Nov 27, 2006, 09:31 PM // 21:31
|
#21
|
Frost Gate Guardian
Join Date: May 2006
Guild: Purple Ravens
Profession: Mo/E
|
Quote:
Originally Posted by Gaile Gray
...Both PlayNC and Guild Wars prevent bruty force attempts with a "time out" with a small number of failed attempts.
|
First thing thanks for your time Gayle, I already tested it, I ran guildwars client, tried to log in a wrong password, about the 30ish time I lost the counting and no timeout came, :3
Can anyone else test it? my client is up to date and should be the same as everyone's... so the behaviour should be the same.
|
|
|
Nov 27, 2006, 10:23 PM // 22:23
|
#22
|
Desert Nomad
Join Date: Nov 2005
Location: Eh I forget... o_O
Guild: Biscuit of Dewm [MEEP]
Profession: R/
|
Linking to PlayNC from the getgo is a pretty safe bet if you do it right. As of right now because I didn't link from the start and only recently linked I run the risk of getting hacked...
Btw Gaile I feel sorry for the 5 different people who had to help me with my issue -_- 12 key codes, 3 different people, 5 different accounts, no clue who owns what x_x To boot I had given a false birthday from the start (always do it as a safety precaution) and up and forgot what I had entered. But for now its been sorted and we are just hoping my email hasn't been compromised due to that stupid keylogger.
And yes I am also still waiting to see if plaync blocks because I keep trying a fake password on my account and it keeps attempting (6 times in a row) then I logged in as normal... not to mention I'm not getting any email warnings about failed attempts o_O
And I just tested the GW Client and it allowed me to do it about 20+ times and never once stopped me.
Last edited by Eviance; Nov 27, 2006 at 10:27 PM // 22:27..
|
|
|
Nov 27, 2006, 10:32 PM // 22:32
|
#23
|
Krytan Explorer
Join Date: Aug 2006
Location: Screwston, Tejas
Guild: KOS
Profession: N/Me
|
Yeah, I tried 40+ times in the GW client and got no time out sort of message. However if I was really drunk and kept punching the wrong keys and accidently turning on caps lock etc, and GW locked me out for failed password attempts I think I would be frustrated. However, to my own recollection, I have never successfully gotten that drunk (not that I would be able to recall if I had).
|
|
|
Nov 27, 2006, 10:37 PM // 22:37
|
#24
|
Desert Nomad
Join Date: Nov 2005
Location: Eh I forget... o_O
Guild: Biscuit of Dewm [MEEP]
Profession: R/
|
*rolls eyes @ Clawdius* goober =P
|
|
|
Nov 27, 2006, 10:40 PM // 22:40
|
#25
|
Underworld Spelunker
|
OK
how many of you who have tried it have done what Gaile asked and sent in that information?
possibly even (Gaile forgive me) sent her a POLITE PM confirmation the lockout is not working
|
|
|
Nov 27, 2006, 11:20 PM // 23:20
|
#26
|
Desert Nomad
Join Date: Mar 2006
Guild: DPX
Profession: R/
|
Ok it either seems they misinformed you (Gaile) about the timeout issue since apparently it is not working, or its broken and nobody at Anet and NCSoft knows about it, which makes you wonder how much they try to protect our privacy.
The option of changing your account name is a good one.
Gaile its not that we are asking for you guys to put 12 walls before you can get in its that you make the ones that are available now good.
-Allow you to change your user name
-Allow you to unlink your account.*
-Allow to use symbols in password**
-Lock down the account for either 2 hours or until you contact Anet with info to make sure its you ,as soon as you get 5 failed attempts***
-Allow us to use something else besides email adresses as account names****
*I know this is a way for you guys to track down people that have sold their account , but it also dissalows us to take our own risk,if peopel think that NCSoft security is not good then let them choose not to handle with.
**The ability to use symbols also increases security so please point this out at plaync with a FDS in your hand.
***Same as my bank pass i know the pin pretty well, sometimes i forget it, i try to use the ones i think it is if i fail twice i stop trying and either ask my mom ( she knows my pin) or go home and when i remember it try it again, the reason i do this?Cause i know it will the machine will swallow my card at try 3.If i do try 3 times and fail the machine will swallow my card and i will have to id myself at bank to get a new card.
