Introducing Email Verification
A few months ago, we mentioned in a blog post that we’d be continuing to roll out security features for VRChat. Today, we’re announcing another major security update: Email Verification.
In short, when users with a VRChat account first sign in on a device, they’ll be sent an email with a one-time code they’ll need to use in order to sign into VRChat. Once you sign in, your device will be authenticated, and you shouldn't have to repeat the process again for some amount of time.
As a note, users that have 2FA enabled won’t have to go through this process at all!
This change should dramatically reduce the number of accounts that are compromised, used as bots, or simply hijacked via poor security practices (like sharing your account information with another user).
This feature won’t go into effect for all users instantly, as we’ll be slowly rolling it out over the next few weeks to ensure that our systems work properly. We’ll be enabling the feature for select users today, and adding more in as we feel comfortable.
Why is VRChat Introducing Email Verification?
For three years, VRChat has allowed users to opt into 2FA, or two-factor authentication, on their accounts.
2FA provides an extra layer of security for user accounts. Whereas users’ accounts are typically protected with just a password, when 2FA is enabled, users have to also enter in a special generated code from an app like Authy or Google Authenticator.
When it comes to protecting your account, there is no better way to lock it down than to enable 2FA – and we’d encourage users to still do so!
Yet, we know that despite how powerful of a tool 2FA is, not all users will enable it.
Unfortunately, this means that many users have left their accounts unprotected. This has led to thousands of compromised accounts.
We’d like to put a stop to this.
To do so, we’re introducing Email Verification.
When Will Email Verification Be Turned On For My Account?
This isn’t going to be an immediate change for all users. We’re going to slowly roll this feature out over the next few weeks – so don’t worry if you don’t immediately notice a change! As mentioned in the introduction, we’ll be enabling it for the first set of users today, and then increasing that number in the coming weeks.
During this time, it’s entirely possible that you might have Email Verification switched on, but your friend won’t. Eventually, after a certain amount of time has passed, everyone who does not already use 2FA will have this feature enabled.
Looking Forward
As we mentioned in the previous security update, we can’t always talk about the security changes that we’re making – but that doesn’t mean we aren’t always working to improve the security of the platform.
There are still more updates to come, although we aren’t quite ready to talk about them just yet.
For press or media inquiries, please contact [email protected]
We’re hiring! Check out open positions on our site