What is the best way to uniquely track a player?

Unity Engine
1

Heya,

A Unity script needs to connect to a database for basic things like tracking scores, posting comments to each other, allowing features, etc. To make this work requires 2 things: 1) a way to uniquely identify users and 2) a way to allow them to recover their user should they change devices or reinstall.

Some Ideas:

  1. Device Unique Id:

Pros: Extremely simple. Invisible to the user, just grab id (ex: UUID uniqueIdentifier, …).

Cons: User is lost if they upgrade or switch devices. Impossible to support more than one device at the same time.

  1. Device Unique Id + Generated Client Key:

Pros: Still Pretty Simple. Invisible to the user. Grab device id again, but also have server generate a client key too. If they restore the game, they will still have the client key and the app can reconnect. Using multiple devices will work in many cases if they copy their player prefs settings over.

Cons: Still pretty fragile. Hard to recover if user doesn’t backup or deletes the app.

  1. Email (or Login) + Password:

Pros: Very secure and recoverable. User can connect from any device they want, as long as they remember their login/password. If login==email, then recovery requests are very straight forward.

Cons: Very IN-YOUR-FACE behavior. User has to give an email (or login) before they can really do anything with your app. Many games do not require a login or email or password.

Maybe a combination of #2 and #3. Start with just device id/client id but strongly encourage the user to create a name/password at some point. I’ve seen lots of games that do server side database stuff without a login or anything. Are these things just fragile? Like switching devices would completely reset? Is it acceptable for a user to lose all of their time/investment this way? What about in-app purchases?

What do you guys do?

Gigiwoo

PS - Was originally posted in IOS forum here, but I realized it was less IOS and more a general scripting problem. Should have posted it here in the first place.

2

It depends on the type of game, the platform it’s on and if you have some type of RMT.

Persistent world game (like an MMO) - Email/Password.
Portal API game (like Facebook) - already needs registration on the site.
Game that might only be Leaderboards, etc - Device Unique.
Any sort of RMT/payments - Email/Password.

PC/Mac games are probably easier to deal with, hardware is not upgraded/stolen/lost as frequently as phone/tablets.

It doesn’t have to be the first thing they see when they start the game, it could just be required when they actually buy something in your RMT store or have a score worthy of the Leaderboard. Even a combination is possible, if they’ve played the game from that device before, you could skip the email/password and only request the info if it’s unidentified.

It comes down to how much time, effort and cash that player has put into playing your game. These days it’s very likely to end up with charge backs to credit card companies if they can’t access their “investment” which isn’t pretty.

3

Yeah. I’m coming to that conclusion as well. I think what I’ll do is allow them to do some things but then prompt them for a recovery email, strategically, at some point. The email can be optional but it’ll tell them they may have trouble recovering.

Thanks for the feedback,
Gigiwoo.

4

I would highly reccomend not storing information, if you can avoid it, and instead use one of the many login solutions that exist already: Facebook, Twitter, OAuth2…etc.

But if you must… How To Safely Store A Password | codahale.com