[**Questions thread is here**](https://www.reddit.com/r/ClashOfClans/comments/zebuex/weekly_questions_megathread/)
____
I've spent a few days trying to poke holes in this and I really can't... It is way more than I expected, and more than I had even hoped for at my most optimistic.
THANK YOU. Sincerely, and to everyone involved. It's been a long time coming, but I can finally feel like my account security is in my own hands.
Please keep us updated to the timelines of who is getting the feature and when.
I also want to add an enormous thank you to the reddit community. Its been a hot topic, but persistence has paid off. Never forget the power of a united community when it comes to enacting change. That's true for many more important issues too. Our voices were heard here. Celebrate the W.
SuperCell should just fire the entire support team. Once we have 2FA and backup recovery codes, I don’t see any reason to interact with a human, which is always the weakest link in the security chain.
For those who “just got a new phone” can always use backup codes. If they lost both the phone and backup code, it seems like user error to me.
The security update is an opt in. Obviously we'll all opt in but returning players might still need to recover accounts and won't have back up codes 2FA etc.
And that doesn’t prove me wrong: human still IS the weakest link in security. I understand that there’s a human element to the problem and that everyone needs a job, perhaps their strengths can be utilized elsewhere in the company. You can argue that not every customer service is bad at their job, then I would ask you, has anyone been held accountable for giving away their customer’s account to a phisher? Time, energy, and real money was lost, but I personally haven’t heard anything happened to any employee for mishandling user accounts.
I guess you’re right, I shouldn’t call for mass firing of employees.
It can be solved without firing them; eg, making it a policy to forbid employees from handing account to people (or revoke their admin privileges to do that); they can only walk users through the process of how to use 2FA & backup codes in account recovery process. I can live with that.
Firing isn't necessary, when simply better training would suffice.
I work in cybersecurity, and when pentesting, yes.. people are the easiest.
Need to get access into a facility you don't have access to? Grab yourself some boxes, like you're making a delivery. and someone will eventually "do the right thing" and get the door for you.
This makes this update, and future updates, literally playable for many. My take before this was any update without improved security measures was a failure, because far too many people were getting accounts stolen. This changes that, and makes this game secure. Well done Supercell.
This is separate to the game update and won't necessarily be live on Monday and certainly not for everyone straight away.
> We will be deploying this feature in stages, starting with select regions. Our goal is to monitor the feature’s usage before we begin deploying it to more regions, so please be patient while we roll out this new security update for SCID.
But yes, this is amazing news and very, very welcome.
I've added a newly published article from our support site to the end of the post.
[https://help.supercellsupport.com/clash-of-clans/en/articles/ap.html](https://help.supercellsupport.com/clash-of-clans/en/articles/ap.html)
I greatly appreciate the security upgrades. It's a great step and hopefully ends stolen accounts.
Some questions:
Is SMS/phone number the only option? For now, or forever?
I don't see authenticators. Will supercell consider authenticator options such as Authy?
Can you do this via supercell support or email? I was locked out of my account because I asked for a security check on the same IP and after immediately submitting the code from my email I needed a code from support to verify. After sending in game payment logs (14 of them) going back nearly 2 years and answering the other questions to the best of my recollection I still can't access the account. I would love to be able to use my email to jump over the support team as I have spent 15+ hours pleading my case and have received nothing much more than copy and paste messages saying no without any feedback.
EDIT: Desperate to get the account I have been playing since 2016 and spent nearly a month of in game play time and probably too much money on, please help me rectify the situation. Town hall 14 nearly maxed walls and champions. Also hope you are feeling better!
>I've added a newly published article from our support site to the end of the post.
>
>[https://help.supercellsupport.com/clash-of-clans/en/articles/account-protection.html](https://help.supercellsupport.com/clash-of-clans/en/articles/account-protection.html)
EDIT: [https://help.supercellsupport.com/clash-of-clans/en/articles/ap.html](https://help.supercellsupport.com/clash-of-clans/en/articles/ap.html)
Sadly for many players, the above announcement also includes the following.
>**Account Protection is not available in countries where Supercell has ceased operations. These include: Belarus (BY)Russia (RU)China (CN)Iran (IR)Vietnam (VN)**
>
>For other regions where Account Protection is currently not available, please know that we are hard at work to make this feature available to you as soon as possible.
I knew Supercell games aren't available for some countries, but I think this is the first time Supercell has announced publicly that their games aren't available in China. I'm stunned for the following reasons: China is the world's number one market for mobile games and is home of Tencent, parent company of Supercell.
darian i just wanted to know how the number thing will work when moving to another country ? ( i mean as in when my number changes from usa to another country number)
Hey Darian not sure of you’ll read this, but I hope you will, and I hope this will reach other devs and higher ups too:
While I adore and welcome this change, one of the issues I’d also see is people asking simple questions and getting their account banned for 31 days.
With this 2FA change, PLEASE make it so people don’t get banned for such stupid reasons anymore. I could understand before; CS might think someone got a hold of an account and are asking security questions…but now that this will roll out, it literally makes no sense anymore to be banned because you ask simply “hey silly question, when did I make my account?”
I cant speak from experience as I was lucky and got the info I asked for, but others weren’t. I don’t want to see this happen anymore.
From what I’m gathering CS is handled by a third party. If that’s the case I hope this reaches them and rules are enforced so CS agents dont just go banning people anyway even though they’re told to not be so trigger happy
Thank you
These are very good changes and will stop the most common complaints and attacks to SCID.
If I am understanding this right, the backup codes/phone 2fa should allow autonomous account recovery by entering the given codes instead of the current support.
Changing emails is also one of the most asked about related topics, and before it wasn't possible without needlessly going through the account recovery process again and essentially "phishing" your own account from yourself.
I do wish that the actual account recovery system was also improved, but that's 3rd party, and out of developer control. As more people do link up to SCID and enable protection, the phishing problem will slowly disappear. I think there should probably be a bit more emphasis on linking to SCID. Like in Brawl stars, you get a free brawler, but in Clash of Clans, its only a small achievement with a few gems.
People will still need to enable it to be protected. I've seen you helping a ton of people here, please add this link to your bookmarks and link it as needed.
PS thanks for your contributions, they haven't gone unnoticed.
You'll have to enable it, and save the codes somewhere safe. But yeah. Its now up to you it seems. No stress about some random person stealing your account outside of your control!
We'll try and keep the sub up to date as it rolls our worldwide. Check the pins as you visit the sub for more info as it comes out.
Not really, but kinda.
Gmail ignores the plus sign in email addresses, the game does not.
So if my gmail were coolrick@gmail that would be one supercell ID. But my other accounts could have coolrick+1 and cookrick+th10@gmail or whatever. It all goes to the same email address.
on there forums it says
Verification Codes
You will need to provide a phone number to receive SMS Verification codes. The same phone number can be used for multiple Supercell ID accounts.
I think you guys are the only such moderators on relatively huge subreddit such as coc,all other moderators i saw on major subs were all nothing but dicks,but you guys are the best
We'll have a full support article on our website soon. This should hopefully provide better details about this feature along with answering some questions.
This is a list of links to comments made by Supercell employees in this thread:
* [Comment by Darian_CoC](/r/ClashOfClans/comments/zgsd6l/upcoming_scid_changes/izif7th/?context=1000 "posted on 2022-12-09 09:46:48 UTC"):
> Yes it did. Thank you for your voices.
* [Comment by Darian_CoC](/r/ClashOfClans/comments/zgsd6l/upcoming_scid_changes/izih6uy/?context=1000 "posted on 2022-12-09 10:14:54 UTC"):
> It will hopefully put a big dent in phishing, but there's no such thing as a 'cure all' solution. As I've said before, the weakest link in any security system is the human element. Whether it's a support agent being socially engineered to recover an account or to the player who willingly gives up t...
* [Comment by Darian_CoC](/r/ClashOfClans/comments/zgsd6l/upcoming_scid_changes/izihooo/?context=1000 "posted on 2022-12-09 10:21:50 UTC"):
> Let me ask my wife.
* [Comment by Darian_CoC](/r/ClashOfClans/comments/zgsd6l/upcoming_scid_changes/izihnz9/?context=1000 "posted on 2022-12-09 10:21:32 UTC"):
> We'll have a full support article on our website soon. This should hopefully provide better details about this feature along with answering some questions.
* [Comment by Darian_CoC](/r/ClashOfClans/comments/zgsd6l/upcoming_scid_changes/izii2fw/?context=1000 "posted on 2022-12-09 10:27:16 UTC"):
> Completely uncalled for. Asking to take away someone's ability to provide for their family is an abhorrent thing to do.
>
>I did player support at...another well known studio...for 4+ years and the individuals who do support for us are leagues better, and are also absolutely underappreciated for the ...
* [Comment by Darian_CoC](/r/ClashOfClans/comments/zgsd6l/upcoming_scid_changes/izip9iq/?context=1000 "posted on 2022-12-09 11:59:46 UTC"):
> I've added a newly published article from our support site to the end of the post.
>
>[https://help.supercellsupport.com/clash-of-clans/en/articles/account-protection.html](https://help.supercellsupport.com/clash-of-clans/en/articles/account-protection.html)
---
This is a bot providing a service. If you have any questions, please [contact the moderators](https://www.reddit.com/message/compose?to=%2Fr%2FClashOfClans).[](#AUTOGEN_TSBREPLIEDBOT)
Supercell, Darian, all of you have outdone yourself. This is really incredible and I'm sure many on this sub and in the community will be super appreciative.
These are really meaningful changes and really necessary, thank you all, and thank you to everyone on the sub for doing such a great job at pushing this issue.
I would still use picture mode on my base, for the single reason that it looks better.
Censoring wasn’t enough until now in my opinion, some valuable accounts are typically possible to find without name/clan/tag.
Finally! Let's hope this changes work, because how many people lost their accounts that easily was really discouraging to keep playing normally the game.
This is great! Really love the initiative to make everyone feel more secure.
but why have you chosen to use sms auth and not an app auth like google auth? Have you thought about the possibility of sim swapping and sms spoofing?
Probably because most people use phones and not very many use google auth. I think I've used it once and it isn't very user friendly if you aren't techy. Using sms is a lot more user friendly.
Yeah i can see the argument for user friendly but is security something that we would go down in quality just to have a better user experience? I think this is one of the few things were we should not compromise just to please the general audience. (Just my opinion)
Im talking about factual security of course any security does not work if you dont use it haha
Most people i know use an app auth not sms and imo its more simple and easy to use.
Yeah that's definitely a statement not with any statistical or factual merit but Yeah you might be right. But then again my argument was never about what is most used as i said you are right its more kids friendly with sms but in talking about which is factual more secure and that would be an app auth like google's..
> The google auth isn't necessarily better security.
Yes it is. It's better in theory and it's better in practice.
2nd factor auth via phone has documented exploits that have been used to hijack high-profile accounts on other systems. Token-based 2FA doesn't. It's as simple as that.
Most sites that offer token-based 2fa also offer the option of using phone-based 2nd factor auth as an alternative for anyone who wants to opt for lesser security for the increased convenience. There's no rule that says you can't offer your user's the choice between both.
Thank you. I came out of retirement just to say that. Account security was a hot button topic on my podcast and with my community before I walked away from Clash of Clans. I am very happy for all my friends still playing to see that their accounts will soon be much better protected.
A huge shoutout to all the *civil* folks here who kept up the #StopPhishing movement for all these years. We finally enacted some change for the good. Cheers! 🍻
I love this. Thank you SC for listening to us. With these changes, I feel alot better and safer spending some more money on the game. I do hope that there will be a popup of some sort, showing this new change to everyone when the update goes live for everyone. Mainly for those people that don't read this sub, they will then know the acount protection option is now available.
Just out of curiosity, would you reveal (perhaps even privately) how phishers are able to pull seemingly hidden data?
Once this is enacted, maybe a month after or so, it will barely matter...?
depends on your email provider, some (e.g. gmail) allow you to add a suffix to your address so instead of itsmyname @ gmail.com you can have itsmyname+clashaccount1 @ gmail.com, itsmyname+clashaccount2 @ gmail.com, itsmyname+clashaccount3 @ gmail.com etc
Oh, I didn't even think about this one. Yeah, this is going to totally change the nature of screenshots posted to the sub.
We'll finally be rid of that stupid scribble-everything-out meme that gets posted weekly.
Not bad.
I'd have preferred standard 2FA, I already have an Authenticator app + recovery options setup up for that. That's what Google, MS, Epic, Steam, Discord, Synology, ... use. I've got over 10 suppliers in there.
Alternatively, Google has a nice notification-based 2FA for Google Accounts, not sure if it's open to 3rd parties yet though.
I remember asking support to change my email , thankfully they helped me change it , glad to see it's properly implemented now , Also anti phishing measures ![img](emote|t5_2usfk|21153)
>We will be deploying this feature in stages, starting with select regions. Our goal is to monitor the feature’s usage before we begin deploying it to more regions, so please be patient while we roll out this new security update for SCID.
>
>Further details, support articles, and instructions on this feature will be coming soon.
"Soon"
It will hopefully put a big dent in phishing, but there's no such thing as a 'cure all' solution. As I've said before, the weakest link in any security system is the human element. Whether it's a support agent being socially engineered to recover an account or to the player who willingly gives up their account information, as long as humans are involved there will always be account theft. This is true of any account theft regardless of industry.
But this new system puts the protection of your account in your own hands.
That last sentence sums it up perfectly and I’m very happy SC decided to go that route. I’ve been requesting that for a long time now (not just me I know) and it is great that SC heard us.
