Not open for further replies.
Players have been understandably expressing concern about account security in light of account-theft reports on social media.

Two-factor authentication for MTGO is in active development, but in the meantime, please remember:

Players with a strong MTGO-only password that they have never shared or exposed aren't targets of account theft—having such a password should be part of every player's account security.

Until we can deploy two-factor authentication, awareness of how passwords are stolen is a player's best defense against account theft. Here are some critical mistakes to avoid:
  • Password Re-Use: There have been no Magic Online data breaches under Daybreak, but a data breach or bad actors on a website where you have re-used your Magic Online password can lead to bad actors trying the password elsewhere. Never re-use your Magic Online password or one similar to it.
  • Password Sharing: Whether given intentionally to friends or unintentionally to phishing and social engineering efforts, sharing your password with any person or entity puts your account at serious risk of theft.
  • Password Strength: Accounts with passwords that are guessable, short, or overly simple are at greater risk of theft. Make your password strong!
Password strength and care are the common threads here. Change your MTGO password today to a unique, complex alternative and never give it to anyone or enter it in anything other than our login screen or Help site. Players who do reduce their risk of account theft to near zero.

Should you suspect your account has been compromised, you can log into to file a Customer Service ticket. If you are locked out of the account due to a compromise in progress, you should create a brand-new MTGO account and then log into the Help site with those credentials. Contacting us via social media can help, but that generally isn't quick enough to stop an event in progress.
Not open for further replies.