Security Configuration
The security protection offered by LEVEL INFINITE PASS includes platform-level protection, security configurations for games, as well security controls for players.
Platform-level protection
Includes security threat perception and prevention (such as IP filtering), and account unlink verification. Platform-level protection is enabled by default when LI PASS Account Center has been integrated, and no configuration is needed from games or players.
Account unlink verification
When a player attempts to unlink any third-party channel (such as Google, Apple) from their account, the player is first required to verify their identity through their LI PASS registered email. This ensures that only the legal owner of the account can perform the unlinking operation, preventing unauthorized modification of account settings by hackers. The channel can only be unlinked after passing the email verification.
This function is a standard security feature of LI PASS and does not require additional configuration.
Security configurations for games
Includes suspicious activity alerts, CAPTCHA, and account linking restrictions. Games can choose whether to turn on the relevant security protection and customize the relevant controls through Player Network Console.
For detailed configuration steps, see Security.
Suspicious activity alert
When login is detected to be from a new device located in a different region, an alert email will be sent to the email address linked to the player's LI PASS, to inform the player of the possible security risks and subsequent steps to be taken. Logging in to a game account with a new device in a different region is considered to have a relatively high risk of account theft. This function is designed to prevent account theft and promptly inform players of security risks through email and guide players to handle them.
Enable suspicious activity alerts and configure the trigger conditions from Player Network Console. After enabling, the system will monitor the login behavior of player accounts, and when login from a new geographical location or device is being detected, an alert email will be sent if the conditions set in Player Network Console are met.
CAPTCHA
To protect accounts from automated attacks and malicious scripts, LI PASS uses CAPTCHA to ensure that the operation is performed by a human instead of an automated program, effectively preventing brute-force attacks, spam registration, and other forms of malicious behavior.
Enable CAPTCHA and configure the frequency limit rules from the Player Network Console:
- Verification code login: If a single account requests for verification codes for more than Y times within X minutes, the system will automatically trigger CAPTCHA. X and Y are integers, which can be configured according your security strategies.
- Password login: If a single account attempts to log in with password for more than Y times within X minutes, the system will automatically trigger CAPTCHA. Values of X and Y can be adjusted according to your system requirements to prevent brute force and repeated login attacks.
Account linking restrictions
Account linking restrictions will restrict players temporarily from linking to LI PASS after logging in with a new device, preventing malicious linking due to device loss or account theft.
Enable account linking restrictions and configure the time window for the restrictions according to your security needs from the Player Network Console. For example, set the time to 24 hours or longer to lower the risks of potential account hijack attempts.
Security controls for players
Includes 2FA, login device management, and one-click log out from devices. After integrating and configuring the LI PASS Account Center, players will be able to access the Account Center to perform the security operations.
Two-Factor Authentication (2FA)
2FA is a standard security function provided by LI PASS. When enabled, if players are logging in with a new device using a method other than verification code login, they will be required to enter the verification code received in their registered email address. This prevents unauthorized devices from accessing player accounts and ensure the security of player data.
- Enable 2FA: Players can enable 2FA from the Security Settings page in the LI PASS Account Center. If the player has not linked to LI PASS yet, the player will be advised to complete account linking first.
- Disable 2FA: Players can disable 2FA from the Security Settings page in the LI PASS Account Center. Once disabled, players will no longer need to verify their identity with their registered email address when logging in.
Device History
Device History is a standard security function provided by LI PASS. From the Device History page in Account Center, players can monitor the detailed login behavior of their accounts at any time and take immediate measures when suspicious activity has been detected. By monitoring their device login history, players can ensure that only authorized devices are accessing their account. If unauthorized access has been observed, they will be able to take immediate action to prevent further security threats.
The device login history function allows players to view the login activity on their LI PASS, including the following information:
- Device type and model: The type (such as mobile phone, tablet, or computer) and specific model of each device is recorded.
- Login time: The latest login time of each device is displayed to help players identify suspicious activity.
For login records of new devices, a red dot is displayed to indicate that attention is required.
Log Out Of All Devices
The Log Out Of All Devices function allows players to quickly log out from all logged in devices except the current one. This function enables players to immediately protect their accounts from unauthorized access when they detect suspicious activity or lose their device. If suspicious activity in their account has been detected, or if the player is no longer able to access their device, they can log out of all devices with a single click to immediately log out of all sessions.