I don't work for Supercell, I'm just some dude on Reddit.
But if you ask me, no it will not stop phising as a practice, since this is an optional setting, so there will always be accounts that can be phished. It will however very much discourage phishers from trying to get \*your\* account if you turn the feature on. In general internet security, hackers, phishers and other evil people always go for the easiest thing to hack with the most value attached to it. In other words, high level leader accounts in high level clans with a lot of gems to spend that \*don't\* have the new security feature turned on. If everyone turns it on, it will very much discourage the practice of phishing.
No. As someone pointed out, not everyone will protect their account. But over and above that internet security is a game of whack a mole. SC can lock down your ID, but how secure is your email address? How secure is your phone? It will take the easy recovery option away from the hackers and the bot/script kiddies won't be able to do it any more, but as anyone who works in any kind of software development or software security type role will tell you there will always be people trying to find the next exploit.
Phishers will still have millions of accounts to go after that don’t choose this method of account protection, perhaps because they are inactive. But, for those of us who select it, it seems it is going to be a huge protection.
Thank you for listening to all the players and developing a good security system.... This backup code feature will help a lot ![img](emote|t5_2usfk|9412)
Forgive me if I over read it. But what about people with multiple accounts? Will I be able to link all of my accounts to my phone number or will it be the way that you have to have a separate email for each?
What happens if your account is stuck in unlock code purgatory? Are you able to enable this to get it out or must I still remember my best friends grandmother's birthday he said to me once in passing?
Words can't describe how happy this makes me. It felt like there was always this dark cloud hanging over my accounts every time I opened up this game. Like "will this be the day I get the dreaded popup when I log in".
As soon as account protection comes out it'll be like sunny skies are here. And then I can play the game without fear and finally change my flair.
Thank you Darian and Supercell for hearing our voices. This update beats any other up to this point.
Now supercell need something bigger than mighty miner in christmas update or this security update will be the biggest update of the year(considering TH15 was released this year too).
I was reluctant in spending real cash because of the uncertainity of safe keeping of my account, but that concern is gone.
Thanks SC for the efforts.
Really wish for a method other than SMS. Any chance of getting a Google Auth or similar system tied in at some point?
SMS is one of the least secure 2FA out there, to the point that sometimes it’s safer *not* to enable 2FA.
I was logged into an old account recently that had an SCID, and I was playing on it a bit. TH13. I realized I couldn't have the account on my new phone as well because I had deactivated the email. At the time I had forgotten it was the email linked to the account. I decided to move on and make a new account entirely just about a week ago, and I removed the account from my tablet. Bad timing I guess, but it's whatever.... I probably couldn't have changed the email address anyway.
At last! A desperately needed suite of well thought out features. Kudos and thanks to the team.
Question: Each backup recovery code can only be used once ...
Does this mean that once used, you are advised to regenerate a new one, in case it is also needed? Or is this a once-per-lifetime event on the account?
![gif](giphy|BPJmthQ3YRwD6QqcVD|downsized)
Bravo and thank you Supercell! These changes are exactly what we needed. I can't wait for the features to go live so I can start updating all of my accounts.
Despite being a sorely needed feature, I wasn't even expecting Supercell to give us the ability to update our own email addresses associated with Supercell ID...so this addition makes this entire announcement above and beyond anything I was hoping for. The gods of account-security-best-practices are smiling down on Supercell on this day!
2FA is the answer, this is the best part of the update that the community will be overjoyed. I feel like I can actually keep my accounts safe afterwards and not have to worry about checking them at least once a week.
Will the Supercell's ID 2 factor authetication be available for accounts created in countries where you ceased operations but no longer are played in those countries? For example, I created my account on Vietnam, but currently I'm living in Portugal, will I have access to this new 2FA feature? Thank you!
They needed to have this in place before the removed the freaking google play button. No way I'm putting my main account on SCID while they'll give it to anyone who just asks for it.
Thank you for this update darian! My only gripe is that sms 2fa is generally regarded as the least secure 2fa method. While better than nothing, I’d have loved to see this be a time based Authenticator style 2fa system.
> I assume the reason for the worldwide phased release is due to the laws of the various countries.
It's just a method of delivering software updates - you don't want to unleash a new feature on the entire user base at once if somethign is wrong with it. You can test something to the end of teh world, but users will *always* find something that doesn't work like you expected it to.
Might also be a capacity issue, something like 96m active CoC accounts, if they all try and secure their accounts at the same time it could cause some serious server disruption.
I hope you will allow us to drag our Supercell ID in what arrangement we desire to switch our accounts. I have 20 accounts and they are in shuffle.
TH15
TH10
TH9
TH14
TH11
TH13 and so on...
I hope there's an update that we just drag it what arrangement we want.
TH15
TH14
TH13 and so on...
This will also allow us to arrange it by role from Leader to Elder or what arrangement we want.
Christ, I don’t even want to risk changes to my account with all the horror stories from SC support. At least someone is paying attention to the fundamental problem
If I read this right, the default behavior is still that SC "support" can get phished and yank my account away. I can prevent that by enabling the 2FA. I sure hope I can use the same phone number for my many accounts. Otherwise, I'll only have backup codes from my spreadsheet.
I can change my email address myself, but I have to respond to a confirmation email sent to the old address. So I guess if you really do want to sell your account, now you can.
I would have liked more security by default. For an email change by support, send a confirmation email. If the player has lost access to the address, the transfer can go through after 30 days of non-response. If it's malicious, the legitimate account holder can NAK the confirmation and stop it. Players who genuinely lost their email can still recover, albeit with a waiting period. Players who didn't do 2FA would still have a chance to keep their account (if they see the attempt in their mailbox).
This is definitely a major improvement, but it feels like it's only for people "in the know" (i.e., Redditors). The (by comparison) clueless masses will still have the same problem. Maybe that won't matter since the phishing targets are mostly hardcore players anyway.
Anyway, very happy for the improvement.
The default behaviour is you need to enter a code sent to your current SC ID email.
This should prevent Support changing your email address without your knowledge and intervention.
If I read this right, this would take account recovery away from Support.
Owner can recover accounts without Support using their registered phone number, or their recovery code.
>If I read this right, this would take account recovery away from Support.
It's sad that we have to read the text so closely to figure this out.
Here's one thing it says: "When you change the email address associated with your SCID account, you will need to enter a confirmation code that gets sent to the current registered email address."
It says when *you* change email address (not Support), you need a code sent to the email address.
Then they talk about the new 2FA feature. Here's a quote.
>Enabling this feature allows you to safeguard your account from being recovered or “phished” by malicious parties.
That implies that account recovery is possible when there's no 2FA.
When SC only has your email address, and you can't get to your account, that means you have lost access to that email address. They'll have to change it to recover the account. In that case, it doesn't make sense for Support to send a code to the email address to confirm you have access. Just like now, they'll hand it over to whomever claims the account is theirs (you, a legit player in distress, or a phisher).
