 |
|
Jan 04, 2010, 10:20 PM // 22:20
|
#1 |
|
Lion's Arch Merchant
Join Date: Jul 2006
Guild: KaoS League
Profession: E/
|
Suggestion: Account security
Please forgive me as it is another my account was hacked post. But it is a little more too. Please no flamming or trolling. My account was secure( I thought). Took someone 5 years to get into it. So if the thread needs to be closed then I'm sure it will be.
First off I would like to say I'm sorry if these suggestions has been made. I searched but didn't find it. I'll admit I didn't do a extensive look around. The reason I thought this idea up is as with many people recently getting their accounts hacked. I got hacked. I haven't logged in much in the past year. Maybe 4 times or so with a weekend event or whatnot. My account was hacked via the Ncsoft Master account. I got an email on my blackberry stating that my Ncsoft account password change was successful. Of course I was like O noes I didn't request that change. So I immediately emailed support back. After I changed my second account password and logged in to check things out. Yes some one had been logged into my account. Stole a bunch of stuff I had collected over the years. I would say I lost over 3 million gold if you would liquidate all the stuff. Now I know account security is ultimately up to me. And I thought I was safe. I had a 10 digit real random alpha numeric password on all my accounts(different). But(lol) I have a gripe about how the NCSoft account password can be changed. ( I have read that they changed something about the ncsoft account security and it may be this, I'm sure someone will let me know). Anyway, (Suggestion 1) So you can change it via the web and plug in your new password. But I noticed when changing my second account's password instead of telling it a new password, the system generated a new one and emailed it too me. Shouldn't it be like that with the Ncsoft account? So if you request a password change you must submit all the proper answers to the questions(which I don't remember having to setup). Then the server generates a new password and email it to me. That way the only way a hacker can get the new password is by actually having my email account hacked. Which they didn't in this case. And I would guess they don't in many if not any of the other cases. And I wouldn't have been hacked. (Suggestion 2) I don't know if it is possible. But I think it should be this way from the start and if it can't be implemented in GW1 it should be seriously looked into GW2 if not too late. (Whatever coding restrictions that may be there since the game is close to being finished). So If you request a password to be changed and are successful, then that account cannot trade(merchant or player) or drop items for at least 24 hours. I would even go as far as 72 hours. If this 24 hour period was in effect I wouldn't have lost a dime. As I emailed support as soon as I got the email about the password change. And the investigation began with the account locked. This all happened to me just last month. I was so bitter and angry I dared not posting about it until I cooled off. I do have my account back. But I have lost a great deal in the cyberspace world of GW. I do have my perspectives and understand that in the grand scheme of things it's not that big of a deal. But I do wish I had all that was stolen back. Once again sorry Inde if this thread is just more of the same. I'm sure you and others are tired of dealing with them. Last edited by EmptySkull; Jan 04, 2010 at 10:23 PM // 22:23.. |
|
|
|
Jan 04, 2010, 11:15 PM // 23:15
|
#2 |
|
Forge Runner
Join Date: Jun 2006
Location: VA
Profession: Mo/
|
this actually isn't that bad of an idea. how often does anyone really need to change their password? probably not often so this wouldn't really affect people that much except for the ones who are stealing accounts.
|
|
|
|
|
Jan 04, 2010, 11:32 PM // 23:32
|
#3 |
|
Desert Nomad
Join Date: Apr 2006
Profession: R/
|
1) email password seems obvious, but what if you no longer have that email address?
2) is better, you can never stop hacking as there are numerous ways, but you can limit the consequence of the hack. Locking some functions out after a password reset is an option, but probably hard to implement, maybe loss of storage access would be more doable, better still, have a no delete option on characters (either permanent or for a time). |
|
|
|
|
Jan 04, 2010, 11:41 PM // 23:41
|
#4 | |
|
Forge Runner
Join Date: Jun 2006
Location: VA
Profession: Mo/
|
Quote:
|
|
|
|
|
|
Jan 04, 2010, 11:45 PM // 23:45
|
#5 |
|
Academy Page
Join Date: Mar 2007
Profession: D/
|
They have added recently to the login where you need email address, password and character name which makes it much more secure, (as the OP said he thought there had been something) as now you can get two of the three info from NCSoft but then need to know whose account it is, (IGN). Whilst possible stops most of the hacks, although obviously more is still better.
