« January »
January
Jan 3 - Aisha Day
Jan 6 - Gnorbu Day
Jan 11 - Buzz Day
Jan 14 - Sloth Day
Jan 16 - Elephante Day
Jan 29 - Kacheek Day

The Advent Calendar is here for all of December!
It's Jordle... with Jordie! Can you guess today's word?
Help us model your pets!
Complete the Altador Mini-Plot!
Discover the characters of Neopia in our Book of Ages!
Your jnAccount! Your jnAccount: Log In or Register | New to Jellyneo? Click here!

Welcome to Jellyneo.net!

Welcome to Jellyneo, the #1 ad-free Neopets help site! We offer news and tips for the popular online game Neopets. Here's what you can find on the site:

You can also register a jnAccount; it's free and lets you access special features! (Find out more!)

Pick your news: Neopets News Jellyneo's Twitter | Crossword | JN Updates | Daily Puzzle | Advent

Dave
2-Factor Authentication Arrives
  • Posted by Dave
  • Posted on October 13, 2022, 12:31 pm NST

2-Factor Authentication has arrived in Neopia! This is a great way to secure your account, as it requires you to use a secondary device (such as your smartphone) to be able to log into Neopets. This means that even if your Neopets password is leaked in a data breach, no one can log in as you unless they also show up at your house and steal your phone.


To get started, you'll need to have an authenticator app downloaded and installed. This app will generate the one-time codes that you will use each time you log into Neopets (think of it as a second password).

We recommend the following authenticator/code generation apps:

You can get a two-for-one if you use one of the password managers listed above to generate your 2FA codes—securely stored password and 2-Factor Auth security!

If you already use an authenticator app, no need to download a second one! Authenticator apps are agnostic and Neopets will work with any of them, just like Gmail or Discord can use any of them for 2FA!

After you have a code generator app downloaded, visit your 2-Factor Auth preferences on Neopets, and enter your password to get started.

You'll find a lot of wordy instructions on the 2FA page—but don't fear! 2-Factor Auth is relatively easy to set up and use. It's essentially setting a second password for your account, but the password changes every few minutes and can only be generated by an app on your phone. Plus, it adds a huge layer of security to your Neopets account!

As a note, you will be provided with "emergency backup codes". These codes are used in case you lose the device you set up 2FA with, or if your device is broken and the data unrecoverable. As Gandalf likes to say, write these down, then keep them secret, and keep them safe! We recommend either saving them to your password manager, or saving them in a text file on your computer.

What if you have side accounts? You'll need to set this up individually for each Neopets account. So, if you have 5 accounts, you'll have 5 entries in your authenticator app.

Once you have 2FA set up, let us know how it went in the comments! Any questions or concerns? Ask below and we'll try to answer!
Follow @jellyneo on Twitter for all the latest #Neopets news!

There are 60 comments below. Add yours!


terraswan, October 13, 2022 12:36 PM NST
All right, finally some good security!
strobotic, October 13, 2022 12:49 PM NST
Yaaay and they only took twenty something years
alkseeyakc, October 13, 2022 12:52 PM NST
set mine up! It was easy peasy!
roshchodesh, October 13, 2022 1:19 PM NST
I do have a question (unsure how/what to ask, in an understandable way, so please bear with me).
- I know we all had to change passwords, but did they "fix" the problems that made the data breach? In other words, could they be hacked again, right now, or is our info safe and the site secure?
roshchodesh, October 13, 2022 1:23 PM NST
"2FA... This means that even if your Neopets password is leaked in a data breach, no one can log in as you unless they also show up at your house and steal your phone."

