question

Muhammad Roshaan Tariq avatar image
Muhammad Roshaan Tariq asked

Should I Unlink DeviceID after Linking with EmailAddress/Password?

Hi,

In my game I used LoginWithAndroidDeviceID for Android device and LoginWithIOSDeviceID in case of iOS device to make sure that users are not prompted with EmailAddress/Password the first time.


But now my question is what should I do with their device accounts? Should I unlink them or keep them linked? I don't want their data to be compromised


Scenario:

A user plays my game and they have their device linked but now that user decides to sell their current device and the other person who buys the device also plays this same game and they could easily login or hack their account. Right? I don't want that to happen so what should I do? Is there any service Playfab provides to prevent this?

Please let me know what is the standard procedure or protocol to prevent this from happening? Thanks!

Player DataAccount ManagementAuthentication
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

·
Citrus Yan avatar image
Citrus Yan answered

If you unlink the device id after adding recoverable login credentials ( for instance, linking with EmailAddress/Password ), the players will need to type something (at least the password) in order to log in, which is surely safer but also inconvenient. Or you can provide the option of unlinking devices for the users so that he/she can unlink the device before selling it. You must make a trade-off between convenience and security based on your own circumstances.

By the way, here is a doc on account linking you may find helpful: https://docs.microsoft.com/en-us/gaming/playfab/features/authentication/login/quickstart

4 comments
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Muhammad Roshaan Tariq avatar image Muhammad Roshaan Tariq commented ·

@Citrus Yan Alright. I have read the document but there's nothing mentioned about unlinking the devices for security measures. But thank you for a suggestion

0 Likes 0 ·
Citrus Yan avatar image Citrus Yan Muhammad Roshaan Tariq commented ·

In general, it's safer to unlink devices when an account has recoverable login mechanisms in case that the players lost their devices and are unable to retrieve their accounts.

0 Likes 0 ·
Muhammad Roshaan Tariq avatar image Muhammad Roshaan Tariq Muhammad Roshaan Tariq commented ·

@Citrus Yan I think I will go with unlinking devices after they are linked with recoverable account

0 Likes 0 ·
Citrus Yan avatar image Citrus Yan Muhammad Roshaan Tariq commented ·

Yeah, sure:)

0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.