cootejames avatar image
cootejames asked

User Account Recovery

I am building a feature to allow my users to recover their account, in case they buy a new phone and want to continue to play on that.

I followed the guide on best practices for logins and from a technical perspective, everything seems to work fine:

On first launch, my game generates a unique custom ID, uses that to log in to playfab using LoginWithCustomID, and saves this custom ID locally to file. For future sessions, it loads this file to get the custom ID to log on with.

Later on, the user is given the chance to add an email and password to their account to make it recoverable. Or alternatively, to enter an email and password in order to recover an old account. If either of these are successful, the game saves the username and password locally to file. And then uses that to log in with LoginWithEmail in the future.

However, there are a few scenarios in which this leads to either bad UX or technically risky hacks. This suggests maybe I've misunderstood something conceptually:

In the first scenario, the user plays the game for a bit, adds an email address / password, doesn't get very far, then churns. Some time later, they install the game on their new phone, make great progress and try to add their email / password to secure their account new account.

Their email address is already in use. Of course they could recover their old account, but really they want to keep playing with their new account in which they've made much more progress.

At another company I work for, we have our own backend, and in this scenario of "email address already in use", or indeed in the case of a normal "account recovery", we provide the user with the option of which account they want to continue with, and which will be lost.

The user sees some basic information about the two accounts, such as the name of their Empire, Cities Owned, Army Strength, and also Coins and Gems associated with each account. On selecting one or the other, the backend then associates their email/password/login details with the selected account, and that's the one the user uses thereafter. The old account is orphaned and eventually cleaned up (deleted).

It seems there is no easy way to do this "giving the user a choice" with PlayFab. As far as I can tell, it's not possible to remove an email address from one Master Player Account and add it to a different one. (And it also wouldn't make sense for the second scenario detailed later). Nor does it seem it's possible to transfer a Title Player Account from one Master Player Account to another. It is possible to copy all the Title Player Data from the non-email Master Player Account to the email-linked Master Player Account, overwriting the unwanted data from the game where the user didn't progress much in the process. However the actual implementation of this looks extremely hacky / technically complicated and risky.

In the second scenario, the publisher has two games: Title A and Title B. The user plays Title A and adds an email/password. At some later point, they play Title B and attempt to add the same recovery email. However, email address is stored at the Master Player Account level, so the email address is already in-use from Title A.

The same hacky solution could be applied here. The Title B client could log in with the email address, thus creating a new Title Player Account for Title B under the same Master Player Account as Title A. And then copy/paste across all the Player Title Data. But again it will be difficult to implement, hard to maintain and a lot of things can go wrong.

From a UX perspective, the other options are also bad: The game could deny the user the ability to recover their account, or even worse, oblige the user to start again if they want to have a recoverable account.

The best solution I have seen for this is to add a prefix to an email. So when the user types in, what the game client actually registers is However, this completely defeats the point of having the email/password stored at the Master Player Account level. The same user would have multiple Master Player Accounts, each one with only one Title Player Account in it.

These are uncommon scenarios, but not so unlikely to happen that they're not worth thinking about. I really feel like I'm missing something here. If there's a best practice guide for this or anyone has ideas how to approach this differently, or if there's some API call that does all this that I'm not aware of, I'd be very interested to know.

Player DataAccount ManagementAuthentication
1 comment
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

cootejames avatar image cootejames commented ·

Just realised if I use the email prefix idea, then SendAccountRecoveryEmail no longer works


0 Likes 0 ·

1 Answer

Seth Du avatar image
Seth Du answered

I understand that you want to provide the choices for players to change the login email, however, currently it is not supported to change via any API calls.

However, the developers are able to manually change the login email via Game Manager. It seems to be a possible solution that asking players to submit a report to your mailbox so that after the necessary verifications, the developers can manually modify the email address for players or simply clear the login email address of the previous account. I don’t think prefix solution is a good idea.

Please feel free to vote this thread in Feature Requests forum --

10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

cootejames avatar image cootejames commented ·

That doesn't solve the second part of the problem, where the user ends up with two master player accounts, one for Title A and one for Title B, but still has only one email address.

0 Likes 0 ·
Seth Du avatar image Seth Du ♦ cootejames commented ·

Since any login-related information is in the master player account, players can use one identity to access all titles in the same studio, one login email address will be enough. May I ask your concerns? There is no need to link different login emails for different titles.

0 Likes 0 ·
cootejames avatar image cootejames Seth Du ♦ commented ·

A user logs in anonymously in Title A. Then in Title A adds an email using AddUsernamePassword.

Then logs in anonymously in Title B. Then in Title B tries to add the same email address with AddUsernamePassword.

What happens?

0 Likes 0 ·
Show more comments

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.