Curse

luinks · Nov 27, 2006, 09:31 PM // 21:31

Quote:

Originally Posted by Gaile Gray

...Both PlayNC and Guild Wars prevent bruty force attempts with a "time out" with a small number of failed attempts.

First thing thanks for your time Gayle, I already tested it, I ran guildwars client, tried to log in a wrong password, about the 30ish time I lost the counting and no timeout came, :3

Can anyone else test it? my client is up to date and should be the same as everyone's... so the behaviour should be the same.

Eviance · Nov 27, 2006, 10:23 PM // 22:23

Linking to PlayNC from the getgo is a pretty safe bet if you do it right. As of right now because I didn't link from the start and only recently linked I run the risk of getting hacked...

Btw Gaile I feel sorry for the 5 different people who had to help me with my issue -_- 12 key codes, 3 different people, 5 different accounts, no clue who owns what x_x To boot I had given a false birthday from the start (always do it as a safety precaution) and up and forgot what I had entered. But for now its been sorted and we are just hoping my email hasn't been compromised due to that stupid keylogger.

And yes I am also still waiting to see if plaync blocks because I keep trying a fake password on my account and it keeps attempting (6 times in a row) then I logged in as normal... not to mention I'm not getting any email warnings about failed attempts o_O

And I just tested the GW Client and it allowed me to do it about 20+ times and never once stopped me.

Clawdius_Talonious · Nov 27, 2006, 10:32 PM // 22:32

Yeah, I tried 40+ times in the GW client and got no time out sort of message. However if I was really drunk and kept punching the wrong keys and accidently turning on caps lock etc, and GW locked me out for failed password attempts I think I would be frustrated. However, to my own recollection, I have never successfully gotten that drunk (not that I would be able to recall if I had).

Eviance · Nov 27, 2006, 10:37 PM // 22:37

*rolls eyes @ Clawdius* goober =P

Loviatar · Nov 27, 2006, 10:40 PM // 22:40

OK

how many of you who have tried it have done what Gaile asked and sent in that information?

possibly even (Gaile forgive me) sent her a POLITE PM confirmation the lockout is not working

Xenex Xclame · Nov 27, 2006, 11:20 PM // 23:20

Ok it either seems they misinformed you (Gaile) about the timeout issue since apparently it is not working, or its broken and nobody at Anet and NCSoft knows about it, which makes you wonder how much they try to protect our privacy.

The option of changing your account name is a good one.
Gaile its not that we are asking for you guys to put 12 walls before you can get in its that you make the ones that are available now good.
-Allow you to change your user name
-Allow you to unlink your account.*
-Allow to use symbols in password**
-Lock down the account for either 2 hours or until you contact Anet with info to make sure its you ,as soon as you get 5 failed attempts***
-Allow us to use something else besides email adresses as account names****

*I know this is a way for you guys to track down people that have sold their account , but it also dissalows us to take our own risk,if peopel think that NCSoft security is not good then let them choose not to handle with.

**The ability to use symbols also increases security so please point this out at plaync with a FDS in your hand.

***Same as my bank pass i know the pin pretty well, sometimes i forget it, i try to use the ones i think it is if i fail twice i stop trying and either ask my mom ( she knows my pin) or go home and when i remember it try it again, the reason i do this?Cause i know it will the machine will swallow my card at try 3.If i do try 3 times and fail the machine will swallow my card and i will have to id myself at bank to get a new card.

****This is a simple one, especially for the people that have linked to plaync this one is good since the people that have linked to plaync can get breached tru the plaync site.
If you have linked to plaync your main account will have the @plaync attached to it, which means the people trying to get into your account have less they have to fish out.

Eviance · Nov 28, 2006, 01:16 AM // 01:16

*sighs* Loviator you silly, her post didn't say to PM her =P But I did and gave her the results anyways and I dirrected her back to this thread - hopefully whatever the issue is, it gets resolved!

Lord Sojar · Nov 28, 2006, 01:25 AM // 01:25

NCSoft's security is lacking. Without the ability to change passwords on the fly or loginnames, it puts up a nice red flag for brute force hackers to come on in.

