Menu
What's New
By:
Filters

Entropia and Google/Microsoft Authenticators.

Atrax

Atrax

Prowler
Joined
Jun 3, 2011
Posts
1,138
Avatar Name
Mutant Atrax Stalker
TL;DR - With some advice from svarog we got this working with Google Authenticator!

There are basically instructions here since I documented this as I went through it.

======================================================

So I've heard that the 2fa algorithm implemented by EU is basically the more common one that allows several 2fa apps on different platforms to interoperate.

This is not a complaint (from me) and it seems like a smart move. TBH I'm more bothered by allowing MA into my device than I am about a (random) third party compromising my EU account.

I can see why they would like to have their own branded app in place but it's not really doing anything else and it seems sort of overpermissioned, which indicates to me that it's probably sloppy throughout and who wants that in a security app? Also if this is true to what I understand about their current, ahh, "development model" is correct there is a third party somewhere in the loop that's responsible for setting this up but not accountable (shielded by MA) if it goes wrong.

There is a thread here about people who are angry they have lost their gold cards.

->PLEASE DO NOT TURN THIS INTO A GOLD CARD WHINING THREAD <-

I've started a separate thread because at least 2 people have mentioned that this should interoperate with the other authenticator apps but nobody has stated that they have set it up or tried it. If you have any actual knowledge of this, please take a moment and share it.

I'm tired of migration and don't have anything pressing in-game so I'm going to see if I can set up 2fa using google auth, which I already have to use for several financial services websites. I'm going to try and set it up directly without using entropia pocket at all. Here's what I figure:

Best case: Up and running in a couple minutes.

Middle ground: I have to fall back to the EU app to finish setup and/or log into my account. At least this will stop any doubt/rumor for now.

Worst case: International snail mail and a few weeks with no EU. Hopefully I log in in time to check out this year's mayhem :smoke:

I'm going to step outside for a quick cigarette before I start this little adventure and I'll check back in case anyone browsing the forums right now has experience or speculations to share. Then I'll do this ASAP.
 
Last edited:
gl, would be a huge improvement to get EU 2FA working on Authy
 
It's branded because they can push alerts/news to it also for a bit of marketplace marketing (even though that isn't really going to help them much). Otherwise, it is just google authenticator at its roots. It is over-permissioned, but most applications are - but at the same time some of the permissions are pretty vague or multi-purposed, from what I remember in my time of mobile development. This is something they should be changing - I do agree there.
 
OK I did a quick search and found the link to the old announcement. Logged into the mindark website and clicked the "account security" button on the account page. There's a link there to the "activate 2-factor Security" page.

I clicked on the big green button that says "Add Entropia Pocket To Your Account". a little scary :deal:

This took me to a page where there's a giant QR code and a box to enter a confirmation code. For those of you that haven't done this before this is standard 2fa procedure. Sometimes they give you a number and sometimes a QR code - make sure to print or write a copy of this. For EU I printed the QR code. So far so good.

Opened up google auth, I already have this installed. if this works someone else can try Authy or MSAuth.

No matter it's not working :(

==============================================
EDIT: svarog provides a fix in the later post. I have this working now.
I'm not going to edit out my original disappointment though :)
==============================================



BAH humbug I really wanted to believe that. google auth returns that it's unable to interpret the provided QR code and the recovery code they give me contains characters that are not permissible in their manual key entry.

I'm not going to dig up and link any of the posts where I first read this since I've been quite attached to the notion and repeated it several times since, but I'm glad to have it cleared up either way.

uuurrrgh it looks like if Arkadia Moon Deeds start selling for a thousand PED each or something I might feel the need to install Entropia Pocket.
 
Last edited:
There is one more bird MA kills by employing their own app. One could add all their 10 alts into the google authenticator, but with that app one would have to have 10 devices.
 
Svarog said:
There is one more bird MA kills by employing their own app. One could add all their 10 alts into the google authenticator, but with that app one would have to have 10 devices.
Click to expand...

OMG thanks you for posting this I hadn't even thought of it.

I'm having a huge laugh IRL right now at the thought of it.

:laugh:

Even though I know that MA test/support may probably not consider (and like 99% of android users never use) fully separate user profiles on the android device. :confused:

I don't have 2 avatars to test this with but thank you so much for the huge laugh and the best point I have heard so far about entropia pocket security.
 
Anyway, to make it working, don't use the google authenticator to scan the code because the format is wrong. Use any QR code reader from App store / Google play. It will give you something like "otpauth://TOTP/TOTP5015AFAD?digits=None&secret=4AORDRAITGUYWYEUUADDWD&counter=0". Copy the bold part, then add it manually in the google authenticator.
 
Svarog said:
Anyway, to make it working, don't use the google authenticator to scan the code because the format is wrong. Use any QR code reader from App store / Google play. It will give you something like "otpauth://TOTP/TOTP5015AFAD?digits=None&secret=4AORDRAITGUYWYEUUADDWD&counter=0". Copy the bold part, then add it manually in the google authenticator.
Click to expand...