Edit: Only thing with 2 is whether then people will just hack and delete accounts to be malicious in response to change, (since they can get no value from it, make sure that the acc holder loses EVERYTHING). |
|
|
|
|
Jan 05, 2010, 12:21 AM // 00:21
|
#6 | ||
|
Lion's Arch Merchant
Join Date: Jul 2006
Guild: KaoS League
Profession: E/
|
Quote:
Quote:
A. Folks are doing this to turn around and make money. This would waste their time. B. Anet could even go as far as locking the account for just play only. No deletion, trading, or dropping. I believe this implementation would in one swift code change crush the hacking account for profit market. Which is what I would guess is 99% of the hacking that's going on. |
||
|
|
|
|
Jan 05, 2010, 01:06 AM // 01:06
|
#7 | |
|
Desert Nomad
Join Date: Apr 2007
|
Quote:
|
|
|
|
|
|
Jan 05, 2010, 05:19 AM // 05:19
|
#8 | |
|
Guest01
Join Date: Jul 2006
|
Quote:
I think the no-delete lock on characters is the one thing I would MOST like to see implimented. I think it should be permanent and non-reversable. I'd rather have char lock remorse than char loss remorse and you can always buy more slots. As far as the items, I wish they would do rollbacks, but I'm more concerned with the time investment on my characters than their items. BTW EmptySkull, I'm sorry you were one more on a long list of unfortunates. Last edited by mrvrod; Jan 05, 2010 at 05:22 AM // 05:22.. |
|
|
|
|
|
Jan 05, 2010, 05:26 AM // 05:26
|
#9 | |
|
Departed from Tyria
Join Date: May 2007
Guild: Clan Dethryche [dth]
Profession: R/
|
Oh, look, another thread discussing account vulnerability.
Quote:
|
|
|
|
|
|
Jan 05, 2010, 05:46 AM // 05:46
|
#10 |
|
Older Than God (1)
Join Date: Aug 2006
Guild: Clan Dethryche [dth]
|
So, to condense:
1) Change the password reset to a system where a new, random password is e-mailed to you. This is a common precaution, and it's effective because it prevents unauthorized access except in the event of user errors the site has no control over (keylogger, credential sharing). I think most players would go for that. 2) Prohibit trades for a certain window in the event of a reset. There are situations where that might be annoying, but giving players a window to dispute a reset and lock the account would be a solid fail-safe. I'll tell you this: #1 is common and easy to implement. #2 is a tougher coding fix, because you have to teach the server and the client a lot of things. It would help, but you're starting to push whether it's worth it from a cost/benefit standpoint. |
|
|
|
|
Jan 05, 2010, 06:22 AM // 06:22
|
#11 | |
|
Grotto Attendant
Join Date: Apr 2007
|
Quote:
#2 may not be as hard as it sounds. Nesting Material is already untradeable/unsellable/undroppable/etc. I'm sure it wouldn't be so hard to apply those attributes to any item on a temporary basis. |
|
|
|
|
|
Jan 05, 2010, 06:37 AM // 06:37
|
#12 | |||
|
Lion's Arch Merchant
Join Date: Jul 2006
Guild: KaoS League
Profession: E/
|
Quote:
I don't have key loggers or log on to GW on a unsecured computer. I did everything I was supposed to do to maintain the highest level of security. Yet I was still hacked via the NCSoft account. So who is at fault for this. Well I blame NCSoft. If this is all that one has to do to gain access to one of Ncsoft's game to pillage, then I'm not interested in shelling out money for nothing. Please comment on the suggestions don't troll. If you have nothing to add then just don't post. Quote:
Quote:
I have 2 thoughts intially. I assume you mean cost effective for the company. 1 How about the cost of loss of players that don't trust your security because they know that they did what they were supposed to do yet had their account looted. I have 2 GW accounts. I have purchased everything possible save the pvp unlocks and anything offered after the storage panels. Will I buy GW2 now? Dunno. 2 How about the increase of sales because you can tout a technology that is very secure but in the event that an account is hacked the customer is protected for a short time. All the customer would have to do is check their email daily. Which is what most do anyway. Last edited by EmptySkull; Jan 05, 2010 at 06:52 AM // 06:52.. |
|||
|
|
|
|
Jan 05, 2010, 06:59 AM // 06:59
|
#13 | |
|
Forge Runner
Join Date: Jun 2005
Location: Inside
Guild: Fifteen Over Fifty [Rare]
|
Quote:
|
|
|
|
|
|
Jan 05, 2010, 07:08 AM // 07:08
|
#14 | |
|
Forge Runner
Join Date: Jun 2006
Location: VA
Profession: Mo/
|
Quote:
|
|
|
|
|
|
Jan 05, 2010, 07:56 AM // 07:56
|
#15 | |
|
Academy Page
Join Date: Jan 2008
Profession: N/
|
Quote:
THIS. Seriously, it's pretty much the standard across the board. Just about every site I'm a member of be it forums or shopping, handle it this way. Would it kill NCsoft to adopt an industry standard that closes the biggest loophole in their security? |
|
|
|
|
|
Jan 05, 2010, 09:33 AM // 09:33
|
#16 |
|
Forge Runner
Join Date: Nov 2005
|
Even some of the most casual and low-traffic forums I frequent reset passwords like that. It's hard to believe NCSoft doesn't offer similar or better account integrity protection for a commercial service that stores personal and possibly even financial info. And of course, our game accounts!
|
|
|
|
|
Jan 05, 2010, 09:15 PM // 21:15
|
#17 | |
|
Lion's Arch Merchant
Join Date: Jul 2006
Guild: KaoS League
Profession: E/
|
Quote:
Right which is why I suggested it. If it had been this way, the night I got the email telling me that my password was successfully changed instead it would have been an email telling me the new password. Which would have been unknown to the hacker. And my account would still be untouched. They may have been able to screw around with my NCsoft account, but my GW account would have been protected. |
|
|
|
|
|
Jan 06, 2010, 12:45 AM // 00:45
|
#18 |
|
Wilds Pathfinder
Join Date: Nov 2007
Guild: Still looking
Profession: Rt/
|
I thought suggestions were supposed to be posted in the suggestion sub-fourm, Sardelac Sanitarium, but I guess I'm just going crazy.
|
|
|
|
|
Jan 06, 2010, 12:52 AM // 00:52
|
#19 |
|
Furnace Stoker
Join Date: Jul 2006
Location: behind you
Guild: bumble bee
Profession: E/
|
3 security questions, adding 2 more.
1) Oldest Character's Name 2) Guild's Name 3) one Friend's Character's Name on your friend's list (this is probably stored on our computer, not sure, might not be safe) Last edited by pumpkin pie; Jan 06, 2010 at 01:42 AM // 01:42.. |
|
|
|
|
Jan 06, 2010, 03:18 AM // 03:18
|
#20 |
|
Popcorn Fetish
Join Date: Dec 2005
Guild: [GODS]
Profession: Mo/Me
|
the number one best account security....I wish they would make one for GW but at least for GW2
A USB authenticator ...you can not access the game account with out this plugged in your computer!!! Please make one Anet!!! Please!!! |
|
|
|
 |
|
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT. The time now is 09:54 AM // 09:54.
jQuery(document).ready(checkAds()); function checkAds(){if (document.getElementById('adsense')!=undefined){document.write("_gaq.push(['_trackEvent', 'Adblock', 'Unblocked', 'false',,true]);");}else{document.write("