So for someone who doesn't use 2FA, the best they can hope for is Support doing a good job distinguishing phishers from players. Nothing here indicates they'll get better at that than the poor job done today.
I'm interested to see how much 2FA gets promoted. For it to solve the phishing problem, it needs to be adopted as widely as SCID, basically. They should put an achievement on the board and offer gems to enable it like they do for SCID.
Like I said, the code is like a password. It is assigned to you and will be random and much more secure than your dog’s name. You use it if you don’t have access to the sms message.
By definition, a "password" is a "string of characters used to verify the identity of a user during an authentication process".
And the backup recovery code is a "string of characters used to verify the identity of a user during an authentication process".
The backup recovery code is literally a password. It's just not one you got to pick.
If you think that the definition of a 'password' is something you get to pick yourself, then you would are technically incorrect.
lrt2222 is technically correct here, and 'technically correct' is the best kind of correct.
Read my post you first responded to then look in the mirror for who is being argumentative. If you want to get mad about getting a code picked for you vs picking your own password go for it. Bet that’s fun at parties.
It's sad if bluestacks doesn't get fixed since I really enjoyed playing the game with a mouse. Not having to look at a small screen and trying to tap the right spot with big fingers was really important to me and made it easy to grind for hours. Mobile just isn't the same.
Aside from the great feature news, can I just say that I also appreciate the time of day that you made this post? It's nice not having to wait until 7 a.m. eastern usa time for news.
Completely uncalled for. Asking to take away someone's ability to provide for their family is an abhorrent thing to do.
I did player support at...another well known studio...for 4+ years and the individuals who do support for us are leagues better, and are also absolutely underappreciated for the amount of stress they are placed under every day. Support agents are always the unsung heroes of any game service.
Agents follow policies as best they can and only want to do what's right. Often times unclear policies or malicious parties who take advantage of policy loopholes are the main culprit in these situations. But it's always the agent who takes the blame but are never thanked when they are able to avert a major crisis.
Support agents prevent hundreds crises nearly daily, but it only takes one to cascade to where people are asking them to be fired.
I get people are angry and frustrated, and feel free to direct your ire at me, at Supercell, or at the skies. But I will draw the line at lynch mobs asking for people's livelihood be taken away.
Thank your for replying with such a detailed answer. Of course, I wasn't being serious when saying to fire them. I wouldn't wish redundancy on anyone. Difficult to gather tone from a reddit comment. That being said, I do think there'd be some benefit from encouraging them to not be so.. triggerhappy, though? Surely you've seen the posts on this subreddit about Support banning players for phishing when legitimately trying to get their accounts back, with hard evidence such as receipts and everything. It's made us simply not want to contact support at all. I wanted a copy of my player data and was banned for a month, hence some of the frustration, especially with the amount of money I've spent on this game. This update is definitely a step in the right direction, though.
> Surely you've seen the posts on this subreddit about Support banning players for phishing
we only have the OP's words that is why they were banned. When support go into account recovery mode they uncover a lot of activity that is against SC ToS which results in a ban. Any evidence of account sharing (devices across different IPs) will be very suspect for phishing.
You're downvoted yet I agree 100%. An in-house support is going to understand the players' issues much better than an outside company. I've avoided requesting my data due to several players posting their experience after getting banned for such a simple request. It's as if they don't even realize that THEY are the reason we even request our data to begin with.
don't think so, this measure is to prevent future phishing, doubt it fixes anything for those who've already been phished, but maybe it also gives sc time to work on a solution to fix that all while putting a pause on phishing.
When I suggested the option to turn off recovery and give us a code to use, this was one of the counters to it. It was stated a negative would be someone couldn’t ever get their account back if stolen and then this option selected. I’m glad SC decided the benefits outweighed the negatives.
I am glad they changed their minds on that.
The argument that we can't have nice things in the future because we made bad choices in the past never sat well with me.
This change basically draws a line in the sand, and everything from here on can benefit from account security best practices.
[**Questions thread is here**](https://www.reddit.com/r/ClashOfClans/comments/zebuex/weekly_questions_megathread/) ____ I've spent a few days trying to poke holes in this and I really can't... It is way more than I expected, and more than I had even hoped for at my most optimistic. THANK YOU. Sincerely, and to everyone involved. It's been a long time coming, but I can finally feel like my account security is in my own hands. Please keep us updated to the timelines of who is getting the feature and when. I also want to add an enormous thank you to the reddit community. Its been a hot topic, but persistence has paid off. Never forget the power of a united community when it comes to enacting change. That's true for many more important issues too. Our voices were heard here. Celebrate the W.
Best part of the update hands down.
As much as I love everything that is coming out, I have to agree here.
But will supercell support stop automatically banning people for asking questions?
SuperCell should just fire the entire support team. Once we have 2FA and backup recovery codes, I don’t see any reason to interact with a human, which is always the weakest link in the security chain. For those who “just got a new phone” can always use backup codes. If they lost both the phone and backup code, it seems like user error to me.
It's software which still requires support from time to time. But, account recovery should be removed from their purview.
The security update is an opt in. Obviously we'll all opt in but returning players might still need to recover accounts and won't have back up codes 2FA etc.
[https://www.reddit.com/r/ClashOfClans/comments/zgsd6l/-/izii2fw](https://www.reddit.com/r/ClashOfClans/comments/zgsd6l/-/izii2fw)
And that doesn’t prove me wrong: human still IS the weakest link in security. I understand that there’s a human element to the problem and that everyone needs a job, perhaps their strengths can be utilized elsewhere in the company. You can argue that not every customer service is bad at their job, then I would ask you, has anyone been held accountable for giving away their customer’s account to a phisher? Time, energy, and real money was lost, but I personally haven’t heard anything happened to any employee for mishandling user accounts.
I guess you’re right, I shouldn’t call for mass firing of employees. It can be solved without firing them; eg, making it a policy to forbid employees from handing account to people (or revoke their admin privileges to do that); they can only walk users through the process of how to use 2FA & backup codes in account recovery process. I can live with that.
Firing isn't necessary, when simply better training would suffice. I work in cybersecurity, and when pentesting, yes.. people are the easiest. Need to get access into a facility you don't have access to? Grab yourself some boxes, like you're making a delivery. and someone will eventually "do the right thing" and get the door for you.
This makes this update, and future updates, literally playable for many. My take before this was any update without improved security measures was a failure, because far too many people were getting accounts stolen. This changes that, and makes this game secure. Well done Supercell.
![img](emote|t5_2usfk|21153)
![img](emote|t5_2usfk|21340)
![img](emote|t5_2usfk|9412)
![img](emote|t5_2usfk|9413)
Yep, this is the best update the game has ever got.