Hmmmmmmmmm ...



I went back to the activation page. It has a box for me to enter the code still, and another button to use if I need to generate a new code (start over).

I'm going to use the same code I had generated earlier today since I already printed it.

Here we go ...

Scanned my printed QR code with my random QR code reader I like. I get a code like svarog says.

I had transcribed the code I got and selected time based for the auth method in google auth. It's an entry now generating me codes. Time to activate it.

When I submit the code generated by google auth to activate the security on the MA website I get a congratulations message that says I've successfully activated entropia pocket blah blah so, off for the big test ...


I started the game to log in (I've never used gold card or 2fa) everything looks normal. My saved username and a password entry box. After I logged in like usual I got taken to a client loader screen with instructions to enter the code, and I entered the time-based code generated by Google Authenticator.

The game proceeded and as I'm typing Atrax has just loaded up into the game perfectly normal.

Definitely worth looking to your 2fa app of choice, folks.

Thank you svarog! :yay:

Edit: I've logged in and out twice now using the time-based 2fa code generated by google auth. I'm pretty confident this will continue to work.

If MA changed the standard they use in entropia pocket for some reason, I'm assuming that I could install entropia pocket and continue to access my account with that, but that's just an assumption. For now they seem to be using the standard stuff.
 
Last edited:
Just a couple of thoughts.
!. I Agree with the post about having an MA app on my phone.

2. Is this game something that real hackers would even care about ? Let's see, the only thing you can get is game items, in order to get money you have to sell them in game, fast I would say, then you have to have a avatar set-up to get a withdrawal and it takes 30 days. I think I would miss my stuff long before that and report it to MA. Don't you think that hackers would rather hack something were they can get money the same day and run away with it ?

3. Judging from the past and bug ridden code that we suffer from time to time can we even trust this to be any good.

4. I am sure I must have missed it but I have never seen a post about someone being hacked that I can remember. I have seen players getting cheated etc. but just not sure about hacked.
 
10 days now, 15 - 20 (just guessing but I've been playing) logins to the game, 3-5 logins to entropiauniverse.com

Not 1 problem.

It would be awesome if any of you interested types out there with IOS or windows devices could let us know about their respective authenticator apps.

In the meantime, this definitely seems to be using a commonly compatible 2fa algorithm and time-based keys.

Thanks again for the help.
 
Coding of authenticator is very simple if you want to code one for HTML games someone plays on other websites.
 
works well with microsoft authenticator
 
Svarog said:
There is one more bird MA kills by employing their own app. One could add all their 10 alts into the google authenticator, but with that app one would have to have 10 devices.
Click to expand...

Can´t test it, but cant you simply rename your installed pocket app, and install it again onto same device under correct name?
Then activate it for second account with new QR code.

Repeat for all your alts.

Think this should work :)


CozMoDan said:
4. I am sure I must have missed it but I have never seen a post about someone being hacked that I can remember. I have seen players getting cheated etc. but just not sure about hacked.
Click to expand...

I remember that some claimed that they have been hacked in the past, who haven´t had a GC security.
Never heared that GC account got hacked.

Sidenote:
I remember some guy who stated that he logged in at internet cafe, went to toilet without loggin out and when he came back his account was empty :D
Don´t know how that story ended after he contacted MA support.
 
GoNi said:
Can´t test it, but cant you simply rename your installed pocket app, and install it again onto same device under correct name?
Then activate it for second account with new QR code.

Repeat for all your alts.

Think this should work :)
Click to expand...

Just to say I have zero alts lol. But no need for those hoops to jump through when each one is just a separate line in google/whatever auth.

I'm not sure whether it was a business decision or a budget decision for them but I'm sure glad MA didn't try to re-invent the wheel for 2fa authentications.
 
Just in case you would like my opinion: I would WAY rather have MA in my phone than Google. A small maybe compromised operation compared to the spooks of the world and a government psyop. Huge difference.
 
GoNi said:
Can´t test it, but cant you simply rename your installed pocket app, and install it again onto same device under correct name?
Then activate it for second account with new QR code.

Repeat for all your alts.

Think this should work :)




I remember that some claimed that they have been hacked in the past, who haven´t had a GC security.
Never heared that GC account got hacked.

Sidenote:
I remember some guy who stated that he logged in at internet cafe, went to toilet without loggin out and when he came back his account was empty :D
Don´t know how that story ended after he contacted MA support.
Click to expand...

Aloisius said:
Just in case you would like my opinion: I would WAY rather have MA in my phone than Google. A small maybe compromised operation compared to the spooks of the world and a government psyop. Huge difference.
Click to expand...

I think I would have to call BS on the sidenote, not to you but to the one that told the story. either he had very little in his inventory or he was in the RR for 3 days LOL. More over if he could have made a immediate support case because if he had a lot of inv it would take some time to transfer the items just because the sell window is small and takes some time to get all the items sold/ IMO.

