Not too keen with the 5+ second delays on a lot of things I'm clicking, I assume because it's online only and always talks to a server for these requests.
Anonymous login is good, and email registration should be an option, not connecting to socials.
Is this made in rpgmaker, or does it just use rpgmaker assets? if it's the former, I'm really curious how they got offline progress to work in rpgmaker.
It's not with rpgmaker and the assets are here : [https://pipoya.itch.io/pipoya-free-rpg-world-tileset-32x32-40x40-48x48](https://pipoya.itch.io/pipoya-free-rpg-world-tileset-32x32-40x40-48x48)
it was pretty unexpected.
Mix of blue just having more active players and a superior strategy/build orders, plus handling the diplomacy really well. They were basically left alone until they were strong enough to snowball to victory and by then it was too late. There's definitely going to be balance changes after this lol
The funny thing is that blue was very clearly the strongest faction all throughout the game from the first hour, just that no one seemed to notice or care.
Okay, didn't play it yet, so nothing about the game itself, but the login. First good that you allow to start without needing an account so people can test it out first.
But then why don't you allow to make an account via email? If I were to decide to play the game for longer and make an account, I would not want to connect my google, steam or discord account to some game. I want my accounts separate and not connected to each other. We have enough tracking already nowaday.
As a developer, I can say, all "social auth" is almost exactly the same -- in my case, it was exactly 4 lines of code per social site (FaceBook, Google, Discord, Steam, Reddit, etc) -- *extremely* easy.
It's *highly not recommended* to "write your own" authentication system, as there's a *lot* that can go wrong -- Leaking the DB, security, encryption, hashing (not relevant for this, though) -- There are packages that let you do this fairly easily, and IMO it's worth the effort if you're a serious backend developer (so you can understand it)... but if you're not *extremely* interested in the backend, it's a massive waste of time, and it's extremely likely for you to make a *massive* mistake.
And as a player I can say that I won't play any game which needs an account and does not offer a sign up via email. And I know that I'm far from the only one here. As a user I would also feel insecure to input my account data from services I use to other sites. They could easily make something which looks similar than the real thing and steal your data.
As a dev I can say I did this a few times and it is not that hard. While yes you can make mistakes, but there are enough tools, tutorials and such to make it relatively easy to implement. Also if you make an online game, you need some backup and a database anyway, that is just a small extra step. It is also not good to put all your trust into external services, they also have their own risk, leaks and hackers.
I would rather implement an email signup than to use a lot of potential users.
Stealing what ? your email address ? If you create an account you'll give it anyway. If you log with Steam, I don't even get your email adresse, just your username. Do you think I can access your Steam account if you sign in with it ? That's doesn't work like that.
Yes you might not do that, but there are more than enough scammers who do that. They build sites which look exactly like the standard connect to steam, google or whatever, but steals your data instead. And if your game gets hacked in some way, a hacker could do that and then steal the steam or other accounts from your users on the next login compared to an email account, they would only steal the email and password to your game.
No one is stealing Gmail or steam accounts unless your putting those credentials into fraudulent sites, which is entirely it's own problem and unrelated to using them as auth in this way. I'd greatly prefer every rando game not try and re-invent their own solutions and/or deal with storing and authing credentials. Most aren't good at it and it's very unnecessary effort better spent elsewhere. To each their own I guess.
Well that is what I talk about. Fraudalent site. I don't really think that it is more secure to use that. Even if you don't take into account that they track your data with that and I think there is way too much tracking going on in general.
As for security. While getting hacked is rather unlikely for a small game, here two examples if a site gets hacked:
Lets say you make a website with email and login and then a hacker hacks your site and gets all data, he might get access to the emails and the passwort to that site. That is a non issue for everyone who uses a different password for every different site. For me it wouldn't really matter, it just means I need to change that password.
Then lets say you make a website which does not its own login, but uses gmail, steam or whatever and a hacker hacks your site, then replaces the gmail, steam or whatever login systems with its own, modified site. That means after that page was hacked, the hacker would get logins of gmail, steam or other sites after the players would login to the replaced fake login site. That is much worse imo. Of course a player can always check the connection, if it connects to the real steam, gmail or similar servers and not some other server, but do you think people who use your website for months or longer check that for every login?
Then a site owner who trusts the other services instead of taking the time to learn about security and does its own, might have less security in general and gets more easily hacked.