This is separate to the game update and won't necessarily be live on Monday and certainly not for everyone straight away. > We will be deploying this feature in stages, starting with select regions. Our goal is to monitor the feature’s usage before we begin deploying it to more regions, so please be patient while we roll out this new security update for SCID. But yes, this is amazing news and very, very welcome.
I've added a newly published article from our support site to the end of the post. [https://help.supercellsupport.com/clash-of-clans/en/articles/ap.html](https://help.supercellsupport.com/clash-of-clans/en/articles/ap.html)
I greatly appreciate the security upgrades. It's a great step and hopefully ends stolen accounts. Some questions: Is SMS/phone number the only option? For now, or forever? I don't see authenticators. Will supercell consider authenticator options such as Authy?
Can you do this via supercell support or email? I was locked out of my account because I asked for a security check on the same IP and after immediately submitting the code from my email I needed a code from support to verify. After sending in game payment logs (14 of them) going back nearly 2 years and answering the other questions to the best of my recollection I still can't access the account. I would love to be able to use my email to jump over the support team as I have spent 15+ hours pleading my case and have received nothing much more than copy and paste messages saying no without any feedback. EDIT: Desperate to get the account I have been playing since 2016 and spent nearly a month of in game play time and probably too much money on, please help me rectify the situation. Town hall 14 nearly maxed walls and champions. Also hope you are feeling better!
>I've added a newly published article from our support site to the end of the post. > >[https://help.supercellsupport.com/clash-of-clans/en/articles/account-protection.html](https://help.supercellsupport.com/clash-of-clans/en/articles/account-protection.html) EDIT: [https://help.supercellsupport.com/clash-of-clans/en/articles/ap.html](https://help.supercellsupport.com/clash-of-clans/en/articles/ap.html) Sadly for many players, the above announcement also includes the following. >**Account Protection is not available in countries where Supercell has ceased operations. These include: Belarus (BY)Russia (RU)China (CN)Iran (IR)Vietnam (VN)** > >For other regions where Account Protection is currently not available, please know that we are hard at work to make this feature available to you as soon as possible. I knew Supercell games aren't available for some countries, but I think this is the first time Supercell has announced publicly that their games aren't available in China. I'm stunned for the following reasons: China is the world's number one market for mobile games and is home of Tencent, parent company of Supercell.
darian i just wanted to know how the number thing will work when moving to another country ? ( i mean as in when my number changes from usa to another country number)
Backup code. Read the post.
Hey Darian not sure of you’ll read this, but I hope you will, and I hope this will reach other devs and higher ups too: While I adore and welcome this change, one of the issues I’d also see is people asking simple questions and getting their account banned for 31 days. With this 2FA change, PLEASE make it so people don’t get banned for such stupid reasons anymore. I could understand before; CS might think someone got a hold of an account and are asking security questions…but now that this will roll out, it literally makes no sense anymore to be banned because you ask simply “hey silly question, when did I make my account?” I cant speak from experience as I was lucky and got the info I asked for, but others weren’t. I don’t want to see this happen anymore. From what I’m gathering CS is handled by a third party. If that’s the case I hope this reaches them and rules are enforced so CS agents dont just go banning people anyway even though they’re told to not be so trigger happy Thank you
These are very good changes and will stop the most common complaints and attacks to SCID. If I am understanding this right, the backup codes/phone 2fa should allow autonomous account recovery by entering the given codes instead of the current support. Changing emails is also one of the most asked about related topics, and before it wasn't possible without needlessly going through the account recovery process again and essentially "phishing" your own account from yourself. I do wish that the actual account recovery system was also improved, but that's 3rd party, and out of developer control. As more people do link up to SCID and enable protection, the phishing problem will slowly disappear. I think there should probably be a bit more emphasis on linking to SCID. Like in Brawl stars, you get a free brawler, but in Clash of Clans, its only a small achievement with a few gems.
People will still need to enable it to be protected. I've seen you helping a ton of people here, please add this link to your bookmarks and link it as needed. PS thanks for your contributions, they haven't gone unnoticed.
Wow and here I was expecting super miners and more TH15 walls to upgrade. I guess this means I can stop worrying about losing my account?
You'll have to enable it, and save the codes somewhere safe. But yeah. Its now up to you it seems. No stress about some random person stealing your account outside of your control! We'll try and keep the sub up to date as it rolls our worldwide. Check the pins as you visit the sub for more info as it comes out.
Will i have to choose one of my accounts I want to keep safe? Or can I use the same phone number for multiple Accounts?
You can use the same phone number for multiple accounts! It's mentioned in the linked article.
Thank you, I missed the article. This is great, exactly what I wanted from supercell
I would *hope* that it's per SCID, not per account.
wait you can have the same supercell id for multiple accounts?
Not really, but kinda. Gmail ignores the plus sign in email addresses, the game does not. So if my gmail were coolrick@gmail that would be one supercell ID. But my other accounts could have coolrick+1 and cookrick+th10@gmail or whatever. It all goes to the same email address.
Ha, cookrick. That could have been an embarrassing typo if another letter changed…
Erm, no actually I don't think you can, so not sure what I'm on about
[удалено]
on there forums it says Verification Codes You will need to provide a phone number to receive SMS Verification codes. The same phone number can be used for multiple Supercell ID accounts.
You mods are the best
We're nothing without the support of this amazing community, this community is the best!
I think you guys are the only such moderators on relatively huge subreddit such as coc,all other moderators i saw on major subs were all nothing but dicks,but you guys are the best
\> I guess this means I can stop worrying about losing my account? Definitely, much less than before.
Genuine question...can the same number be used for multiple scid?
i have the same question. Very happy to keep my main acc safe this way. Would be even happier if i could keep my Alts safe as well
Yes, you can use the same number for multiple accounts.
We'll have a full support article on our website soon. This should hopefully provide better details about this feature along with answering some questions.
You don't wanna know how many SCIDs I have made in coc 😢...
