My account has been hacked from this client

[jordancoles]

Sounds like you got raided and they bashed your HFs or took over your personal claim so you got wilderness spawned

I doubt you were hacked in this case

[Fostik]

It's really really bad experience, it's really a shit. Why you dont put a check system from other devices?
for example when you enter in Amazon account, they always want a check if you enter from other device

Have you checked logins here?
https://www.havenandhearth.com/portal/profile-sec

[loftar]

I'm not sure about the implied timeframe or if you're referring to some other account than the one you're posting from, but over the past couple of days, you have only been logging in from one pool of dynamic IP addresses, which is also the same as that which you're posting from, so it doesn't look like you've been hacked.

Have you checked logins here?
https://www.havenandhearth.com/portal/profile-sec

That doesn't actually list logins, only active tokens. Though I have considered adding a log of last logins (and other security-related events) to it, since these questions pop up every now and then. I'm just not sure how wise I think it is to list potentially sensitive information in a way that could potentially be used by someone who actually did hack your account. Thoughts? Opinions?

[shubla]

Thoughts? Opinions?

2FA via email or via time based token/code whatever those are called. At least as an opt in thing.

[loftar]

2FA via email or via time based token/code whatever those are called. At least as an opt in thing.

I have considered that too, but that seems like a completely separate question from the one I posed, no?

[SnuggleSnail]

Not sure exactly what you want to show, but keep in mind there's a crapload of account sharing, often even with people you're not really close friends with. I would be kinda annoyed if people got anything relevant whenever I logged into their account.

[MagicManICT]

I have considered adding a log of last logins (and other security-related events) to it, since these questions pop up every now and then. I'm just not sure how wise I think it is to list potentially sensitive information in a way that could potentially be used by someone who actually did hack your account. Thoughts? Opinions?

Not sure exactly what you want to show, but keep in mind there's a crapload of account sharing, often even with people you're not really close friends with. I would be kinda annoyed if people got anything relevant whenever I logged into their account.

I'm of the opinion the more security information available to a user concerning their account, the better. To address Snail's concern, it could be an opt in/opt out thing where using some form of 2FA could be used to toggle it on and off so someone that is hosting/using a shared account doesn't get such information out there, and someone on the account (without access to the linked email) can't just turn it on to skim everyone's connection information. Optionally, a very basic "Logged in from <your city, state, province, country) on <date/time>" might be generic enough without giving away too much.

Part of me wants to say "well, that's the issue with sharing accounts." Some games explicitly disallow it going so far as to ban all accounts as it becomes more than a bit difficult when someone eventually complains about it getting shared with the wrong individuals or the account is actually hacked. Other games provide means of sharing accounts through the login process so that the account owner remains separate from the authorized users on the account.

[axus]

Not sure exactly what you want to show, but keep in mind there's a crapload of account sharing, often even with people you're not really close friends with. I would be kinda annoyed if people got anything relevant whenever I logged into their account.

SO you're saying this is a good solution to the account sharing "problem"

[Fostik]

That doesn't actually list logins, only active tokens. Though I have considered adding a log of last logins (and other security-related events) to it, since these questions pop up every now and then. I'm just not sure how wise I think it is to list potentially sensitive information in a way that could potentially be used by someone who actually did hack your account. Thoughts? Opinions?

Yeah, as been said above, big villages meta is account sharing for special characters who is minmaxing certain stats for development in particular directions, e.g. max surv or max masonry characters shared between others. People may not want to have this information open by default.
Probably only displaying device name and location would be not that private?

Otherwise you can consider to communicate new unique login information (change of country or device) over account email, probably this is what Shubla meant about 2FA - to use any second factor that will not be available by just stealing an account.

[DreadKatak]

Looking forward to 2FA, for sure. I would definitely opt-in. This is probably the only account-required game that I play that doesn't have those security features yet.