Additional Security Updates

As Splinterlands continues to grow, unfortunately there are also an increased number of cases of players' accounts being compromised and assets being stolen. The Splinterlands team is working as a top priority to identify and close any security loopholes and ensure that players are aware of and follow the best practices in order to secure their accounts and their assets.

Requiring Active Auth for ALL Accounts

In the past we have made it so that all new accounts will require their active key to perform any transactions that would move assets or funds out of their Splinterlands game account, and we no longer let anyone turn that setting off once it is enabled, but there are still a large number of accounts that were created before that change and have the setting still turned off and are therefore at a higher risk of having their accounts compromised.

In 7 days from today, on Thursday, November 4th, we will be making it so that ALL accounts require the active key for these transactions, regardless of the status of the "require active key" setting. The reason for waiting 7 days to make this change is that there may be 3rd party services that are still using the posting key for these transactions and we need to give them time to update to use the active key going forward.

Link External Wallets to Require Active Key

Another security-focused change which will go into effect immediately is that the add_wallet operation which allows players to link an external blockchain wallet to their Splinterlands account will require the active key to be used going forward.

This will prevent hackers from being able to update the linked wallets for compromised accounts and tricking users into sending their assets to the wrong place.

Don't Allow Login With Master Password

In the near future it will no longer be possible to log in to the Splinterlands game website and mobile app with the master password for your Hive account. Instead, players should always use only their private posting key to log in as this is much more secure. The master password should be stored securely, preferably offline, and only the appropriate private keys should be used to log in and perform transactions.

Once this change is made, if a player attempts to log in using their master password they will receive a message explaining that the private posting keys must be used instead as well as an option to obtain the private keys for the account if they do not have them.

We hope that this will go a long way to help prevent player's master passwords from being compromised and allow their accounts to be much more secure.

Please note that this change will not affect players that log in using their email address or 3rd party services like Metamask as those login methods only provide access to the posting key.

Updated Password Policy

In the near future we will also be updating the password policy for new accounts that are created through the game website or mobile app to ensure that players use strong passwords that are more difficult to compromise, and we will also provide additional messaging and warnings to players about not re-using passwords from other websites.

Update on DEC Reward Changes

We also wanted to take this opportunity to provide a quick update on the DEC ranked battle reward changes announced in this post:Splinterlands Updates - October, 2021.

The change to remove DEC rewards for ranked battles in Bronze III and Novice leagues has been released, however due to some technical issues the change to the DEC reward curve has not been released yet. At this time we are planning to release that change on Monday, November 1st, shortly after the beginning of the next ranked play season.

As mentioned in the announcement post, this change is intended to help incentivize players to move up through the leagues rather than stay at lower leagues and farm rewards, and we hope that with the rental market and the upcoming launch of Chaos Legion it will be much easier and more cost effective for players to expand their card collection and move up to higher leagues for significantly increased rewards.

Upcoming Chaos Legion Announcements

Finally, we wanted to let everyone know that we are in the process of finalizing many of the details of the Chaos Legion launch, including the plans for VOUCHER tokens after the presale and the stats for the limited edition promo card - Doctor Blight!

Please make sure to follow our blog here and follow us on social media to get the latest updates, and we also highly encourage anyone that can make it to join our AMA tomorrow, Friday, October 29th, at 2 PM ET / 18:00 UTC in the Splinterlands Discord server.


Stay tuned for more updates from the Splinterlands!

Website | Blog | Discord | Telegram | Shop

NOTE: All rewards from this post will be burned.

Sort:  

I don't know if anyone reads comments on these posts, but I'd also like to see a lock feature on our land claims!

I'm all for greater security, good to hear the changes!

Awesome job on staying on top of the latest exploits. Its nice to know SPL focuses on fixing these kinds of issues promptly when they show up as a problem. Well done!

I'm looking forward to reading about the new card and the next use for vouchers. Exciting times! :)

The security issues upgrades definitely seem good and necessary. I am also interested in how exactly the change in scaling for battle rewards will change the return as you move up the leagues. I'm looking forward to these.