If they did break in to steal my cell phone they wouldn't find it, because *I* can never find it...
dolchay, October 13, 2022 1:26 PM NST
Got mine setup with no issues. So glad they have this now
roshchodesh, October 13, 2022 1:30 PM NST
One more serious question: If I install the 2FA app, will this work regardless of whether I log into neopets from mobile or my laptop (or anywhere else)? Thank you
premium17, October 13, 2022 1:33 PM NST
Have 2FA on every important account I have but didnt have to download a app.
minerra, October 13, 2022 1:36 PM NST
It took a bit for me to figure out (probably because I did not really read the instructions at first) but I got all my accounts set up within 10 minutes! (Probably would have been five if I knew what I was doing.) And I logged back into my main with no issue!
anunsureneopian, October 13, 2022 1:54 PM NST
This is good news!
pirate, October 13, 2022 2:52 PM NST
While I'm glad this has been added, does it have to be a smart phone? I don't own one.
bikkle, October 13, 2022 3:17 PM NST
Okay, the 2fa isn't going to help anyone. The website is still being breached, nothing was fixed, and even if someone can't gain access to your smart phone your emergency backup codes bypass it all together and someone who can breach the website can get those codes. It's just a false sense of security and a waste of time.
hdawg1995, October 13, 2022 3:35 PM NST
oof its that jank 2Fa discord tries to push. i'm glad they finally have 2fa but could they have gone with one that doesn't alienate people without a smart phone? baby steps i suppose.
sidra, October 13, 2022 3:43 PM NST
Yeah, I'm seeing several people over on Help Chat confirm that they don't have smartphones. Someone suggested it might be possible to use a desktop-friendly software instead. If this is actually a viable option it'd be swell to see directions on JN for how to do this.
sidra, October 13, 2022 4:07 PM NST
Oh, I missed the comment asking how the 2FA setup has gone for players. My first attempt didn't work. Everything seemed to go smoothly. But when I logged out & then tried to log back in I wasn't asked for a code. Instead, I was again given the option to sign up for 2FA. Checking my Google Auth app, however, did display codes to input. So it clearly went through on that side of things.

So I repeated the process again, overwriting my original Google Auth app settings. This seemed to do the trick. I'm now seeing a prompt to enter my unique 6 digit code when I log out/log in.
roshchodesh, October 13, 2022 4:46 PM NST
@bikkle
Thank you for the info
That's what I suspected
rosi, October 13, 2022 5:02 PM NST
I'm with Pirate on this. What if you don't own a mobile phone? Does it mean you can't log in?
ziporen, October 13, 2022 5:18 PM NST
@bikkle: That's not how this works... the apps are not owned by Neo, so they don't store anything from them. To get around the 2FA, someone would need to send a ticket claiming that they've lost access to the account and the device needed for login authentication with some proof of ownership. It's not perfect because Support does mess up, but it is a lot better than having no 2FA at all.

@rosi: You are not required to set it up. There are also destop auth apps that can be used as alternatives.
rosi, October 13, 2022 5:41 PM NST
@ziporen : thank you. Now if only I knew which alternative app could be trusted.. it'll require quite some time to do some research.
dave - JN Staff, October 13, 2022 5:58 PM NST
@roshchodesh: Re: if your information is secure, it's probably better than before. But anyone who says it's 100% secure would be lying or unknowledgable.

Re: if the 2FA codes will work anywhere, yes! It doesn't matter where you log in from, the codes generated in your authenticator app should work wherever they are asked for.
dave - JN Staff, October 13, 2022 5:59 PM NST
@sidra: Haven't used any desktop software personally (it's better, IMO, for your "2nd factor" to be a second device), but I've heard 1Password offers 2-Factor Auth codes. That's a paid password manager, but if you already have it, it sounds viable. I wouldn't be surprised if other password managers also offer it.