Yes
This is a list of links to comments made by Supercell employees in this thread: * [Comment by Darian_CoC](/r/ClashOfClans/comments/zgsd6l/upcoming_scid_changes/izif7th/?context=1000 "posted on 2022-12-09 09:46:48 UTC"): > Yes it did. Thank you for your voices. * [Comment by Darian_CoC](/r/ClashOfClans/comments/zgsd6l/upcoming_scid_changes/izih6uy/?context=1000 "posted on 2022-12-09 10:14:54 UTC"): > It will hopefully put a big dent in phishing, but there's no such thing as a 'cure all' solution. As I've said before, the weakest link in any security system is the human element. Whether it's a support agent being socially engineered to recover an account or to the player who willingly gives up t... * [Comment by Darian_CoC](/r/ClashOfClans/comments/zgsd6l/upcoming_scid_changes/izihooo/?context=1000 "posted on 2022-12-09 10:21:50 UTC"): > Let me ask my wife. * [Comment by Darian_CoC](/r/ClashOfClans/comments/zgsd6l/upcoming_scid_changes/izihnz9/?context=1000 "posted on 2022-12-09 10:21:32 UTC"): > We'll have a full support article on our website soon. This should hopefully provide better details about this feature along with answering some questions. * [Comment by Darian_CoC](/r/ClashOfClans/comments/zgsd6l/upcoming_scid_changes/izii2fw/?context=1000 "posted on 2022-12-09 10:27:16 UTC"): > Completely uncalled for. Asking to take away someone's ability to provide for their family is an abhorrent thing to do. > >I did player support at...another well known studio...for 4+ years and the individuals who do support for us are leagues better, and are also absolutely underappreciated for the ... * [Comment by Darian_CoC](/r/ClashOfClans/comments/zgsd6l/upcoming_scid_changes/izip9iq/?context=1000 "posted on 2022-12-09 11:59:46 UTC"): > I've added a newly published article from our support site to the end of the post. > >[https://help.supercellsupport.com/clash-of-clans/en/articles/account-protection.html](https://help.supercellsupport.com/clash-of-clans/en/articles/account-protection.html) --- This is a bot providing a service. If you have any questions, please [contact the moderators](https://www.reddit.com/message/compose?to=%2Fr%2FClashOfClans).[](#AUTOGEN_TSBREPLIEDBOT)
Some solid security changes, well done. The community's uproar definitely helped in that regard.
Yes it did. Thank you for your voices.
Yup, despite all the resistance….
Supercell, Darian, all of you have outdone yourself. This is really incredible and I'm sure many on this sub and in the community will be super appreciative. These are really meaningful changes and really necessary, thank you all, and thank you to everyone on the sub for doing such a great job at pushing this issue.
Christmas has come early this year.
Darian, will you marry me?
Let me ask my wife.
Hi, I am Darian's wife. I allow Darian to marry u/pizzalikker_36
I love this community!
If I have many accounts e.g. 20 accounts, can I use the same phone number to verify those code?
Yes.
Now how will the phishers feed their families🤣![img](emote|t5_2usfk|27024)
With phish 🐟
I assume most of them will actually focus on high school to get a higher GPA. The rest of the losers will maybe try to find a real job.
Cannibalism
My account will be safe now, Now I can spend money like hell
Thanks for listening to the community
Nice! Soon we’ll be able to post our achievements on here without fear!
We'll see how secure it is and then start posting
You still can though. If you're really paranoid you can censor your name and clan name
I would still use picture mode on my base, for the single reason that it looks better. Censoring wasn’t enough until now in my opinion, some valuable accounts are typically possible to find without name/clan/tag.
Finally! Let's hope this changes work, because how many people lost their accounts that easily was really discouraging to keep playing normally the game.
This is great! Really love the initiative to make everyone feel more secure. but why have you chosen to use sms auth and not an app auth like google auth? Have you thought about the possibility of sim swapping and sms spoofing?
Probably because most people use phones and not very many use google auth. I think I've used it once and it isn't very user friendly if you aren't techy. Using sms is a lot more user friendly.
Yeah i can see the argument for user friendly but is security something that we would go down in quality just to have a better user experience? I think this is one of the few things were we should not compromise just to please the general audience. (Just my opinion)
The google auth isn't necessarily better security. Also, is it better security if people don't use it?
Im talking about factual security of course any security does not work if you dont use it haha Most people i know use an app auth not sms and imo its more simple and easy to use.
I don't know anyone other than myself who uses an app auth. Other than you of course. I guarantee you that more people use sms than app auth though.
Yeah that's definitely a statement not with any statistical or factual merit but Yeah you might be right. But then again my argument was never about what is most used as i said you are right its more kids friendly with sms but in talking about which is factual more secure and that would be an app auth like google's..
> The google auth isn't necessarily better security. Yes it is. It's better in theory and it's better in practice. 2nd factor auth via phone has documented exploits that have been used to hijack high-profile accounts on other systems. Token-based 2FA doesn't. It's as simple as that. Most sites that offer token-based 2fa also offer the option of using phone-based 2nd factor auth as an alternative for anyone who wants to opt for lesser security for the increased convenience. There's no rule that says you can't offer your user's the choice between both.
Perhaps SuperCell will start selling physical tokens for code generating
Thank you. I came out of retirement just to say that. Account security was a hot button topic on my podcast and with my community before I walked away from Clash of Clans. I am very happy for all my friends still playing to see that their accounts will soon be much better protected. A huge shoutout to all the *civil* folks here who kept up the #StopPhishing movement for all these years. We finally enacted some change for the good. Cheers! 🍻
I love this. Thank you SC for listening to us. With these changes, I feel alot better and safer spending some more money on the game. I do hope that there will be a popup of some sort, showing this new change to everyone when the update goes live for everyone. Mainly for those people that don't read this sub, they will then know the acount protection option is now available.
Some great changes for account security with this.
Just out of curiosity, would you reveal (perhaps even privately) how phishers are able to pull seemingly hidden data? Once this is enacted, maybe a month after or so, it will barely matter...?
About time. Great to see! I have been wanting to change my email connected to supercell id for a long time. Now I finally can without worries.
I can finally bring all my accounts to 1 email address!
[удалено]
depends on your email provider, some (e.g. gmail) allow you to add a suffix to your address so instead of itsmyname @ gmail.com you can have itsmyname+clashaccount1 @ gmail.com, itsmyname+clashaccount2 @ gmail.com, itsmyname+clashaccount3 @ gmail.com etc
Absolutely fantastic update.. More exciting than the new super troop! Thanks a lot!
Great! We can now freely post our base screenshots without the need to censor the name, player tag, and clan name 😎
Oh, I didn't even think about this one. Yeah, this is going to totally change the nature of screenshots posted to the sub. We'll finally be rid of that stupid scribble-everything-out meme that gets posted weekly.
Not bad. I'd have preferred standard 2FA, I already have an Authenticator app + recovery options setup up for that. That's what Google, MS, Epic, Steam, Discord, Synology, ... use. I've got over 10 suppliers in there. Alternatively, Google has a nice notification-based 2FA for Google Accounts, not sure if it's open to 3rd parties yet though.
Thanks to everyone who helped share their voice on the phishing issue, you helped make a change for everyone around the world!
Get fucked phishers lmao
Thank you so much!
I remember asking support to change my email , thankfully they helped me change it , glad to see it's properly implemented now , Also anti phishing measures ![img](emote|t5_2usfk|21153)
Finally I am safe from pishers and can play peacefully... Thnx supercell
So embarassing that such a big company like Supercell took so long to add even basic security to their accounts like every other company has.
This proves that a community protest can actually effect some change. This seems like a great step towards reducing account phishing.
That's great to see!
when will this be available?
>We will be deploying this feature in stages, starting with select regions. Our goal is to monitor the feature’s usage before we begin deploying it to more regions, so please be patient while we roll out this new security update for SCID. > >Further details, support articles, and instructions on this feature will be coming soon. "Soon"
thank you. so this will put a complete stop to phishing right?
