question

kevin-4 avatar image
kevin-4 asked

Consistent CustomID for Windows builds using Unity

I just noticed that as of 2 days ago, seemingly after installing the big Windows 10 feature update, version 1803, that the custom ID vaue I send to Unity for Windows users (SystemInfo.deviceUniqueIdentifier) in the LoginWithCustomIDRequest authentication call has changed on my PC. This is the first time a Windows update has changed that value for me.

Because of this, since no other login was attached to my test account (like Facebook or PlayFab), the PC was registered as a new user and the old account orphaned. I'm still investigating what the update changed on my PC to affect that value, but my question is: what does PlayFab recommend to use for the custom ID for PC users using Unity? And if there's no official recommendation, does anyone else use anything other than SystemInfo.deviceUniqueIdentifier for PC custom IDs?

10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

·
brendan avatar image
brendan answered

The Unity deviceUniqueIdentifier is not guaranteed to remain the same on all device types. Your best bet for a Windows title would be to save a generated GUID locally, so that you can use that on subsequent logins.

4 comments
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

kevin-4 avatar image kevin-4 commented ·

Where would you recommend to save it so that it can't be tampered with easily? In the registry (or whatever is the equivalent on MacOS and Linux) or somewhere else?

0 Likes 0 ·
brendan avatar image brendan kevin-4 commented ·

"Easily" is going to be a matter of interpretation. A PC is a general-purpose computing device, so technically, you cannot fully secure anything which is stored locally. The Windows registry, for instance, can be edited quite easily. If you want to protect against casual tampering by the average person, any simple encoding would work. You could, for example, use a variant on Base64 (not the default, since there are Base64 translation tools on web sites) encoding.

But since what we're talking about is the credential the user needs to sign in, there's little reason for the user to alter it, unless you expose the credentials for other players in some way (which, of course, should be avoided).

0 Likes 0 ·
kevin-4 avatar image kevin-4 brendan commented ·

My main concern isn't the user altering it for malicious reasons, my concern is them accidentally altering or deleting it by mistake.

With that in mind, is there a specific directory you would recommend to store this value?

0 Likes 0 ·
Show more comments

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.