Anyone have any desktop 2FA solutions they've used and had success with?
jaydeed, October 13, 2022 6:30 PM NST
Sorry to be dim, but if I set it up, does it mean every single time I log in, I have to faff around getting a code from my phone? Seems like a lot of hassle.
bikkle, October 13, 2022 6:34 PM NST
@ziporen: That is how this works. While the 2fa uses an app, the emergency backup codes are meant to be used on the Neopets website when logging in if you have lost access to your smart phone or 2af app. Which means, those emergency backup codes are information stored on the Neopets' servers accessible by the breach in the website. And we know there is still a breach and unauthorized access because we know neo_truth is still in there mucking about. If one person can find the breach, others can as well and use your emergency backup codes to disable the 2fa and gain access to your account.
corruptora, October 13, 2022 6:44 PM NST
I don't recommend Google auth, Authy is way better and you can recover your 2FA even if you lose your phone and backup codes whereas on Google authenticator don't.
roshchodesh, October 13, 2022 8:21 PM NST
Thank you Dave for answering my questions (and understanding what I was trying to say). You are smart and kind and appreciated
dalice, October 13, 2022 8:41 PM NST
so when i use numpad, it inputs numbers that then change to letters as i type and rejects it (because it's now changed entirely to letters). only happens on neo, ofc. anyone else experience this? obv just won't use numpad to input but, annoying.
spongebubbles, October 13, 2022 10:12 PM NST
Does anyone know if this change affects the issue where you get logged out every time you switch between your computer and your smartphone? If it'll still be like that, I sure don't want to add yet another step to the login process! It already makes me put in my birthday nearly every time!
apophis324, October 14, 2022 12:14 AM NST
I don't know.. I don't trust having to use my super-slow-on-start-up phone that I only use as a glorified GameBoy to store recovery codes I may or may not need often when I log in to Neopets. Why can't a second factor just be another e-mail address?

I'm probably dumb for being sceptical, but for now I am going to pass on this.
dreww355, October 14, 2022 12:20 AM NST
In regard to desktop options, if you are on an Apple device you can use Keychain. It was recently updated (last 6 months? year?) to accept 2FA codes. Other password managers like Bitwarden also have options to save 2FA and have desktop apps or can be accessed through a browser.
kyrette, October 14, 2022 4:05 AM NST
Why does it *have* to be your phone? I agree with Apophis, it could be another email address...
I'm not doing this just yet. Whenever TNT releases a new feature it glitches. I don't want to be glitched out of my accounts again.
premium17, October 14, 2022 6:46 AM NST
I hope JN can do a guide on this, especially for those do not want to use a phone and set it up on our computers.
apophis324, October 14, 2022 8:46 AM NST
Also an idea on their end: Make an app! Steam for example has their own Steam app for the 2FA. Has TNT ever considered making an app?

...

Oh wait.
unvile, October 14, 2022 10:41 AM NST
Hm I thought this was a GOOD thing but after the issue I just had - I'm scared.

2FA made me have a temp IP Ban (Still have it and can't log in to any of my other accounts on my WIFI) from being able to log into my account(s). I could only do so with mobile hotspot. Basically I was unable to have the 2FA 6 digit box pop up after I hit 'log in' after entering my credentials.

That really spooked me because I thought I'm finally locked out of my neo account and my pixels are done for Eitherway I'm not touching 2FA until it gets PROPERLY sorted/fixed or whatever
contessa, October 14, 2022 11:00 AM NST
OMG really?? I am glad that they are doing more security stuff but for all my other accounts and such online, they just call my phone and give me a code to use. This is a lot of trouble and what if you do not have a smartphone????

Thanks TNT, I may not ever get into my accounts again and I am NOT happy about that!
sacanth, October 14, 2022 1:00 PM NST
@apophis324
targoefista, October 14, 2022 1:29 PM NST
@Contessa: You don't need a phone. Most password managers (which you should be using!) now let you scan the QR code into it so you can do it on your desktop. I think google also has an option. You don't need an app.
ziporen, October 14, 2022 2:37 PM NST
@bikkle: N_T doesn't have full database access anymore. Everything posted since the breach has been from logs that he can still see (ex. item transfers, Support changes to accounts, etc.) or from a backup of the source code.
twistedlittledreamer, October 14, 2022 3:03 PM NST
ouch, I don't have a smart phone-I have a cell, but it's an old school pay as you go flip phone
ng_282, October 14, 2022 3:34 PM NST
For those who want a desktop Authenticator, I've used WinAuth without any problems!
dave - JN Staff, October 14, 2022 4:01 PM NST
Updated the post above with a clearer list of authenticator app options! Both mobile and desktop options available!
dave - JN Staff, October 14, 2022 4:11 PM NST
@contessa: This is a pretty standard security measure on many other websites out there, including Google, Facebook, Amazon, and Discord. It seems to actually be well-implemented on Neopets, in that they didn't do anything screwy with how it's set up.

