Dangerzone

I think the calculator analogy is almost spot on. Think of it this way: I say to you you’re going to have a unique code. Let’s say it’s 123456. From that unique code, I need you to add the year, the month, the day, the hour, and the minute. you will always have a different number to everybody else, because of the unique code you started with, and someone having a different one. every minute you will get another unique code. That’s all this 2FA app is doing. The summing is a little bit different but at it’s foundation it is only a calculator with a clock. It doesn’t use internet communications. It doesn’t use mobile network. It doesn’t communicate with a server. There’s nothing for someone to intercept and hack. So what security vulnerabilities are left that could be that you consider risky? This isn’t a web service app. It’s a local pc app. Respectfully, in this instance I don’t think your point comes from a true understanding of the security side. I would suggest trusting (or not) pc apps based on compile date is a very poor way to base security. One needs to know what the app is doing for potential venerabilities. I’ll try to elaborate to make it clear as I would consider apps like lastpass or Google authenticator more risk because they are web service in that they tend to store your key in their database (and we’ve seen how cloud databases can get hacked in the past). But that’s just me. I acknowledge even that’s so unlikely it’s not a real factor. But even so, this app has none of that, so it could be argued that even with its age it’s more secure than modern “phone home” apps. This app only stores data locally only on your own PC. How secure it is is up to how well you maintain your own PCs security. If your worried about someone hacking the app, you’ve got bigger issues to worry about as they’re in your PC. In the end I don’t care what people use, I’m just trying to clarify some misinformation and unrealistic concerns here by giving people better information to make their own informed choices based on a better understanding of what all this is.

I’m not sure of your point? 2FA is set. There’s no need to update it. The algorithm is the algorithm. I can use a 20 year old calculator app and get the same answer as a modern app. Winauth was mentioned simply because it’s proven and for the KISS mentality and It’s open source too. But if you’d prefer something else, go for it. The beauty with this kind of 2FA is that it’s effectively public domain and there’s tones of options. If you don’t like any of the many other apps, you could go as far as applying the algorithm and write your own app. I’m not sure. I agree that the web page could be more informative. I understand the hesitation to use Google anything. One of the reasons I use Winauth.

Yeah - that makes it a bit more difficult. Possible solutions may be: 1) ED allowing the same 2FA to be linked to multiple accounts, or 2) Contact ED Support and see if they will migrate the licenses onto a single account. (Given that this 2FA is a new thing, even if you've tried this in the past and were denied, they may be willing to reconsider this time). In either situation, your scenario sounds very unique, so I doubt ED are going to change their options to suit such a unusual scenario. The better bet would be to see what they can do to assist you in getting into a more comfortable setup that's more inline with how the purchases are designed to be.

Same here. I had the X56, ended up having the ghosting signal problems (switches executing without me doing anything), the friction problems, and the throttle 'falling' on it's own. One of my biggest PC regrets I've had after going to VKB and VIRPIL combination. X56 is definitely cheaper, but the ratio of cost/quality is disproportionate. It's quality is far worse than it's price tag should allow for.

You do not need a smart phone, nor tablet, and you can configure 2 factor authenticator. You don't need to use Google Authenticator. I'm assuming you have a Windows PC because you play DCS. If so, check out https://winauth.github.io/winauth/download.html It's free, open source, generic authenticator that can be used with ED/DCS. Simply click the add button, and copy/paste the manual code into this application. My recommendation is to either print and save the manual codes somewhere (so you can use them later if your PC crashes and you lose access), or otherwise setup 2FA on at least 2 separate devices so if one crashes, blows up, is stolen, etc - you still have authentication options on the second device. Edit: It seems that the biggest confusion with all this is that ED's page says "Download Google Authenticator Here". This is giving the uninitiated a wrong impression that Google's authenticator is needed to use 2FA. It's a pitty they've worded it like that, and hopefully they will change their page. However, you don't need Google's authenticator., Any authenticator that supports the algorithm (such as WinAuth) will do the job.

