone number to the grocery store for their coupons. Some might be deterred by this, but the numbers should be relatively low compared to all of the benefits.

47 Comments

Sylaelque2/24/2020, 7:02:51 PM6 votes

Dota 2 already using this system for Rankeds still it doesn't stop smurfs, scripters, account boosters. Unfortunately, this would only decrease number of normal players.

rujitra2/24/2020, 6:28:36 PM4 votes

So people can’t go to an Internet cafe and play League? Maybe you’ve been so privileged in your life you forget that those are not just alive but thriving in the US.

Voiceshiproot2/24/2020, 6:17:15 PM3 votes

Riot approves of account selling lol

Subdue2/26/2020, 4:38:55 PM2 votes

[garen-swing]

True Garen2/28/2020, 4:26:07 AM1 votes

Lowkey: Riot already knows which accounts are yours.

It's not a secret. If you deal with Riot CS about any issue where it comes up, they have no qualms about letting you know which other account of yours is involved.

They have many tools at their disposal providing this information incidentally: ip address, cookies, billing information etc...

Telephone numbers from mobile and Clash...

It's done already.

Sister meow2/24/2020, 6:08:20 PM1 votes

how about no

Subdue2/29/2020, 3:12:20 PM1 votes

[draven-pose]

Çhåryzård2/25/2020, 3:28:15 PM1 votes

Riot already tracks account boosters by tracking your IP address. Someone I know, years ago, went to go visit a friend in another state and took their computer with them. They played League while they visited and when they got home they had an email saying their account was banned because it was played on from a different IP address.

This was years ago so not sure if they still do it, but they really should and if your account is repeatedly being logged in from a new location you should be sent a warning and you should have to provide proof it is you.

If you plan on traveling and playing from a new IP address you're supposed to send them a ticket or something saying so in case your account gets flagged, but nobody really knows this because they don't openly say they track IP addresses.

Subdue2/25/2020, 10:55:50 PM1 votes

{quoted}

That's actually exactly what you've been doing this whole time. The starting point is "Riot creates League of Legends for the players".

You then moved the goalposts to "well, we really only need to care about 18-49 year olds" - for no reason.

Regardless, the goalposts have not moved - you made claims that I refuted. You attempted to refute my claims, but you actually committed a "privileged fallacy" - something existing that you can find does not mean it's applicable to everyone, and I pointed out quite clearly that one of those companies is likely a scam to get people to pay hefty "overage" fees and the other isn't available in large portions of the company. That isn't moving the goalposts - that's you missing the goalposts altogether with your "rebuttal".

Oh geez. I think you should go look up what things mean before trying to use them in a discussion. The privilege fallacy is a subset of ad hominem arguments, in which you attempt to invalidate someone's opinion based on some privilege that you feel they have. For example, if someone attempts to invalidate a white person's opinion on racism because they are white, that would be a privilege fallacy, as it attacks the person for their perceived privilege rather than opinion based on its merits. Another example would be if someone attempts to invalidate another's opinion on requiring a mobile phone to create an account on League of Legends based on that person owning a mobile number.

Now then, let's do some easy math here.

99% of people 18-49 have a mobile phone and 1% do not.

95% of people 50-64 have a mobile phone and 5% do not.

91% of people 65 and over have a mobile phone and 9% do not.

Statistics aren't available for League of Legends specifically, but let's make the obnoxious assumption that if a person plays video games, they play League of Legends. See the following: https://www.pewresearch.org/fact-tank/2017/09/11/younger-men-play-video-games-but-so-do-a-diverse-group-of-other-americans/

31% of people 50-64 play video games. Assuming the video game they all play is League of Legends, then the 31% of 5%, or 1.55% of people 50-64 would be affected.

24% of people 65 and over play video games. Assuming the video game they all play is League of Legends, then 24% of 9%, or 2.16% of people 65 and over would be affected.

Let's recap. If we make some obnoxiously absurd assumptions including:

  1. Any person who plays video games of any kind, on any platform, plays League of Legends.
  2. There is no correlation between owning a mobile phone and playing League of Legends (There obviously is).

Then we find that at most, 1.55% of people 50-64 and 2.16% of people 65 and over would no longer be able to play League of Legends.

Now, you're the expert on the coverage maps of phone providers apparently. Would you say at least 2/3 of the country is covered? I'll assume you would because it's obviously way more than that. But let's assume 2/3 as a super conservative estimate. That means for $15/month, those numbers drop down to 33% of 1.55%, or .5115% and 33% of 2.16%, or .7128%.

So, the question becomes, do I think eliminating virtually all risk of accounts being compromised, improving matchmaking, reducing toxicity, reducing smurfing, reducing botting, eliminating account selling, reducing boosting and overall improve the experience of players is worth maybe losing a fraction of a percent of the population? Absolutely I do.

By the way, fun fact. 12% of people 50-64 and 27% of people 65 and over never use the internet. How much smaller would the numbers above be if we included that stat? https://www.pewresearch.org/fact-tank/2019/04/22/some-americans-dont-use-the-internet-who-are-they/

ZephyrDrake2/26/2020, 1:53:45 AM1 votes

You do know how insanely easy it is to get a number? You don't even need to use your actual phone number. There are how many apps that give you random numbers? I used one when I created an email that REQUIRED me to give my phone number. This literally won't solve anything and would just inconvenience the people who have done nothing wrong.