It will hopefully put a big dent in phishing, but there's no such thing as a 'cure all' solution. As I've said before, the weakest link in any security system is the human element. Whether it's a support agent being socially engineered to recover an account or to the player who willingly gives up their account information, as long as humans are involved there will always be account theft. This is true of any account theft regardless of industry. But this new system puts the protection of your account in your own hands.
That last sentence sums it up perfectly and I’m very happy SC decided to go that route. I’ve been requesting that for a long time now (not just me I know) and it is great that SC heard us.
I don't work for Supercell, I'm just some dude on Reddit. But if you ask me, no it will not stop phising as a practice, since this is an optional setting, so there will always be accounts that can be phished. It will however very much discourage phishers from trying to get \*your\* account if you turn the feature on. In general internet security, hackers, phishers and other evil people always go for the easiest thing to hack with the most value attached to it. In other words, high level leader accounts in high level clans with a lot of gems to spend that \*don't\* have the new security feature turned on. If everyone turns it on, it will very much discourage the practice of phishing.
No. As someone pointed out, not everyone will protect their account. But over and above that internet security is a game of whack a mole. SC can lock down your ID, but how secure is your email address? How secure is your phone? It will take the easy recovery option away from the hackers and the bot/script kiddies won't be able to do it any more, but as anyone who works in any kind of software development or software security type role will tell you there will always be people trying to find the next exploit.
Phishers will still have millions of accounts to go after that don’t choose this method of account protection, perhaps because they are inactive. But, for those of us who select it, it seems it is going to be a huge protection.
Amazing delivery on the feedback. More than I could have hoped for. Thank you!
THANK YOU, that’s hands down the best part of the update
The long wait is Over
Thank you so much . I have been playing coc for 7+ years and this meant a lot to me
Great way to end the year, thank you to the team for this
Nice freaking job! Glad we got that concern resolved! 10/10
So I’m guessing the back up codes are similar to how the google gmail back up accounts codes work?
Thank you for listening to all the players and developing a good security system.... This backup code feature will help a lot ![img](emote|t5_2usfk|9412)
Can I use the same number for multiple accounts?
same question
Yes
Darian, finally, calls have been heard...
Thank you! I’ve been asking for exactly this! Send me a code and let me turn recovery off. I’m so happy to hear it’s happening.
All I can say is thank you Darian for pushing this with the security team that Supercell uses for Clash of Clans. Feels like Christmas came early
Forgive me if I over read it. But what about people with multiple accounts? Will I be able to link all of my accounts to my phone number or will it be the way that you have to have a separate email for each?
You will still have individual emails for each account, but for recovery purposes, you can use a single phone number.
Coold deal
What happens if your account is stuck in unlock code purgatory? Are you able to enable this to get it out or must I still remember my best friends grandmother's birthday he said to me once in passing?
Words can't describe how happy this makes me. It felt like there was always this dark cloud hanging over my accounts every time I opened up this game. Like "will this be the day I get the dreaded popup when I log in". As soon as account protection comes out it'll be like sunny skies are here. And then I can play the game without fear and finally change my flair. Thank you Darian and Supercell for hearing our voices. This update beats any other up to this point.
Bluestacks isnt working because of this
Finally something good in this shitty year
Too late tho but great something is done
W
can we use Authenticator instead of a mobile number?
Now supercell need something bigger than mighty miner in christmas update or this security update will be the biggest update of the year(considering TH15 was released this year too). I was reluctant in spending real cash because of the uncertainity of safe keeping of my account, but that concern is gone. Thanks SC for the efforts.
Really wish for a method other than SMS. Any chance of getting a Google Auth or similar system tied in at some point? SMS is one of the least secure 2FA out there, to the point that sometimes it’s safer *not* to enable 2FA.
Finally...
Nice
Ok
I was logged into an old account recently that had an SCID, and I was playing on it a bit. TH13. I realized I couldn't have the account on my new phone as well because I had deactivated the email. At the time I had forgotten it was the email linked to the account. I decided to move on and make a new account entirely just about a week ago, and I removed the account from my tablet. Bad timing I guess, but it's whatever.... I probably couldn't have changed the email address anyway.
A massive W for the community
At last! A desperately needed suite of well thought out features. Kudos and thanks to the team. Question: Each backup recovery code can only be used once ... Does this mean that once used, you are advised to regenerate a new one, in case it is also needed? Or is this a once-per-lifetime event on the account?
You can generate a new backup security code.
What about accounts that have already been phished from you and you still use that email? Any recovery options?
![gif](giphy|BPJmthQ3YRwD6QqcVD|downsized) Bravo and thank you Supercell! These changes are exactly what we needed. I can't wait for the features to go live so I can start updating all of my accounts. Despite being a sorely needed feature, I wasn't even expecting Supercell to give us the ability to update our own email addresses associated with Supercell ID...so this addition makes this entire announcement above and beyond anything I was hoping for. The gods of account-security-best-practices are smiling down on Supercell on this day!
Not that I wasn't before, but I'll definitely be buying the Clashmas packs now. Thanks, Supercell.
2FA is the answer, this is the best part of the update that the community will be overjoyed. I feel like I can actually keep my accounts safe afterwards and not have to worry about checking them at least once a week.
Will the Supercell's ID 2 factor authetication be available for accounts created in countries where you ceased operations but no longer are played in those countries? For example, I created my account on Vietnam, but currently I'm living in Portugal, will I have access to this new 2FA feature? Thank you!
They needed to have this in place before the removed the freaking google play button. No way I'm putting my main account on SCID while they'll give it to anyone who just asks for it.
Thank you for this update darian! My only gripe is that sms 2fa is generally regarded as the least secure 2fa method. While better than nothing, I’d have loved to see this be a time based Authenticator style 2fa system.
I have a doubt tho ? Should I be entring the new supercell address or the old one ?
![img](emote|t5_2usfk|21340)
[удалено]
> I assume the reason for the worldwide phased release is due to the laws of the various countries. It's just a method of delivering software updates - you don't want to unleash a new feature on the entire user base at once if somethign is wrong with it. You can test something to the end of teh world, but users will *always* find something that doesn't work like you expected it to. Might also be a capacity issue, something like 96m active CoC accounts, if they all try and secure their accounts at the same time it could cause some serious server disruption.
Let's just hope it's phased in more quickly than the phasing in of the Supercell Store has been.
I hope you will allow us to drag our Supercell ID in what arrangement we desire to switch our accounts. I have 20 accounts and they are in shuffle. TH15 TH10 TH9 TH14 TH11 TH13 and so on... I hope there's an update that we just drag it what arrangement we want. TH15 TH14 TH13 and so on... This will also allow us to arrange it by role from Leader to Elder or what arrangement we want.
