Ubisoft’s 2-Factor Authentication, which is an additional layer of security designed to keep your account secure, doesn’t work everywhere. Although that sounds like a critical issue in need of immediate fixing, Ubisoft says that it is not a mistake.
A user on the PC Gaming subreddit made a post complaining about unauthorized access of their Ubisoft account. Upon receiving a “Suspicious Activity” email from Ubisoft, Reddit user intruder_alert contacted Ubisoft support and asked for some clarification.
After a chat with a customer support representative, intruder_alert was told that there is no suspicious activity and that the logins were probably by third-party marketing sites. This statement from the representative led many to believe that Ubisoft shares account credentials with third parties. However, that is NOT the case.
Shortly after, Ubisoft community developer Gabe chimed in and attempted to clear the air.
“First and foremost we do not provide your credentials or access to your account to any 3rd parties,” Gabe clarifies. “This wasn’t clearly communicated in the support ticket in question, and we apologize for the confusion and are looking into why this happened.”
“Regarding 2FA, currently we only leverage it in places where you have personal information such as Uplay and your account management page. So if someone has access to your email and password they can still login on other websites such as games’ dedicated pages or Ubisoft.com, but these do not have any of your personal information on them.”
The entire purpose of 2FA is to prevent unauthorized access by those who already have access to your login credentials. While Ubisoft defends this by saying these websites do not our “personal information”, they should never be able to log in to them because of 2FA.
Having an additional layer of security, such as 2FA, makes your account much safer. However, Ubisoft’s 2-factor authentication not working as it should is extremely alarming for everyone. Just to be on the safe side, we recommend you change your Ubisoft account password and, if you haven’t already, enable 2-factor authentication.