Latest News

SPOT THE BALL SECURITY PART 1: WHAT IS SESSION SECURITY AND WHY IT MATTERS

  • January 6, 2020

The more sophisticated the security measures, the more thought-through the game mechanics on your competition, the more challenges it will invite. Some go straight to brute force solutions and attempt to hack the site and its systems. But that is easily addressed as we already discussed in previous articles. Others try to bend and play around the rules: using multiple devices and login sessions to trick the system and duplicate their skilled game entries. That’s not hacking, strictly speaking and yet it possesses a threat to the integrity of the game.

How should a skilled game competition site address that?

Session security is an important consideration in the design of any system that requires communication between a server and a client. Improper security can lead to user accounts being vulnerable to unauthorized access. A couple of years ago it was considered the second biggest threat to online security. With GitLab and Facebook vulnerable and losing account data by the millions.

The danger is even truer for competition site – along with privacy issues, payment data, you have to worry about the integrity of game mechanics and the trust of the players. It’s hard to persuade your customers that they can win prizes if they use their skills while someone tricks the system.

Existing detection methods rely largely on heuristic algorithms such as tracking sudden changes in IP addresses and browser (or mobile) fingerprints and flagging “unusual user behaviour”. Unfortunately, these methods themselves can be inaccurate, easy to spoof and difficult to implement. That is why a team of experienced security specialists who understand the specifics of competition sites is vital.

Case in point: one of the competition site users logged in on both his phone and PC and simultaneously played Spot the Ball game on both to get unlimited attempts. Such blatant disrespect to the other players and playing against the organizers has immediately caught the eye of Tentacle’s specialists and the issue was addressed in a matter of hours. The integrity of the game and the trust of the customers has been preserved.

Tentacle Solutions has developed methods and strategies to protect their skilled games from these threats – a login authenticating management system that prevents users from logging in multiple times or from different devices to prevent roaming users from abusing the login sessions and playing around the rules of the game. If your company considers utilizing a secure game of Spot the Ball in its gamification marketing campaign, make sure to drop a line to Tentacle Solutions – 80% of the skilled games on the market have been developed by Tentacle for a reason.

In the next part, we will address different methods of securing your competition sites integrity via session management - authentication management, application of tokens instead of passwords, token encryption, social sign-in and how to choose between them and better – how to combine them.

The danger is even truer for competition site – along with privacy issues, payment data, you have to worry about the integrity of game mechanics and the trust of the players.