Still, it’s a useful layer of protection. By itself that approach isn’t perfect though because a proxy or VPN could circumvent such protections and it wouldn’t otherwise protect you from an attacker in the same region. If, for example, someone half a world away tried to break into your account or - worse - tried to set a bot to perma ban you - it wouldn’t affect you. My preferred approach is to use a combination of two approaches: In the first, the account is only locked within a geographic range. There is absolutely no reason to lock an account in this circumstance because even if they brute force you and eventually get it right it still would not actually let them into your account.įrom there they need to fix the way the accounts are locked. In order to resolve this issue they should first ensure that if someone has two-step authentication enabled, it doesn’t count a login attempt as an actual attempt if they are not trying to login that way. I have seen bots do that with older systems and they really don’t want to be subject to that attack. That’s a very VERY serious vulnerability with many possible solutions. The boy would just need to make X failed attempts every 2 hours forever and they would no longer be able to proceed with any work. One could very easily, for example, program a bot shut down an entire company that uses the Unreal Engine simply by knowing the email addresses that the company uses in association with the Unreal Engine. The real problem is that it technically means that anyone can shut down any account they like as often as they like simply by knowing the email address associated with the account. There’s no way someone could break into your account that way. There are multiple ways to enter passwords, so they probably are not even trying to use two-factor to login (because of course they would not be able to guess that), hence why you wouldn’t get a notification. I have seen similar posts in other forums (which I am not allowed to respond to, because I am a developer and I don’t game on this account) and the general pattern seems to be that bots are cycling through accounts trying passwords at random hoping they will get in. I am having the same issue, and it is worrisome for a different reason: It represents a vulnerability in the Unreal Engine itself.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |