MTGO: After security concerns, Wizards announces 2FA update

As 2023 moves along, the importance of keeping yourself safe and protected only increases, particularly online. Every day there are more and more scams and spam messages and calls which torment users way over what would be deemed accessible.

For online games, the issue can become as big as losing your credit card, as most games nowadays have monetization systems which can require personal data. Most games, however, have ways of protecting their players' data to ensure absolute customer safety.

In a world where someone can sell their online gaming account for hundreds of dollars, depending on which collectible items the account has, protecting yourself online is not only for the most paranoid, and instead has become an absolute must for any gamer out there.

Particularly for TCGs, which are, at some degree, collector games at their core, the dangers of losing a collection can mean thousands of dollars lost. For MTGO, then, just the mention of being hacked can cause fear to the bravest players around.

And unfortunately, it is a real issue for the game. Earlier in January this year, a few dozens of players complained on social media they had their accounts stolen, one way or another:

To counter these attacks, the company has added a few reminders for players regarding their Password policies on February 7th in the weekly update, including the development of 2-Factor Authentication:

"Players have been understandably expressing concern about account security in light of account-theft reports on social media.

Two-factor authentication for MTGO is in active development, but in the meantime, please remember:

Players with a strong MTGO-only password that they have never shared or exposed aren't targets of account theft—having such a password should be part of every player's account security.

Until we can deploy two-factor authentication, awareness of how passwords are stolen is a player's best defense against account theft. Here are some critical mistakes to avoid:

Password Re-Use: There have been no Magic Online data breaches under Daybreak, but a data breach or bad actors on a website where you have re-used your Magic Online password can lead to bad actors trying the password elsewhere. Never re-use your Magic Online password or one similar to it.

Password Sharing: Whether given intentionally to friends or unintentionally to phishing and social engineering efforts, sharing your password with any person or entity puts your account at serious risk of theft.

Password Strength: Accounts with passwords that are guessable, short, or overly simple are at greater risk of theft. Make your password strong!

Password strength and care are the common threads here. Change your MTGO password today to a unique, complex alternative and never give it to anyone or enter it in anything other than our login screen or Help site. Players who do reduce their risk of account theft to near zero.

An update on February 14th reiterated the reminder and stressed that 2-Factor Authentication is still in development, and will come at a later date.

All hack threats and suspicions should be reported in the official Customer service website in the form of a Customer Service Ticket. If you should find yourself locked out of your account, a new account must be made and used as your credentials in your ticket. This is the fastest way to solve issues and ongoing problems.

The game's managing was passed over from WotC to developer Daybreak Games in 2022. We hope the company can take on the hard task of cutting down hack threats.