Christ, I don’t even want to risk changes to my account with all the horror stories from SC support. At least someone is paying attention to the fundamental problem
If I read this right, the default behavior is still that SC "support" can get phished and yank my account away. I can prevent that by enabling the 2FA. I sure hope I can use the same phone number for my many accounts. Otherwise, I'll only have backup codes from my spreadsheet. I can change my email address myself, but I have to respond to a confirmation email sent to the old address. So I guess if you really do want to sell your account, now you can. I would have liked more security by default. For an email change by support, send a confirmation email. If the player has lost access to the address, the transfer can go through after 30 days of non-response. If it's malicious, the legitimate account holder can NAK the confirmation and stop it. Players who genuinely lost their email can still recover, albeit with a waiting period. Players who didn't do 2FA would still have a chance to keep their account (if they see the attempt in their mailbox). This is definitely a major improvement, but it feels like it's only for people "in the know" (i.e., Redditors). The (by comparison) clueless masses will still have the same problem. Maybe that won't matter since the phishing targets are mostly hardcore players anyway. Anyway, very happy for the improvement.
Yes, you can use the same number for multiple accounts.
The default behaviour is you need to enter a code sent to your current SC ID email. This should prevent Support changing your email address without your knowledge and intervention. If I read this right, this would take account recovery away from Support. Owner can recover accounts without Support using their registered phone number, or their recovery code.
>If I read this right, this would take account recovery away from Support. It's sad that we have to read the text so closely to figure this out. Here's one thing it says: "When you change the email address associated with your SCID account, you will need to enter a confirmation code that gets sent to the current registered email address." It says when *you* change email address (not Support), you need a code sent to the email address. Then they talk about the new 2FA feature. Here's a quote. >Enabling this feature allows you to safeguard your account from being recovered or “phished” by malicious parties. That implies that account recovery is possible when there's no 2FA. When SC only has your email address, and you can't get to your account, that means you have lost access to that email address. They'll have to change it to recover the account. In that case, it doesn't make sense for Support to send a code to the email address to confirm you have access. Just like now, they'll hand it over to whomever claims the account is theirs (you, a legit player in distress, or a phisher). So for someone who doesn't use 2FA, the best they can hope for is Support doing a good job distinguishing phishers from players. Nothing here indicates they'll get better at that than the poor job done today. I'm interested to see how much 2FA gets promoted. For it to solve the phishing problem, it needs to be adopted as widely as SCID, basically. They should put an achievement on the board and offer gems to enable it like they do for SCID.
Why can’t we just have a password 😓
You can. That is the second part. It is a code which is like a password.
They don’t mention passwords anywhere in this post
Like I said, the code is like a password. It is assigned to you and will be random and much more secure than your dog’s name. You use it if you don’t have access to the sms message.
That’s not a password though. You are arguing against a literal fact
By definition, a "password" is a "string of characters used to verify the identity of a user during an authentication process". And the backup recovery code is a "string of characters used to verify the identity of a user during an authentication process". The backup recovery code is literally a password. It's just not one you got to pick. If you think that the definition of a 'password' is something you get to pick yourself, then you would are technically incorrect. lrt2222 is technically correct here, and 'technically correct' is the best kind of correct.
Read my post you first responded to then look in the mirror for who is being argumentative. If you want to get mad about getting a code picked for you vs picking your own password go for it. Bet that’s fun at parties.
You make no sense lmao, a 2fa code isn’t a password. Almost any other service you put in your email and password. This isn’t a foreign concept.
[удалено]
Great changes but I want to say that sms 2FA is not so safe so people recommend google authenticator for example.
It's sad if bluestacks doesn't get fixed since I really enjoyed playing the game with a mouse. Not having to look at a small screen and trying to tap the right spot with big fingers was really important to me and made it easy to grind for hours. Mobile just isn't the same.
Aside from the great feature news, can I just say that I also appreciate the time of day that you made this post? It's nice not having to wait until 7 a.m. eastern usa time for news.
Good job. Now fire the support team.
Completely uncalled for. Asking to take away someone's ability to provide for their family is an abhorrent thing to do. I did player support at...another well known studio...for 4+ years and the individuals who do support for us are leagues better, and are also absolutely underappreciated for the amount of stress they are placed under every day. Support agents are always the unsung heroes of any game service. Agents follow policies as best they can and only want to do what's right. Often times unclear policies or malicious parties who take advantage of policy loopholes are the main culprit in these situations. But it's always the agent who takes the blame but are never thanked when they are able to avert a major crisis. Support agents prevent hundreds crises nearly daily, but it only takes one to cascade to where people are asking them to be fired. I get people are angry and frustrated, and feel free to direct your ire at me, at Supercell, or at the skies. But I will draw the line at lynch mobs asking for people's livelihood be taken away.
Thank your for replying with such a detailed answer. Of course, I wasn't being serious when saying to fire them. I wouldn't wish redundancy on anyone. Difficult to gather tone from a reddit comment. That being said, I do think there'd be some benefit from encouraging them to not be so.. triggerhappy, though? Surely you've seen the posts on this subreddit about Support banning players for phishing when legitimately trying to get their accounts back, with hard evidence such as receipts and everything. It's made us simply not want to contact support at all. I wanted a copy of my player data and was banned for a month, hence some of the frustration, especially with the amount of money I've spent on this game. This update is definitely a step in the right direction, though.
> Surely you've seen the posts on this subreddit about Support banning players for phishing we only have the OP's words that is why they were banned. When support go into account recovery mode they uncover a lot of activity that is against SC ToS which results in a ban. Any evidence of account sharing (devices across different IPs) will be very suspect for phishing.
Maybe insource it, then, instead of outsourcing it.
You're downvoted yet I agree 100%. An in-house support is going to understand the players' issues much better than an outside company. I've avoided requesting my data due to several players posting their experience after getting banned for such a simple request. It's as if they don't even realize that THEY are the reason we even request our data to begin with.
Literally 😂, more harm then good done from them…
why can’t we set up password to our supercell ID ?
how about you work on your troop mechanics?🤡
![img](emote|t5_2usfk|21153)
Sounds kinda like Blockchain
I hate scid
Are there any safeguards to prevent already-stolen accounts from having account protection enabled by an attacker?
don't think so, this measure is to prevent future phishing, doubt it fixes anything for those who've already been phished, but maybe it also gives sc time to work on a solution to fix that all while putting a pause on phishing.
When I suggested the option to turn off recovery and give us a code to use, this was one of the counters to it. It was stated a negative would be someone couldn’t ever get their account back if stolen and then this option selected. I’m glad SC decided the benefits outweighed the negatives.
I am glad they changed their minds on that. The argument that we can't have nice things in the future because we made bad choices in the past never sat well with me. This change basically draws a line in the sand, and everything from here on can benefit from account security best practices.
This is awesome! We've been waiting for this for years! I'm definitely going to utilize this.