The Pokémon Trainer Club (PTC) login is pretty darn infamous for being inconsistent and not as reliable as Google’s authentication. Well, we got some bad news to all those trainers who use PTC.
An experiment was conducted to test the level of security that PTC provided. In the experiment, trainers changed their PTC password on their computers. They waited till they received confirmation on their emails as well.
Next, when they opened the game, to their surprise they were greeted right into the game, without any “failed to login” prompt, which kind of makes this a cause for concern. There were no such problems reported when they were trying the Google authentication method to login into the game, which is a good sign at least.
Well, this piece of info, is a major cause of concern, on conducting further research on this, as to why the Google authentication works fine and why PTC fails, it is evident that problem is due to usage of less secure protocols from PTC.
What are the potential dangers of this? Well many actually, one particular one that comes to my mind is the fact that. We have heard that many trainers exchange their login info with other trainers across the globe in order to obtain region exclusive Pokémon, that will help them in finishing their PokéDex. For trainers using PTC, this is no longer safe as misuse of your account could get you shadowbanned from the game.
Now, that is where things start going a little shady. Many cyber security analysts seemed to have identified the problem with PTC, it is not a big issue. Rather a poor implementation that is causing the issue. Commonly to protect the user’s credentials, many authentication services use security tokens which are generally stored in the device for a while. These tokens expire after a certain duration of time, like a couple of days.
If the authentication service (PTC in this case) does not execute a forced expiration of the login token used then such an issue might arise. Well, the solution is pretty darn simple, we need more robust services from PTC.
Please do not confuse this with a problem from Niantic, this is an issue caused due to PTC and likely more robust techniques will be rolled out soon enough.