To aloisius : I agree completely, why would a hacker spend time trying to get a couple of grand when he could hack a bank and get some real money. More oved how many of us have 20-30k on our card and what are the odds that the guy in the café just happened to know about Entropia?
 
Atrax said:
...but I'm sure glad MA didn't try to re-invent the wheel for 2fa authentications.
Click to expand...

they kinda tried to do that. it wasn't clear to anyone in the beginning, that their app is compatible to gauth/msauth. also they didn't add a manual on how to do that, we had to find it out ourselves, even where to find the secret.

but yes, i'm very glad it also works without their app, because it's crap in my humble opinion.
 
Aloisius said:
Just in case you would like my opinion: I would WAY rather have MA in my phone than Google. A small maybe compromised operation compared to the spooks of the world and a government psyop. Huge difference.
Click to expand...

Ah, I'm not sure if you realize who makes android, or why? Google owns your phone so the question isn't mindark vs google.

The questions is 'only google' vs. 'mindark + google'. It is honestly just a "lesser of two evils" on that one IMO. Fewer points of compromise.

BTW I appreciate anyone who is willing to share their honest opinion, whether or not I agree with it lol. YMMV
 
Atrax said:
Ah, I'm not sure if you realize who makes android, or why? Google owns your phone so the question isn't mindark vs google.

The questions is 'only google' vs. 'mindark + google'. It is honestly just a "lesser of two evils" on that one IMO. Fewer points of compromise.

BTW I appreciate anyone who is willing to share their honest opinion, whether or not I agree with it lol. YMMV
Click to expand...

Also you can run the google authenticator from the cloud also can't you? This would be a feature that you would not have from entropia pocket?
 
ZippO said:
Also you can run the google authenticator from the cloud also can't you? This would be a feature that you would not have from entropia pocket?
Click to expand...

Nah, google authenticator is amazingly backward in that regard. No cloud, no backup, no transfer between devices (you need to disable 2fa everywhere and go through enabling it with every service on the new phone). But you can have all that by using Authy instead of Google's app.
 
no person with a tiny bit of common sense would save their gauth secrets in a cloud or a local unencrypted backup, it just doesn't make any sense for that kind of application

also, never forget that anyone who gets root access to your phone can simply export the gauth database (see #3 of how to transfer)

and btw: authy by default will not protect you if a hacker gains access to your phone number. (easy social engineering task in most countries)

i guess you can now imagine why professionals prefer to use offline/hardware devices in sensitive areas...

:dunce:
 
As already mentioned in other thread I almost "forced" to change to the new system. I was so sick lately of that "error 72" in GC that made me gave up with pleasure!
Registration was pretty much easy and this new kind of authenticator it is .... much better? ....NO it's total better and 100% reliable i could say.
Also I don't think anyone can dought that account safety it's not quaranteed with 2FA.
Personally from last week I'm suggesting the new Entropia Pocket 2FA for Android to anyone who ask.
 
Last edited:
SOLUTION FOR EVEN AN IDIOT like me.....

My cell phone is old enough that most apps won't run on it, but at least it fits in my pocket and I don't look like the idiots walking around holding their phone in the hands due to large size.

I NEVER leave WiFi or DATA active on my phone, so I had to turn them on to do this.

I downloaded and installed a QR scanner app.
I downloaded and installed Authy from https://authy.com/
I signed up for EP for my account.
When my account showed me the QR code, I scanned it.
Using Authy, I activated my 2Fa security access to my EU account.
I accessed game using the Authy account with WiFi and DATA on - it worked perfectly.
I turned off WiFi and DATA and accessed game - worked perfectly.

You do not need to have your phone online, active with either WiFi or DATA. This is as secure as it can get.

Of course, I have various security protocols active on my phone and I access the internet only once weekly to update my crypto wallet. My phone is for me to say "hello" and "goodbye". I don't shove my head up it's ass 24/7 like many do.

It works and I didn't have to give MA total access to my phone and I didn't have to buy a new phone.

Hope this helps.

(If this is the wrong thread for this data, feel free to cut n' paste or an Admin can just move it.)
 
Naverith said:
(If this is the wrong thread for this data, feel free to cut n' paste or an Admin can just move it.)
Click to expand...

Nah this is EXACTLY what this thread is for, thank you for sharing.

These are timed keys, based on a shared secret so once your device and the server have the same key they both check codes by timestamp.

Some apps might require it (be careful of those apps) but internet is definitely not required to generate a key when you want to log in.
 
Mega said:
Entropia Pocket for everyone else who didn't get one or doesn't want one.
Click to expand...

I barely even feel trolled. Don't cut yourself man. They won't bleed over it. :vampire:

Respect for a heartfelt protest, but still.
 
Atrax said:
I barely even feel trolled. Don't cut yourself man. They won't bleed over it. :vampire:

Respect for a heartfelt protest, but still.
Click to expand...

A company that consistently doesn't listen to its customers starts to not be a company any more.
 
You must log in or register to reply here.
Back
Top