I would like to recommend that no more event passes or skins etc are implemented until the bot situation is sorted out. Its pure comedy atm with obvious bots using express pass etc.
The best way to do this would be implement 2FA imo.
2FA solution doesn’t really matter, use amazon/existing crystal pass systems/microsoft etc. Most of these are free, but the core requirement is that the account is a 1 to 1 bind to a mobile phone number.
Then make is so unless 2FA is enabled, players cannot access in game mail, auction house, events or event passes etc.
For enabling 2FA grant the user some significant reward.
ie 10k gold, express pass, honing boost etc.
A lot of successful MMO’s put 2FA in over 10 years ago very successfully. You already have most of the backend to do it with the amazon prime rewards + twitch apis.
Regardless of 2FA i would make T3 stuff and honing materials bought from AH bind on roster and no 3 trades etc. (probibly want to make it so players can pass gear to thier alts via the roster bank).
Give pheon’s the flick and just adjust crystal price up a bit to work out the same profit margin.
Prevent gold from being sent in email.
They can configure 2FA to exclude all numbers that are not linked to a contract. Seen other games do this in the past. Only issue with this being not everyone has a contract phone so it would be pretty restrictive.
weirdly enough a few friends have had to do that to get trusted status in steam.
IMO that is super over the top invasive and easily subject to abuse.
2FA to me is pretty much part and parcel of using the internet securely for me, I don’t think I could even count how many systems are linked to my phone via MS/Google/3rd party MFA. Maybe not 100, but its definately up there.
Like i said, your choice. Getting 2FA is simply helpful to amp up your account security of not getting hacked and may other good features. If you don’t want it, you can still play the game, but without any extras. Just like Runescape and many others MMOs. For a small inconvenience on your part to kill off more bots, i say it is a sound deal. If you can’t think that way, then i can’t convince you.
What I recall W.O.W doing at one time was they implemented 2FA and you could buy a dongle that would give you a random number. I imagine for anyone without a phone/chooses not to use their phone/ or is Pay as you go could use the dongle instead of GA or some other 2FA app. Not sure how hard something like that is to implement but they sold for I think around 15$. Could be wrong that was a while ago.
op is asking for anti bot reasons i think, i believe they mean to ask for mandatory 2fa for logging in so that automated programs have more difficulty and it’s slow bots down a bit.
not sure it’d stop them as i’ve seen bots get around 2fa before tho.
as you stated steamguard is essentially 2fa security for us legit users.