If you're not using 2FA to protect your accounts elsewhere--you should reconsider.
dave - JN Staff, October 14, 2022 4:13 PM NST
@unvile: Sounds like an unrelated issue with StackPath? Issues with StackPath are still ongoing, but much less than when we reported on it last month.

Solution is to clear your Neopets cookies, and you should be able to get back in.
dave - JN Staff, October 14, 2022 4:14 PM NST
@apophis324: Having Neopets make their own 2FA app is kind of like asking Neopets to make their own web browser because you don't want to use Chrome or Firefox. It's just not something they should do, IMO.
coolkaius, October 14, 2022 9:02 PM NST
I tried two different authentication apps with all 5 of my accounts. Setting it up was easy, but after many many attempts, I couldn't re-login to any of them without my recovery codes.
xid, October 14, 2022 9:30 PM NST
I'd like to suggest another option for Android, which is the one I'll be trying when I have some time: Aegis Authenticator, free and open source.
apophis324, October 15, 2022 12:46 AM NST
@dave: I meant it as part of the app. Taking the example of the Steam app again, that thing is designed for mobile use of game platform Steam and has a 2FA module integrated in its system. It is not impossible was all I meant to say.
As for not using 2FA on other places: I don't know about other places where it would be recommended that I frequently visit. As for Google, they have a second e-mail address to fall back on. Same for my proper e-mail account.

I do understand and respect your side of the dilemma
shadowfrost, October 15, 2022 3:31 AM NST
i'm glad they finally added this! i was always a little nervous about apps like this because i didn't know there are backup codes, so happy that there's ways to still access the account if the phone is lost or no longer works!
roshchodesh, October 15, 2022 1:10 PM NST
I may be really tired of the mishagos that is neopets. They haven't bothered to tell us they haven't secured the site and are still breached by at least one hacker (as bikkle said "we know there is still a breach and unauthorized access because we know neo_truth is still in there mucking about" and the IMPLICATION is that if we do the 2FA everything is fixed.
They said "we're excited" to announce... to announce we haven't fixed it yet, but YOU go do something."
It's spun just like anyone else with a good lawyer or PR team,
contessa, October 17, 2022 12:39 AM NST
Dave, I do have 2F on my other places like emails, bank and CCs but they all just ask for your phone number and call you with a code to put in, they do not make you download an app
zeelink, October 17, 2022 3:40 AM NST
LOL, I'm not giving Neopets my phone number. What a shitshow.
stuffie, October 17, 2022 10:01 AM NST
@zeelink

2FA comes in a variety of flavors,
My understanding is that SMS 2FA is the one that sends the codes via txt messaging - which would ofc requires a phone number..

fortunately though, that isn't the case here and you have options! (Neo doesn't ask for your phone number)



However I do have my own reservations...
stuffie, October 17, 2022 10:26 AM NST
I've eagerly been awaiting this feature for CENTURIES now and am itching to activate already (with Aegis on my phone raring to go)
but am a tad cautious..

Given the staff's track record, I'm terrified of locking myself out.

