Feedback and Suggestions (Path of Exile 1) - [Suggestion] Accounts Security (easy?) Improvements - Forum

Recently was a lot of posts with accounts hacked/compromised etc without triggering email code etc: Spoiler https://www.reddit.com/r/pathofexile/comments/1ry57q4/got_hacked_today/ https://www.reddit.com/r/pathofexile/comments/1ry4z45/got_hacked/ https://www.reddit.com/r/pathofexile/comments/1rw0pcs/another_sad_story_i_got_hacked/ https://www.pathofexile.com/forum/view-thread/3922348 https://www.pathofexile.com/forum/view-thread/3922154 https://www.pathofexile.com/forum/view-thread/3919039 https://www.pathofexile.com/forum/view-thread/3923173 https://www.pathofexile.com/forum/view-thread/3922351 https://www.pathofexile.com/forum/view-thread/3921023 while i don't fully understand why email code not triggering and sources of this compromised accounts(maybe some website leak with same email/passwords used) but a lot of users got suggestion - to remove their email/password from website and leave only steam as valid login option, [Removed by Support] a lot of poe2 and even some poe1 users - got game from steam and steam their only way to login - so they naturally don't have any email/password so - why changing associated email address from empty to new - is easy as just - add any you want without any 2nd confirmation if your login is only from steam this issue it seems to me should be easily fixed - just request login with steam again when trying to add email and you didn't had previous one Spoiler this is already "partly" implemented when you trying to export data - it requires re-enter email/password - but funny that if you don't have email/password and steam yours only login method - export data still requires email/password - so steam users can't export their data) - or if steam your only way to login simply remove option to add email Spoiler and if any one with steam-only account will want to re-add email - they should contact support and confirm that they own steam account Last edited by WarrenT_GGG#0000 on Mar 29, 2026, 1:36:52 PM Last bumped on Apr 1, 2026, 4:30:11 PM	Posted by Shidzy#7790 on Mar 29, 2026, 1:32:04 PM Quote this Post
+	Posted by ZUCKER#3890 on Mar 29, 2026, 2:24:08 PM Quote this Post
" WarrenT_GGG wrote: [Removed by Support] Removed by support was example of email message where support recommends to not remove email/password as this leaves account vulnerable to session theft where hacker then can set your email to any they want without any restrictions and post suggests how this can be improved Last edited by Shidzy#7790 on Mar 29, 2026, 3:50:41 PM	Posted by Shidzy#7790 on Mar 29, 2026, 3:21:13 PM Quote this Post
My mistake, this is already implemented, " After choosing an email you will be directed to Steam in order to authenticate your request. Once complete, an email will be sent to you to complete the email linking process. i thought that steam confirmation should be before i click connect. but now im not sure why when you contact support to remove email login method and leave only steam - they almost always mention that it is not safe and someone can add any email if they stoled session, this can be only if they stole steam session also?	Posted by Shidzy#7790 on Apr 1, 2026, 4:30:11 PM Quote this Post