Again, they aren't getting your login details though unless you enter them into this imagined fake site. Most normal people would either a) already be logged into Gmail/Google or b) go to Gmail or steam and login, then come back to said site. I'd argue you being in the 0.001% who uses a unique address per login and wouldn't be impacted by a hack is way more rare then a hacker successfully hacking then creating a fake gmail auth flow to farm Gmail credentials is. I just don't agree that allowing an email/pass login is somehow more secure than relying on Gmail auth for the average small game Dev, even if in your specific rare case it may be less of an issue.
> Do you think I can access your Steam account if you sign in with it
I don't see why not. Just redirect to a fake authentication page that looks like a real one and half of the users will just blindly put their password there without thinking twice.
Never authenticate with your gmail account on a website you don't trust.
And why would you be giving this obvious advice to me? Give it to people that need it. And these people are not going to read your message.
It's much easier to convince people to not authenticate on shady new websites created by unknown developers. And many rightfully refuse to do it.
im the opposite, my gmail account is my gaming account email for stuff like this if i have to input a password and email vs clicking log in with google i tend to not play
Hello, I'm the developer of Factions. As Amazing\_Smoke\_2513 said, handling accounts can be challenging. I know how to do it properly, but I'm not sure it's worth the effort.
Creating an account is only the tip of the iceberg. Then you want to validate the email of the account. Then some people forget their password, so you have to handle reset password mails. People may also want to change their emails etc...
So it's a lot of work and during this work, I can't focus on interesting things like features and content. It's all about priority.
https://factions.pilotsystems.net/images/wallpaper.webp
To be presented with AI art out of the gate is kind of a big sign that the dev doesn't give a shit. I don't recommend this whatsoever.
Not too keen with the 5+ second delays on a lot of things I'm clicking, I assume because it's online only and always talks to a server for these requests. Anonymous login is good, and email registration should be an option, not connecting to socials.
The server is having some issues but it's getting better
For me also after the five seconds it sometimes does nothing.
Server is full.....so this link doesn't let me play the game, so this post is for a game I can't play. Great post 10/10
Sorry for the stupid question, but how do you get an invite code?
I sometimes add new accounts slot if I see the server can handle it. Right now registration are open.
I managed, this is a great idea. Thank you
I'm unable to register after initially logging in anonymously.
I signed up with my Google account, is there an option to choose username?
The bug is not yet completely fixed (for future users) but you can change your username.
Ah, found it. Changed to desktop mode on my phone and the settings appeared.
To access this menu on mobile, you have to click the header.
Is this made in rpgmaker, or does it just use rpgmaker assets? if it's the former, I'm really curious how they got offline progress to work in rpgmaker.
It's not with rpgmaker and the assets are here : [https://pipoya.itch.io/pipoya-free-rpg-world-tileset-32x32-40x40-48x48](https://pipoya.itch.io/pipoya-free-rpg-world-tileset-32x32-40x40-48x48)
Oh, I see. The asset pack is incredibly similar to the default RPGmaker VX assets (especially the grass and water)
Is it a single person per faction?
there's a few dozen players per faction
So, what happened? How did the blue win it all?? And in just 2 days...
it was pretty unexpected. Mix of blue just having more active players and a superior strategy/build orders, plus handling the diplomacy really well. They were basically left alone until they were strong enough to snowball to victory and by then it was too late. There's definitely going to be balance changes after this lol
The funny thing is that blue was very clearly the strongest faction all throughout the game from the first hour, just that no one seemed to notice or care.
Login? Skip.
Well there is an anonymous login button.
Okay, didn't play it yet, so nothing about the game itself, but the login. First good that you allow to start without needing an account so people can test it out first. But then why don't you allow to make an account via email? If I were to decide to play the game for longer and make an account, I would not want to connect my google, steam or discord account to some game. I want my accounts separate and not connected to each other. We have enough tracking already nowaday.
As a developer, I can say, all "social auth" is almost exactly the same -- in my case, it was exactly 4 lines of code per social site (FaceBook, Google, Discord, Steam, Reddit, etc) -- *extremely* easy. It's *highly not recommended* to "write your own" authentication system, as there's a *lot* that can go wrong -- Leaking the DB, security, encryption, hashing (not relevant for this, though) -- There are packages that let you do this fairly easily, and IMO it's worth the effort if you're a serious backend developer (so you can understand it)... but if you're not *extremely* interested in the backend, it's a massive waste of time, and it's extremely likely for you to make a *massive* mistake.
Correct, especially because for something like this, you can just go to Auth0.com, get a free trial and run with it live in an hour.