I really really hope you don't continue to use vouchers for after the presale. It makes sense for presales with the extra promo card airdrop and encouraging staking sps. For the general sale it feels like it will just be off-putting and make it far more difficult to onboard new users which historically has been something that Splinterlands has done very well.

If flooding the market with new packs is a worry they could be released in waves, such as releasing only the amount until the following airdrop and then opening up a new wave along side the airdrop when everything is ready. Another option would be to release a pack every xx seconds where the shop will steadily gain new packs. This would make it difficult for people to buy in bulk but would allow everyone, particularly new players the option to get a few packs of their own.

Finally, there could be a hybrid option where the shop steadily restocks the packs but you could use vouchers to bulk buy packs. This would let newer players get a couple packs and feel like they have a chance to buy in while still letting larger investments go through with the use of vouchers.

So someone just creates a bot that auto grabs every pack released? Then we have to pay them?

The whales may not like it, but would a weekly purchase limit help to manage the bulk buys? Maybe 25 packs ($100) per week per account. Account needs to be more then 1 month old or something?

That doesn't work. There are people with vast networks of accounts who could easily circumvent this. And anyone can have as many accounts as one wants on the blockchain.

I recommend that we can change master password once by myself, including special symbols, etc., and of course, use the strongest authentication when changing it. Because this master password is too difficult to remember, and it is in the mailbox, once the mailbox is broken by hackers.all will over. So I think we have to destroy master passwords everywhere except in our head.

2FA ...

That doesn't hold at the blockchain level. Only for people logging in with a password maybe.

Thanks a lot for the Changes!

Good to see these security changes implemented.

Anything that keeps our assets safer is a positive.

Thanks for being proactive with protecting players.

good to know im currently enjoying airdrop

Good and important security changes.

Great job on the security updates, one more thing on security I keep seeing requested is the ability to lock your other assets not just cards. Some people have regions which are worth half a million dollars, and would feel much safer if you could have a time lock on these too.

Great updates, keep up the good work. 👍

Great.
More security lets us all sleep better.
We all love our monsters and feel better when they are safe.

Great job on the security stuff.

Do i have to buy vouchers after presale for buying packs?

might be that it goes in this direction...

I hade to check your account for millionaire name haha !PIZZA

I don't anticipate this being required long-term because it would greatly inhibit new players from entering the game and buying packs. It was required for the pre-sale so that a bunch of people didn't come in and buy a bunch of packs to sell on the market while others can't afford to do that, given there are only 100k pre-sale packs and 15 million chaos (or was it 10 million? I forget!) legion packs during regular sales.

I think vouchers will be probably used for something like the next promotion edition set since that is only purchasable with DEC in-game.

How to meter out the final 14 million? If not metered they MAY only last a a week or two. And if metered without cost how does a real person get them instead of just bots?

Vouchers will probably stick around in some fashion or another

Yeah, that's true I guess! I did see that they sold 700k spellbooks so... that's a lot of people lol. 20 packs per spellbook might not last too long! :D

No. But vouchers can be important for future promotions.

PIZZA! PIZZA! PIZZA!
PIZZA Holders sent $PIZZA tips in this post's comments:
dlmmqb tipped cmplxty (x1)
dlmmqb tipped steemmillionaire (x1)
@dlmmqb(3/10) tipped @tector (x1)
Learn more at https://hive.pizza.

looking forward to seeing how the reward curve plays out.

and awesome work on security updates.

bullish AF SPS

Thank you guys for putting more focus into account security.

Thanks for educating us regarding security that is necessary to tackle all hackers. Waiting for details about chaos legion and VOUCHERS🔥

So, I need to add my active key to keychain to do anything like staking or claiming rewards? Even though increased security can feel like a nuisance I still prefer that over being vulnerable to hacking.

Thank you so much for the change! Really can see how dev team is trying to make this game better!

Hoping joining tournament will so include coz hackers using the tournament to get theirs dec on applying fees.

Awesome change it would greatly help us specially those are unaware of how to properly protect their account.

These changes will be good for the security. Ty!