Just FYI - 2FA isn't restricted to one device. I never have my 2FAs on only one device (as I have the same concerns as you - what if my phone is lost or stolen). Using either the QR code, or the manual code, you can have your 2FA on multiple independent devices. I normally go with my phone, as well as an app on my main PC (at a minimum). This gives redundancy/backup.

Do you mean your 'in game' name, as that's about all people will see. I don't think anyone (from within DCS) has any access to your actual account login name for the ED website, unless you give it to someone to 'gift' a game to you. Just go into DCS-> Multiplayer, and up the top right corner, click on your multiplayer name (or the icon next to it) to change it to what you want.

OK - I just realised it doesn't need to be a pain. I'm assuming you have 2 accounts because one is for a server, and the other is for your actual gaming? Firstly, it looks like ED is only requiring 2FA for trial licenses, Thus, you don't need 2FA on your other account(s) such as server accounts - only the gaming account that you want to do trials with. (And I'm assuming you only have one of those, otherwise you may be breaching ED's T&C). This means that ED only require you to have 2FA on one account. (The one that you'll be doing trial licenses with). Secondly, it's worth noting that ED gives you the option to disable 2FA as well. So, you only need to activate 2FA for the time that you want to trial the new module. Once you're finished, you can disable 2FA.

It works off the device's clock. That's all it needs, an accurate time piece. (Plus the original unique encoder code that was used to set it up, which ED provides you both with a manual text version, and a QR code). Sorry, but that is completely incorrect. It can be used without a smart phone. (See my post above, I've already done it) Still requires a "smartphone" That is incorrect. Check out WinAuth for a non-mobile phone option. You don't need to put an app on your phone. Use a non-phone 2FA app if you want. See WinAuth as one (of many) free, open source, PC friendly alternatives. This is the first concern I've read on this forum that actually has some credibility. Maybe it might be possible for ED to allow us to specify our own manual code, or use the same QR/manual code on multiple accounts, so only one 2FA code is required. But that aside, most 2FA applications out there allow you to have many 2FA's displayed simutaneously, so it's not like you need to have a separate app for each one. I've got a 2FA app with probably 15 different authenticators 'in one'. Maybe ED would consider though allowing us to link accounts for a single 2FA? Aaaah - now the penny has dropped. People who don't understand 2FA are seeing "Download Google Authenticator" and are going "Hell No!". OK - I understand. If I didn't understand how 2FA worked, I'd probably be concerned/confused by that as well. Maybe ED needs to change the website to make it a bit clearer that google authenticator is only one of many options available.

I'm not sure if I'm missing something here, but my understanding of 2FA (in the way that ED is implementing it) is very different to what people are sprouting here. Half this thread seems to be giving miss-information. Here's a few things that are needed to clarify the 2FA authenticator method that ED is using: 1) It does not have to be linked to your mobile phone number, or even your mobile phone. 2) You are not forced into a particular application, or company. (It's a open algorithm) 3) You don't have to pay for applications in order to use it 4) You can use a free, stand-alone, open source 2FA applications on your PC if you want to go that way (see below) 5) You do NOT need an internet connection, or mobile phone network, or anything to use 2FA. The only requirement for this method of 2FA to work is that the device you're running the application on (whether it be phone, PC, or some other device) has an accurate clock. In the same way, I don't see how this has anythign to do with ED not trusting their customers. It doesn't help them trace anything back to you. It only confirms future logins are from the same person who setup the 2FA option to start with. It makes the users account more secure (which maybe in turn, makes things more secure for ED - I have no idea how many hacked accounts they're dealing with, and maybe this is the way to get more people to start using 2FA). But all the objections I've read here seem to either account to many people having no clue what 2FA is (they're worried about being forced to reveal phone numbers, or use smart phones, or use Google, of which none of this is true), OR I'm missing something big here. So my question is this - WHY is 2FA a "deal breaker" for so many people? (I'm genuinely wanting to understand). Is it that there is great misunderstanding of the 2FA that ED is using, or otherwise what am I missing? As for free apps you can use that don't require a phone, try WinAuth https://winauth.github.io/winauth/download.html Instead of scanning the QR code, just copy and paste the manual code given by ED into the app.

