question

Kim Strasser avatar image
Kim Strasser asked

How could a player change his password if he has no more access to his login email address?

I use PlayFabClientAPI.SendAccountRecoveryEmail in my client code to send an email to the player's PlayFab login email if he wants to change his password. But what can I do if the player bought a new Android/iOS device and if he forgot his PlayFab account password and if he has no more access to his login email address? Because the password recovery email is always send to his PlayFab login email address and he can not access his email address. In addition, there is no contact email address in the player's account.

How could the player change his password in this situation? Do you know a secure workaround?

I don't want that a player can easily change another player's account password and steal the account.

Account Management
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

·
Seth Du avatar image
Seth Du answered

Please understand normally developers are not supposed to take such responsibility when the player has lost their own email accounts.

Surely, there should be workaround solutions, but it seems players needs to contact your team directly. You can verify the ownership by asking personal questions that the players may save in his accounts, and manually modify accounts for them.

I don’t see many gaming companies have support channel for players to submit account email-changing tickets, but I believe you may refer to Blizzard’s BattleNet support procedure.

Afterall, the first thing players need to do is to contact email service provider to recover account.

2 comments
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Kim Strasser avatar image Kim Strasser commented ·

For example, I want to ask two personal questions in my game when the player creates a new PlayFab account and save the questions and answers in Player Internal Data.

When the player wants to change his login email address at a later moment, then the player needs to send me an email with his new email address, his username and the correct answers. If the player's username and answers are the same as the answers that are saved in Player Internal Data, then I will manually replace his login email with the new email address that he indicated in the email.

Is this a secure way to change a player's login email?

Can I save personal answers in Player Internal Data or is this a security risk?

0 Likes 0 ·
Seth Du avatar image Seth Du ♦ Kim Strasser commented ·

I believe you can. Player Internal Data is a private resource that is only exposed to Server/Admin API. Your solution is feasible.

0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.