As somebody that was recently hacked, this would be a godsend. I have noticed that in the past few months, more and more companies have been adding mobile authentication features or have at least advertised them more. I feel that this would be a godsend.
Something that would be extremely difficult to find out or hack that would allow us to reset any changes.
Something that would allow a user to take matters into their own hands, to reduce the massive stress on the support team that slows down these kinds of tickets. Not to say the support team is doing a bad job, getting my account back was actually a pretty calm experience considering what I was actually having to go through.
I understand that you need to have a good password and stuff, but having more backups would be very useful.
Idea A: Mobile Authentication
Anytime you want to change a password, buy RP, or send a gift you can get a little code sent to your phone to authenticate it.
Just like Steam, but customisability might be nice if you know you are the sort of person that wants to rapidly do these sorts of tasks repeatedly and don't want to waste 10-20 seconds each time.
So I could have RP buying need authenticating, but not have gifts need it or something like that.
idea B: Physical Code
When you create your account, you could get an OPTION to write down a password (preferably on paper, you can't hack paper) that you cannot decide (randomly generated string of characters) and that you cannot change. This password could be a "access my account in an emergency" thing.
One password that will always access your account that as long as you are careful cannot be hacked.
As long as you aren't being keylogged, nobody could get access to your account for long.
Only Riot should have the ability to modify settings related to this code.
Idea C: IP Lock
Not as in influence points. The ability to lock where you log in to certain IP addresses would make hacking you a lot harder. This idea would be hard to implement, but could work well if used correctly by the user. I thought about this idea when I noticed my facebook and chrome stopped log ins from somewhere too far away and I thought of how to step it up a notch. This kind of idea I feel would work well in combination with mobile authentication as it would give you a bit of a backup if you forgot to disable IP lock when you went abroad, it would give you an emergency way to log in again and change it.
I will go through step by step:
1. User goes into settings and finds IP Address Lock
2. User enters their IP address
3. The account can only now be logged into from that IP address
(1 week later)
1. User wishes to go on holiday
2. Go to IP Address lock
Option A: Disable IP Address Lock
Disable the feature altogether
Option B: Set travelling mode on
The user could enter their destination city and how long they are staying for.
Now the account can only be accessed from within the specified area(s) for that length of time
I don't know how hard most of these would be to implement, probably very hard. These are designed to give the user a bit more power if things go wrong, and security if nothing has gone wrong yet. If Riot chooses to up security at any point, I thought I should share some thoughts I have had.
Most of this is not well thought out and just from the top of my head.
Note: This is a note before somebody says "These ideas have flaws and could be beaten in X scenario if Y is true" or whatever.
Of course this is not impenetrable.
Where there is a will there is a way, the game of stopping a hacker is just making the job so difficult it isn't worth doing. That is what I feel like these things could do.
Additionally, just like steam guard these could be optional. Recommended, but optional.
Feel free to still point out those flaws though, just don't act like they completely invalidate the idea. I know that is what you lot (including myself) are like when it comes to change or improvements.
EDIT: Fixed the title