No, I don't believe they do sorry.

With pedals, HOTAS and in VR - it is absolutely brilliant! I hope you manage to get good rudder pedals one day. I currently use the VKB T-Rudders and find precicion inputs a breeze with them, being able just to use my toes.

OK - I've just found the problem. For some reason, under the Options->Misc tab, there's a checkbox called "Force feedback". This was checked. Unchecking it seems to have resolved the problem.

I have real rudder pedals. My problem is that the trim doesn’t seem to work. So when I push my cycling forward and then press the trim button, I’m expecting to be able to return it back to Center and still have the helicopter fly forward. CTRL T seems to be completely ineffective. Or are you saying that the force trim in the Huey only relates to rudder, and not to the cyclic like it does in other aircraft?

It’s turned off. Does it need to be on?

I know this is going to be simple, but for the life of me I can't seem to get the trim to work in the UH-1. I've tried all 3 trim options (even though centre/spring should be the right one). Pressing CTRL+T, or assigning it to a joystick button, or even clicking the physical trim switch on the collective all seems to have no effect for me. Does anyone know what I might be doing wrong where I'm unable to trim the UH-1 out please? (I've checked, and have also tried force trim switch both ON and OFF. I know on is correct, but without being able to get it to work I thought I'd try both incase something was flipped around, but to no avail). Cheers DZ DCS-UH1-Trim.trk

While I agree with you, it's not the world we live in. Look at the bloke who got accused by an Amazon delivery bloke of being racist. Amazon suspended his account. His house was wired up with Alexa, and he could no longer use it. I'm guessing any movies he purchased from Amazon were also off the cards from watching, as was any audiobooks, kindle books, etc. Later, he was proven innocent and Amazon reinstated his account. We're talking DCS and single point of failure, but honestly, ED is the least of my worries. How long until Microsoft decides to do the same as Amazon? They're pushing users to have online accounts for logging in to a "Personal Computer". Is it only a matter of time before they suspend someone's account like Amazon did for breaking their terms and conditions that keep changing consistently, and we're told if we don't like them, we have to stop using the devices that we purchased, even though the purchase at the time was under a different T&C. I suspect I'll loose DCS because of 'someone else' before I will because of ED. Then there is of course Paypal who went as far as bringing in conditions that they could take $2,000 from your bank account if you posted 'false information' online somewhere. Yes, they reversed that relatively quickly, but I haven't held a paypal account since. Honestly, these things need to be before a senate hearing, and legislation brought in that they can't simply take what someone has purchased because 'they don't like' something they've done. If it's legal by law, they should be able to do it without worrying about 'big business' coming to force their social justice upon people. But my rant aside, if ED can tweak it so that authentication credentials aren't cleared when DCS 'crashes' out when their authentication servers go down, we're doing very well with ED. They look after us far better than these other companies we rely on. At least ED give us the option to go 'offline' permanently. Try doing that with Windows 11. Sooner or later windows will 'Deactivate' itself because you haven't been online and it can't quadroople check you're not running a pirated copy of windows. Yes - it's quite some time, but eventually, it switches to requiring activation again. Any electronic license you purchase these days seems to be subject to this potential flaw, but ED is the least of my concerns. What happens if you click CANCEL?

When it fails to authenticate, just click CANCEL. That's when it should give you the option. I mentioned in another post, the only exception I know of this (at least in the past) is it may erase your cached details if you're already logged into DCS and you're kicked out when their authentication servers go offline. That's the only scenario I've encountered where I've been out of luck until they come back online. Whether that's still the case I'm unsure of, but it sounds like it may be.

