Indie game storeFree gamesFun gamesHorror games
Game developmentAssetsComics

Refunds are handled by support. I think you're supposed to request one within a week, and it might not be approved except for technical reasons, like the game not working as advertised. Both the buyer and seller can ask for a refund.

Hey is there a private chat here?  sometimes I saw the devs using it on steam, I have a question where it felt like it's not a good idea to open a discussion for that. Simple but I'm pretty careful with these things.

No, there are no direct messages on, by design. Sorry about that. If you need to contact a game's creator, see if they have an e-mail listed on the support page.

Deleted 33 days ago


Two points to add there. It is open standard, you do not need to use the google app. You can use any app that uses that totp standard. And second, sadly a 2fa will not protect your account against cookie theft attacks. Use sandboxing, like the one the itch app provides to add a layer of protection to your credentials.

(3 edits)

I'm using the app too, what do you mean with sandboxing?  

edit: Okay I think I found that, I activated the option. So you don't think I should get the extra step thingy?

Then again what is that Itch. Player extra account thing now? 

I thank you both for the help I think it's clear that I rarely have done anything like this before or at least in english/on

I could offer german to explain some things better but I doubt you understand that better? 

Anyway  Is there a phone number or email here that I should remember in chase something happens at some point?

(1 edit)

Sandboxing is a concept. It means running a game in an environment, where it does not have access to critical things. Games that run in a browser are sandboxed. Games that run on Android are mostly sandboxed. Games that run on an admin privileged windows user account are the opposite of sandboxed.

You asked for authenticators, so I assumed you are interested in security. Trying out new and indie games exposes you to amateur level developers and if you are unlucky, to malware. It is of course mostly a Windows problem that exists for decades. Any malicous programm could read the cookies of your browser. And any badly programmed app could mess with your system settings, or leave clutter at places where no clutter is supposed to be.

The sandbox method the itch app uses is to create a new user that has not the right to read the files of your main account. The game when started by the itch app runs as that user and only can mess with the files of that user.

If you use 2fa, print out the scratch codes. They are needed to restore your account, if you lose your phone with the 2fa app.

Regarding dangers on itch, you might be interested in

quote from the itch creator: "On, it is safe to view the page, but do not download any untrusted software" "Treat any page you encounter with suspicion if you are unable to vet the creators in any way."

This goes for pages encountered in recent or by random browsing as well. Scammers spam their malware and not all gets cought in time before some unsuspecting user finds the page. Some of the games in your collections went missing, because they were malware - if you are the type of user that puts games in collections to view later. Others are missing because the developer deleted it, or other reasons.

You  are right and I have to admit I get slightly confused now. I wanted to start paying for stuff or when I reached a certain amount payed I thought maybe I protect the account a bit better. So i wanted to know what I need for that. 

From what I understood you think sandbox mode is enough right? I think I understood that concept now. 

I just have the question if I have to go trough any complicated or "make a new second password" situations when  I allow to run with that second account your spoke about.

I have it on another gaming client that two step authentificator and know it as something that helps to protect your account. I'm however  rather unsure in situations like this and it felt like here it's more complicated.

Soooo when I pay for stuff or payed enough I want to protect my account and my games,  well naturally everything else too if you can help it you know.  I lost my train of thoughts, but I wanted to see what I really need since I hate all that download 20 apps even when your phonw is full or create 25 accounts stuff. 

My stuff wasn't always this sorted so I might be just a bit  worried I have to search for hours for a stray password again.

I hope it's still clear what I want now and I haven't explained to much.


Sandbox is just a tool, that is cheap to use. That soft sandboxing is little effort and when the itch app handles it, it should be easy enough. If you manually set it up, you would have to shift right click the exe and select run as, and enter password and user. I would not use it to test suspected malware. But rather as a precaution, like driving with a seat belt, even when not expecting a car crash. And just like a seat belt, it will not protect against driving from a cliff. It protects against user level attacks, like stealing your session cookie. Those attacks are very nasty, as they circumvent 2fa and password completely (this is not an itch specific problem).

To protect your machine, you should up your scepticim. I made a tips thread about that. In short, do not trust the new and shiny things, even when hosted on itch. Itch has no account verification, so anyone could be an impostor (yes, just like in Among Us, which incidentally is also hosted on itch). But this is general anti-scam advice. Do not trust strangers on the net, the phone, the mail, on a self publishing store... , even if they say they are royality from other countries and have money to give to you.

Okay thank you this is helpful.

Well with all that my biggest question is always, just in chase there should be any reason I want to or have to remove it, would it be easy?

I don't know where this is coming from anymore, but I always feel like I install it, encounter something that needs me to remove it and i have big trouble to figure out how to remove it without causing any troubles for everything else. (Like those savefiles I think you described are tucked away there)

What I still have not understood, the account that is created, is that like a  camouflage for the account? I remember that it sounded like you keep your account and everyone knows or sees you as Mausakrobat28 but either the folder or your account is somewhere names user3812 (whatever) 

I know I know,  I guess i had some bad experiences and now I'm also figuring this out in english even if it feels easy enough to undertand.

I just keep asking myself these "what if" things.

Soooo what I wanted to know from you before and since the 2fa is different from what I know from steam in how it seems to work a bit, Is sandboxing in your eyes enough at the moment or do I need 2fa and sandbox?   

It starts to sound like 2fa might not be needed in this chase....or wait it's late but you might be actually meaning that I should get both because they kind of both protect one said of the coin a bit.

Thank you again, I hope it's still alright for you to help me a bit further should I still remember something tomorrow.

It starts to feel like i'm to careful again, but now I'm even a bit tired and I just remember your link. I take a look tomorrow I guess.