****This is a simple one, especially for the people that have linked to plaync this one is good since the people that have linked to plaync can get breached tru the plaync site.
If you have linked to plaync your main account will have the @plaync attached to it, which means the people trying to get into your account have less they have to fish out.
|
|
|
Nov 28, 2006, 01:16 AM // 01:16
|
#27
|
Desert Nomad
Join Date: Nov 2005
Location: Eh I forget... o_O
Guild: Biscuit of Dewm [MEEP]
Profession: R/
|
*sighs* Loviator you silly, her post didn't say to PM her =P But I did and gave her the results anyways and I dirrected her back to this thread - hopefully whatever the issue is, it gets resolved!
|
|
|
Nov 28, 2006, 01:25 AM // 01:25
|
#28
|
The Fallen One
Join Date: Dec 2005
Location: Oblivion
Guild: Irrelevant
Profession: Mo/Me
|
NCSoft's security is lacking. Without the ability to change passwords on the fly or loginnames, it puts up a nice red flag for brute force hackers to come on in.
|
|
|
Nov 28, 2006, 06:24 AM // 06:24
|
#29
|
Wilds Pathfinder
Join Date: Sep 2005
Guild: Tyrian Explorers League
Profession: R/P
|
Quote:
Originally Posted by Gaile Gray
I have asked about this, repeatedly, and our most knowledgable programmer has stated, repeatedly, that any shortcomings in the system lie with the user, not the system.
|
Heh, reminds me of that old It's Walky punchline- "SEMME Central Computer is infallible. There must be a problem with the user."
(NOTE: That's not a snide remark at Gaile, the ANet devs, or their account security whatsoever, just a humorous off-topic anecdote- I have confidence that ANet's servers are extremely safe. We now return you to your regularly scheduled discussion )
|
|
|
Nov 28, 2006, 08:19 AM // 08:19
|
#30
|
ArenaNet
|
Folks,
I need to know more information, from those of you reporting that you can try multiple times without a block on attempts to access the account. Is the account with which you are making this test linked, Guild Wars and PlayNC, or not? Are you putting in the correct user name and then using an incorrect password, or are you using an incorrect user name? If I can have the parameters of the testing, that will help, and thanks for that information.
Also, some time ago, there was a system whereby someone would receive an email if their account was being "pinged" for access beyond a reasonable number. Are any of you getting such an email with your testing?
__________________
Gaile Gray
Support Liaison
ArenaNet
Last edited by Gaile Gray; Nov 28, 2006 at 08:27 AM // 08:27..
|
|
|
Nov 28, 2006, 02:25 PM // 14:25
|
#32
|
Desert Nomad
Join Date: Nov 2005
Location: Eh I forget... o_O
Guild: Biscuit of Dewm [MEEP]
Profession: R/
|
No Gaile I did not get ANY emails this time when I tested the PlayNC account. It was the correct user name but the passwords I tried over and over again were random, I got no lock out and no warning emails.
As for the GW Client I was testing, it is linked to PlayNC but its with an email addy and not the @plaync. It was the correct email address, but I kept punching in random letters and numbers for the password and it just kept letting me. No emails were sent about that either (not really sure if they would, but just throwing it out there in case its supposed to be).
I have a GW client @plaync account if you would like me to test it as well? Meaning it was originally linked when created and not after the fact like the other one I tested.
(And for the record all tested accounts were indeed my own or my husbands which yes he is well aware of.)
Last edited by Eviance; Nov 28, 2006 at 02:42 PM // 14:42..
|
|
|
Nov 28, 2006, 03:03 PM // 15:03
|
#33
|
Frost Gate Guardian
Join Date: Feb 2006
Location: Michigan
Profession: A/
|
why not just give us the option to unlink our account.....it is our account and in my personal opinion we should be able to have it linked/unlinked as we please....or at the very least give us the option to change the email address that we use to login to our account.
i think 5 attempts at a login is fair....then mabey a 5min cool down time for the users ip address
Last edited by Wtf Its A Monk; Nov 28, 2006 at 03:07 PM // 15:07..