I believe this is a separate issue. Switching to offline mode is authenticating your PC for permanent offline access. What I believe happens is that when you choose this, it will connect to your account, confirm your credentials, and tag your account as being used in 'offline mode'. (This stops people from going to other computers and doing the same thing and having multiple friends all play offline with a single accounts purchase). The only way it can do this to start off with, is to be online to validate first. Then, once you're in offline mode, you should be able to stay in that forever, without having to worry about any credential checks, etc. If you want to escape to a bunker and live the rest of your days out there (and let's face it, that's been more appealing in the last few years than ever before) - this would be a viable option. Same thing if you're going sailing around the world and want to use DCS, etc. Offline mode is not designed for issues like internet connection being down, or server maintenance, etc. In those instances, a cached copy of your credentials works on your computer exactly as you have mentioned. When you get to the 'cannot authorize' screen, click on CANCEL, and you should get a window saying "Authenticated for 2 days and 23hrs. Multiplayer is unavailable" (or something similar) The OP here seems as though they were using Offline mode exactly as designed, and for some reason it glitched out. In your situation, do not attempt to switch to offline mode. Just click on CANCEL and it should let you load DCS. Edit: (The only exception to this is if you were already in DCS and got kicked out as a result of their server going down. In that case, I think it will clear your local cache, and your stuffed until the server's come online. There's another post describing this here )

Yeah, that second part isn't cool. I would be expecting a message along the lines of "Authorization is valid for xxxx. Multiplayer is not available" or similar. I guess even so, you should still be able to access the mission editor if that's what you were working on (maybe). I reckon I had the same problem as you though another time. Was working in ME, and then was booted out because the authentication servers went offline. I'm suspicious that: 1) DCS continually calls home after activation/logging on to reauthenticate periodically (hence you getting kicked in the first place), and 2) There's some trigger that once you're kicked, your authentication cache is deleted. I don't understand enough how their anti-pirating stuff works behind the scene. I would have hoped that if the server could no longer be contacted it would give a grace period, or that there could be a secondary DCS server up that would advise 'under maintenance' and that DCS could check in with that server and if the under maintenance flag was up, it would allow DCS to continue (without mutiplayer). But I'm also aware that depending on how they've coded this, it may not be a simple 'we'll just whack this in', and such options could create more problems in other areas. It'd be good to have some official feedback on this.

I think there are two different scenario's. You should be able to launch DCS in 'online' mode, even though their servers (or your internet connection) is offline. You should get a 2 day grace period when you do this. However, the ability to 'switch' to offline mode (which is a permanent-offline mode IIRC) does require you to be online first. I believe this is by design for security measures. Otherwise, there would be nothing stopping someone from installing DCS on a friends computer, then disconnecting their PC from the internet and choosing "Offline mode", and that friend having a permanent activated copy of DCS on that computer. By being online, the account is told "this PC is registering at offline mode" which I believe will stop any other computers from being able to use that same account until it's switched back to 'online' mode later. So offline mode isn't for 'temporary offline' connections like now, or when the internet goes down for a few hours. It's a separate feature that's designed for 'permanent offline', so a user is able to take/keep all their modules and use them if they're going to no longer have internet access. (Anyone - Please correct me if I'm mistaken).

I thought if the server was down, it gave us a 2 day 'grace period' from when we last authenticated correctly. I'm not sure, but my first 'guess' is that maybe because you were already in the game when the server went down, the 'kick' it gave you has trashed the grace period somehow. If this is indeed the case, and users already logged in are unable to use their product if they're kicked like this - I would like to see this 'tweaked' so that in future, once you're authorised and in-game there's no kicking out. Or - if you are kicked out and attempt to get back in, you get the standard 2 day grace period like we normally do if the internet connection is down, etc.

Agreed. We know it contains issues, and doesn't work as we would like it. But it doesn't mean it's not usable either. For short track files (and reporting bugs to ED), it's invaluable.

This is pure speculation, but my guess is you won't. I'm guessing focus is probably more on the 'Dynamic Mission Campaign Engine", which will probably completely replace the need for any of this.

It might be worth posting your location and/or time zone, plus best availability time so you get replies closer suited to where you are.