I've kept my eye on the event/help boards & other forums for any issues -
and it's reports like one described above just a couple of posts by @coolkaius - that give me pause.
I saw a similar situation where even the backup codes didn't work!
(no updates on getting back in as of yet ~ Sending that poor soul Best wishes*)

--

Granted, it's probably only a small chance, but as someone with a lifetime of laughably bad luck, I get paranoid, :')
stuffie, October 17, 2022 10:41 AM NST
@contessa


One thing I failed to mention in my first post,


I'm not sure why that would be a standard in banking (unless you were given several options or there's a similar/better form I missed??)


But based on what I've seen so far, SMS (phone number 2FA) is considered one of - if not - THE least secure forms.
peppermint, October 17, 2022 11:52 PM NST
I guess I don't hang around any websites that use this method because I've never even heard of it before. Do other game sites do this? I don't play any others so I don't know.

Why can't Neo just let you set up a secondary contact email? I don't like installing superfluous apps on either my phone or computer and wasting my system resources
zipwing1234, October 19, 2022 3:55 PM NST
Can someone help me,, I'm not sure if I signed up correctly,, how do I know?????
sakaarson, October 21, 2022 6:39 PM NST
Pete's sake. Why do all these TFA things require me to download an app now?! First outlook, now neopets.
autumnwolf, October 25, 2022 1:56 PM NST
Does anyone know if any of the available apps for iOS work with voiceover? I'm blind and I don't want to set up two factor authentication only to have the app not work. Thanks!
dave - JN Staff, October 25, 2022 2:39 PM NST
@autumnwolf: I don't have any experience using voiceover in apps, but there are multiple points where you can stop in the set up process before committing to 2FA.

Right after you are asked to scan the QR code (or input the special code) in your Authenticator app, you are considered "set up" with the Authenticator app. So at that point, before you confirm it back on Neopets.com, you should be able to play around with the Authenticator app and see if it works well with your voiceover.
meer, October 31, 2022 11:01 AM NST
Oh yay!! Just in time for the kinks to get worked out (if any, heh, there always are on Neopets! ) before I get my iPhone!! I'm very happy that Neopets is finally adding 2FA!!

It may be far from perfect security, but it's a step in the right direction! And makes me feel a *little* bit safer about my precious neopets!

As for those worrying about not having a smart phone, I feel for ya! *hug* I still am one of those people, and it always annoyed the heck out of me that so many places assume you have a phone. I never had use of one. But recently I have decided I finally want one. I don't plan to use it as an actual phone much, just for emergencies maybe *knock on wood that never happens!* but, having a tiny computer in my hands at all times sounds very good! AND, I really need a replacement for my ancient iPod, so, why not go all out and get an iPhone instead of an iPod for the extra features?

So yeah, I'm getting one for Christmas!!

To those saying it's no good cuz hackers can still get the backup codes.... yeah, that sounds like a big flaw, a big vulnerability. But, it's a step in the right direction at least! It's something! Hackers always gonna hack. All we can do is keep trying to make things more secure.

To those who don't wanna download yet another app, I would say, yeah, I hear ya, I don't want to clutter up my devices with apps either, but, a 2FA app sounds like a very useful app, that I could use on a variety of places to make them more secure, so, once I find one I like, I'm gonna get it!

Besides, I'd MUCH rather download an app than give Neopets my phone number!!! The lesser evil man, the lesser evil!

Those who don't have phones, I hear ya! I was one of ya! But, I've gone to the dark side! XD (or will, as soon as I can afford to) As a techie fan, I look at it as one more little computer to play around with! They have so many uses now! If ya can't beat em, join em!

Although, i
sakaarson, November 21, 2022 9:00 PM NST
This is ridiculous. Why not have an option to simply send a text message? I'm not downloading yet another app just to log into neopets securely.

Add Your Comment

Want to add your thoughts? You just need to log into your jnAccount!

Log In Your jnAccount Register a jnAccount Your jnAccount

Jellyneo on Twitter
Get JN updates via Twitter!
Jellyneo on YouTube
Find our latest gaming videos on YouTube!
Old Neopets News
Looking for older Neopets news?