Securing your Paradox Account

[konbendith]

We have recently tracked attempts to maliciously access data from Paradox accounts. While no actual security breach has occurred in our systems, we’ve confirmed that a small number of accounts have been accessed, most likely without the users’ consent. As Paradox systems have not been compromised, this is likely due to the use of an externally compromised password for your account.

We have informed the users affected by email, so if you haven’t heard from us, it means your account is safe. We’ve also deployed measures to secure the affected accounts and prevent similar issues in the future. Payment information, including credit card numbers, are stored separately and have not been at risk.

If you’re using a password with a low level of complexity, or if you are using a username or password for your Paradox accounts identical to accounts on other systems this is a good opportunity for you to update your account with a stronger password.

Our recommendation is always to go with a unique password, complex enough to ensure proper security; generally, a series of multiple keywords is the most secure and easy-to-remember option. We recommend the use of a password manager and ensuring that you are not reusing passwords as a security precaution for the future.

 

[ThatDaniel]

Paradox should put in place 2-factor-authentication, it would greatly secure user accounts. Has there been a discussion of adding it?

 

[Arrowkill]

I would not be opposed to two-factor but it really does create a bit of a hassle. I think we could benefit from it though.

 

[Krille]

Paradox should put in place 2-factor-authentication, it would greatly secure user accounts. Has there been a discussion of adding it?

Hi,

Adding MFA has been discussed and could be a great way to add more security to accounts. You're likely to hear more about security measures in the near future as we explore various options. We always appreciate additional input from our players.

 

[burglar225]

If one is affected by the security breach the used mail account can be checked for hacks here (https://haveibeenpwned.com). Also passwords can be checked, if they are compromised here (https://haveibeenpwned.com/Passwords).

 

[Levgar]

someone summon the court spymaster

 

[iniudan]

someone summon the court spymaster

But are you sure the spymaster isn't working against you?

 

[Levgar]

But are you sure the spymaster isn't working against you?

You maybe right not only does he have the deceitful trait, but also the ambitious trait!

 

[SanguiniusStyle]

The economy, fools!

-1 stability

 

[Dayshine]

Hi,

Adding MFA has been discussed and could be a great way to add more security to accounts. You're likely to hear more about security measures in the near future as we explore various options. We always appreciate additional input from our players.

Considering that my paradox login is now linked to a lot more than just this forum (payment system, paradox launcher, paradox mod platform, other linked services) it would be good to see the platform work towards industry standards such as the OWASP Application Security Verification Standard.

My personal bugbear is not being able to see my currently logged in sessions. My account could be compromised and I would have absolutely no idea.

 

[DominusNovus]

Paradox should put in place 2-factor-authentication, it would greatly secure user accounts. Has there been a discussion of adding it?

Hopefully not until their system can actually remember when we’re logged in. I’m not going to do two factor authentication multiple times a day.

 

[Dayshine]

Hopefully not until their system can actually remember when we’re logged in. I’m not going to do two factor authentication multiple times a day.

Well, that's kinda my point. I can't tell if it's losing my sessions, or if someone else is logging in and expiring my sessions

 

[DominusNovus]

Well, that's kinda my point. I can't tell if it's losing my sessions, or if someone else is logging in and expiring my sessions

Well, we do know that P’dox, for some reason unknown to us, has a serious issue with keeping us logged in, so its 99.99% that, rather than someone logging you out.

 

[Alblaka]

Big IT companies try to silently sweep massive data breaches under the rug.

Paradox informs you if they notice suspicious behavior they aren't even responsible/accountable for.

Bravo.

 

[Pellaken]

Hi,

Adding MFA has been discussed and could be a great way to add more security to accounts. You're likely to hear more about security measures in the near future as we explore various options. We always appreciate additional input from our players.

keep in mind that not everyone has a cell phone, and that any plan should be designed in a way as to not lock longtime legitimate people out of their accounts.

 

[gigau]

Thanks for the information.

 

[BrotherJonathan]

Thanks for letting us know. For some reason, I picture an attempted hack attack triggering flashing red lights and a WW2 air raid siren in the Paradox offices.

 

[Matt714]

What damage can they do anyhow?

 

[Gogote54]

keep in mind that not everyone has a cell phone, and that any plan should be designed in a way as to not lock longtime legitimate people out of their accounts.

This ! Please do not forget those who do not have "smart"-phones or ipad or whatever. Thank you.

 

[crowdemon]

Thanks for the heads up.