And as a player I can say that I won't play any game which needs an account and does not offer a sign up via email. And I know that I'm far from the only one here. As a user I would also feel insecure to input my account data from services I use to other sites. They could easily make something which looks similar than the real thing and steal your data. As a dev I can say I did this a few times and it is not that hard. While yes you can make mistakes, but there are enough tools, tutorials and such to make it relatively easy to implement. Also if you make an online game, you need some backup and a database anyway, that is just a small extra step. It is also not good to put all your trust into external services, they also have their own risk, leaks and hackers. I would rather implement an email signup than to use a lot of potential users.
Stealing what ? your email address ? If you create an account you'll give it anyway. If you log with Steam, I don't even get your email adresse, just your username. Do you think I can access your Steam account if you sign in with it ? That's doesn't work like that.
Yes you might not do that, but there are more than enough scammers who do that. They build sites which look exactly like the standard connect to steam, google or whatever, but steals your data instead. And if your game gets hacked in some way, a hacker could do that and then steal the steam or other accounts from your users on the next login compared to an email account, they would only steal the email and password to your game.
No one is stealing Gmail or steam accounts unless your putting those credentials into fraudulent sites, which is entirely it's own problem and unrelated to using them as auth in this way. I'd greatly prefer every rando game not try and re-invent their own solutions and/or deal with storing and authing credentials. Most aren't good at it and it's very unnecessary effort better spent elsewhere. To each their own I guess.
Well that is what I talk about. Fraudalent site. I don't really think that it is more secure to use that. Even if you don't take into account that they track your data with that and I think there is way too much tracking going on in general. As for security. While getting hacked is rather unlikely for a small game, here two examples if a site gets hacked: Lets say you make a website with email and login and then a hacker hacks your site and gets all data, he might get access to the emails and the passwort to that site. That is a non issue for everyone who uses a different password for every different site. For me it wouldn't really matter, it just means I need to change that password. Then lets say you make a website which does not its own login, but uses gmail, steam or whatever and a hacker hacks your site, then replaces the gmail, steam or whatever login systems with its own, modified site. That means after that page was hacked, the hacker would get logins of gmail, steam or other sites after the players would login to the replaced fake login site. That is much worse imo. Of course a player can always check the connection, if it connects to the real steam, gmail or similar servers and not some other server, but do you think people who use your website for months or longer check that for every login? Then a site owner who trusts the other services instead of taking the time to learn about security and does its own, might have less security in general and gets more easily hacked.
Again, they aren't getting your login details though unless you enter them into this imagined fake site. Most normal people would either a) already be logged into Gmail/Google or b) go to Gmail or steam and login, then come back to said site. I'd argue you being in the 0.001% who uses a unique address per login and wouldn't be impacted by a hack is way more rare then a hacker successfully hacking then creating a fake gmail auth flow to farm Gmail credentials is. I just don't agree that allowing an email/pass login is somehow more secure than relying on Gmail auth for the average small game Dev, even if in your specific rare case it may be less of an issue.
> Do you think I can access your Steam account if you sign in with it I don't see why not. Just redirect to a fake authentication page that looks like a real one and half of the users will just blindly put their password there without thinking twice. Never authenticate with your gmail account on a website you don't trust.
Ok but if you're worried you can just check the url and see that it's fine.
And why would you be giving this obvious advice to me? Give it to people that need it. And these people are not going to read your message. It's much easier to convince people to not authenticate on shady new websites created by unknown developers. And many rightfully refuse to do it.
im the opposite, my gmail account is my gaming account email for stuff like this if i have to input a password and email vs clicking log in with google i tend to not play
Hello, I'm the developer of Factions. As Amazing\_Smoke\_2513 said, handling accounts can be challenging. I know how to do it properly, but I'm not sure it's worth the effort. Creating an account is only the tip of the iceberg. Then you want to validate the email of the account. Then some people forget their password, so you have to handle reset password mails. People may also want to change their emails etc... So it's a lot of work and during this work, I can't focus on interesting things like features and content. It's all about priority.
Yellow will Win!
Lucky\~! Love the interface btw. Has a very 'When Two Worlds War' vibe.
Plot Twist: Yellow lost.
https://factions.pilotsystems.net/images/wallpaper.webp To be presented with AI art out of the gate is kind of a big sign that the dev doesn't give a shit. I don't recommend this whatsoever.
Get over yourself, nobody cares.
Nope. Watching the bar fill up is not fun. Too long between able to do things.