|
|
|
Nov 28, 2006, 03:10 PM // 15:10
|
#34
|
Bubblegum Patrol
Join Date: Dec 2005
Location: Singapore Armed Forces
|
Quote:
Originally Posted by Wtf Its A Monk
it is our account and in my personal opinion we should be able to have it linked/unlinked as we please....
|
If I recall correctly, it's technically ANet's account. The user pays for the right to access it. Then again, I haven't read the EULA in awhile..
|
|
|
Nov 28, 2006, 03:24 PM // 15:24
|
#35
|
Frost Gate Guardian
Join Date: May 2006
Guild: Purple Ravens
Profession: Mo/E
|
same
Quote:
Originally Posted by Eviance
No Gaile I did not get ANY emails this time when I tested the PlayNC account. It was the correct user name but the passwords I tried over and over again were random, I got no lock out and no warning emails.
As for the GW Client I was testing, it is linked to PlayNC but its with an email addy and not the @plaync. It was the correct email address, but I kept punching in random letters and numbers for the password and it just kept letting me. No emails were sent about that either (not really sure if they would, but just throwing it out there in case its supposed to be).
|
same results here, linked account normal account, no email confirmation, correct login screen name and random password.
|
|
|
Nov 28, 2006, 03:26 PM // 15:26
|
#36
|
Academy Page
Join Date: Sep 2005
Guild: Guardians of the Stars
Profession: Mo/R
|
"The government put a chip in my brain to steal my GW password! They're after my ectos!"
|
|
|
Nov 28, 2006, 03:31 PM // 15:31
|
#37
|
Desert Nomad
Join Date: Nov 2005
Location: Eh I forget... o_O
Guild: Biscuit of Dewm [MEEP]
Profession: R/
|
Quote:
Originally Posted by Wtf Its A Monk
why not just give us the option to unlink our account.....it is our account and in my personal opinion we should be able to have it linked/unlinked as we please....or at the very least give us the option to change the email address that we use to login to our account.
i think 5 attempts at a login is fair....then mabey a 5min cool down time for the users ip address
|
While I agree to a point on the above, PlayNC offers basically a double coded system which actually makes it better if all the precautions are in place. Right now though it doesn't seem like those precautions are in place so... Hopefully with the info we have given here they can fix the problem and make PlayNC much safer. But I do agree that unlinking should be an option, because I went through all kinds of hell trying to get mine linked properly (half linked sucks so much more than fully linked or not at all) and I am still baffled when juggling my accounts.
luinks did you check your bulk/junk mail just in case they got filtered? I only had emails in my inbox and none of them were from PlayNC or had any relavence at all to GW and PlayNC - just thought I would check before Gaile asks XD
Last edited by Eviance; Nov 28, 2006 at 03:35 PM // 15:35..
|
|
|
Nov 28, 2006, 03:41 PM // 15:41
|
#38
|
Lion's Arch Merchant
|
I agree that it compromises security. Another thing that compromises the security of accounts is the password recovery process. Has anyone actually checked it? I think it is ridiculous that all you have to do is type in your email account to get the password on the account reset. You should at least have to answer some sort of security question along with supplying the email (most other services do this, improves account security). Most other services make you choose a question and answer that only you would know. Under the current system, if your email account was hacked, this person could take over your GW account. IMO this needs to be changed. I have sent emails about this before, and I still see it hasn't been changed.
|
|
|
Nov 28, 2006, 03:48 PM // 15:48
|
#39
|
Underworld Spelunker
|
Quote:
Originally Posted by Russell.Crowe
Under the current system, if your email account was hacked, this person could take over your GW account. IMO this needs to be changed. I have sent emails about this before, and I still see it hasn't been changed.
|
REALITY CHECK HERE
if a hacker is reading your email he is probally reading everything else as well.
in which case.......
GW IS THE LEAST OF YOUR PROBLEMS
<this has been a reality check>
|
|
|
Nov 28, 2006, 04:45 PM // 16:45
|
#40
|
Frost Gate Guardian
Join Date: May 2006
Guild: Purple Ravens
Profession: Mo/E
|
nope nothing in junk mail eviance :3
|
|
|
Thread Tools |
|
Display Modes |
Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT. The time now is 05:51 AM // 05:51.
|