Boards[ARCHIVED] Miscellaneous

Security Suggestion

Spoon408·4/25/2017, 6:51:46 PM·1 votes·282 views

Recently i got notification that my account was logged in another computer. Since I got the notification was able to take action and change the password (which I hope prevents more unwanted access).

All this was good, notification and password changed, but what if i didn't have the client open? Yap, would never know my account was compromised.... This leads me to the crucial questions: How long was my account compromised? How do you know your account is not compromised?

Unless we are logged into the client 24/7, we can't be sure... Even if the client is open, there is no notification of access to the account made from the web client...

My suggestion to tackle/minimize this situation:

  • Whenever an access to the account is performed from an unknown computer (mac address, devices spec, etc...) prevent any action to be performed until we perform a verification/validation of it (eg. send email with the "strange" access - similar to how google does when we access the email from a strange computer, but in their case a notification sent to the phone);
  • Have access to the list of last X number of access to account with relevant information such as IP address (location - country/city), computer ID, etc...

My intention here is to be able to take action if the account is compromised.

Please Riot, consider this or something similar with some priority. Cheers

1 Comments

Sarutobi4/25/2017, 7:13:39 PM1 votes

I believe they are trying to work out something like this. I would personally like an Authentication key, or something like that. or even as simple as a phone app, or email.