To best protect your game account and access, we strongly recommend adding a Multi-Factor or Two-Step Authenticator to your account. As more and more of our daily lives moves into the online world of the Internet, cyber security has become increasingly important. Anything of value is at risk, and RSI accounts are no exception.
Within the gaming industry, "Real Money Trading" (or RMT) is a massive problem and is the underlying cause of account theft for any game company with digital assets worth any sort of real money value. This is why many companies, including Cloud Imperium Games, offer Two-Factor Authentication (2FA) options to their users to help them protect themselves.
This article walks through common questions, explains how authenticators work, and provides links for more information.
For troubleshooting, see Authenticator Troubleshooting.
Why should I use Authenticators?
Two-Step authentication adds an extra layer of security to your account. The only way someone can access your account is if they have your phone for mobile apps, or access to your email. You control all access! While nothing is 100% secure, authenticators are close.
Which authenticator is better?
We strongly recommend Mobile App authenticators. Hackers can gain access to your email depending on the provider, if you have keyloggers or malware on your computer, if your login data was involved in a security breach elsewhere online, and so on. The mobile app is only accessible through your smart phone.
Email authenticators are still a strong option if you don't have a phone that supports those mobile apps.
We support the following authenticator options:
Do I have to enter a code every time I login? You choose!
When you log in with your authenticator, you can select the authentication duration:
- 1 Month - after 30 days, you will be prompted for a new code
- 1 Year - after 365 days, you will be prompted for a new code
A cookie is generated locally on your computer with encrypted settings, information, including an expiration date. When the cookie expires, it is removed. The next time you login, the expired cookie no longer satisfies the request. And you are asked to enter your code again. You will also be required to enter the code again if you manually clear your browser cookies.
Here's how it looks in the RSI Launcher for Star Citizen!
How do authenticators work?
When you log in the first time, a code is required to login. You open your mobile app or email and type in the code provided. All authenticators then generate a cookie locally on your computer after verifying the code. Every time you log in on that specific device/computer, if you have a cookie, you are let in until it expires.
If you block cookies on your computer, you will be prompted for a code every time.
How do I login without access to my authenticator?
You can generate up to 10 codes through the Security tab of your Account. With these codes, you can log in if you forgot your phone or don't have access to your email. We recommend keeping these in a file or printed out next to your computer.
If for any reason you have lost access to your authenticator, or got a new phone, you can use the backup codes to get into your account and replace your authenticator. If you need our help, contact RSI Player Relations team or enter a ticket!
Can I remove Two-Factor Authentication once it’s been added?
Yes, you can remove the authenticator anytime. For example, you may need to remove it to add a new authenticator to a new phone. Authenticators do not automatically update and sync across separate devices. If you get a new phone, you need to remove the authenticator and add a new one.
Can I use one authenticator for multiple RSI accounts and games?
Yes! Mobile app authenticators support multiple accounts. You will have codes generating per each RSI account tracked in the app.
Play alot of games? You may already use the Google Authenticator for other games. You can easily add Star Citizen to an existing mobile app.
I lost access to my authenticator app. I'm locked out! How do I fix this?
If you ever reset your phone or get a new one, your mobile app won't be available. Even if you install the mobile app again, it is not synced to your account. The mobile app and your account share a secret you set up with the QR code you scanned.
If you have your backup codes, you can still log in using one of those codes, remove the authenticator, and set up a new one.
Don't have codes? You can contact RSI Player Relations for help! When you contact us, provide as much of the following information as you can:
- Last known Email address associated with account
- Date of Birth
- First and last name on the account
- First line of billing address
- Login ID (if set after account creation)
- Some information on your pledges