Scutilla · Nov 28, 2006, 06:24 AM // 06:24

Quote:

Originally Posted by Gaile Gray

I have asked about this, repeatedly, and our most knowledgable programmer has stated, repeatedly, that any shortcomings in the system lie with the user, not the system.

Heh, reminds me of that old It's Walky punchline- "SEMME Central Computer is infallible. There must be a problem with the user."

(NOTE: That's not a snide remark at Gaile, the ANet devs, or their account security whatsoever, just a humorous off-topic anecdote- I have confidence that ANet's servers are extremely safe. We now return you to your regularly scheduled discussion

)

Gaile Gray · Nov 28, 2006, 08:19 AM // 08:19

Folks,

I need to know more information, from those of you reporting that you can try multiple times without a block on attempts to access the account. Is the account with which you are making this test linked, Guild Wars and PlayNC, or not? Are you putting in the correct user name and then using an incorrect password, or are you using an incorrect user name? If I can have the parameters of the testing, that will help, and thanks for that information.

Also, some time ago, there was a system whereby someone would receive an email if their account was being "pinged" for access beyond a reasonable number. Are any of you getting such an email with your testing?

WetWookie · Nov 28, 2006, 01:57 PM // 13:57

I am also concerned about not being able to change the email address that I use to log on GW with. What happens if i change ISP and I no longer have access to that email address.

Eviance · Nov 28, 2006, 02:25 PM // 14:25

No Gaile I did not get ANY emails this time when I tested the PlayNC account. It was the correct user name but the passwords I tried over and over again were random, I got no lock out and no warning emails.

As for the GW Client I was testing, it is linked to PlayNC but its with an email addy and not the @plaync. It was the correct email address, but I kept punching in random letters and numbers for the password and it just kept letting me. No emails were sent about that either (not really sure if they would, but just throwing it out there in case its supposed to be).

I have a GW client @plaync account if you would like me to test it as well? Meaning it was originally linked when created and not after the fact like the other one I tested.
(And for the record all tested accounts were indeed my own or my husbands which yes he is well aware of.)

Wtf Its A Monk · Nov 28, 2006, 03:03 PM // 15:03

why not just give us the option to unlink our account.....it is our account and in my personal opinion we should be able to have it linked/unlinked as we please....or at the very least give us the option to change the email address that we use to login to our account.

i think 5 attempts at a login is fair....then mabey a 5min cool down time for the users ip address

Avarre · Nov 28, 2006, 03:10 PM // 15:10

Quote:

Originally Posted by Wtf Its A Monk

it is our account and in my personal opinion we should be able to have it linked/unlinked as we please....

If I recall correctly, it's technically ANet's account. The user pays for the right to access it. Then again, I haven't read the EULA in awhile..

luinks · Nov 28, 2006, 03:24 PM // 15:24

Quote:

Originally Posted by Eviance

No Gaile I did not get ANY emails this time when I tested the PlayNC account. It was the correct user name but the passwords I tried over and over again were random, I got no lock out and no warning emails.

As for the GW Client I was testing, it is linked to PlayNC but its with an email addy and not the @plaync. It was the correct email address, but I kept punching in random letters and numbers for the password and it just kept letting me. No emails were sent about that either (not really sure if they would, but just throwing it out there in case its supposed to be).

same results here, linked account normal account, no email confirmation, correct login screen name and random password.

9th Requiem · Nov 28, 2006, 03:26 PM // 15:26

"The government put a chip in my brain to steal my GW password! They're after my ectos!"

Eviance · Nov 28, 2006, 03:31 PM // 15:31

Quote:

Originally Posted by Wtf Its A Monk

why not just give us the option to unlink our account.....it is our account and in my personal opinion we should be able to have it linked/unlinked as we please....or at the very least give us the option to change the email address that we use to login to our account.

i think 5 attempts at a login is fair....then mabey a 5min cool down time for the users ip address

While I agree to a point on the above, PlayNC offers basically a double coded system which actually makes it better if all the precautions are in place. Right now though it doesn't seem like those precautions are in place so... Hopefully with the info we have given here they can fix the problem and make PlayNC much safer. But I do agree that unlinking should be an option, because I went through all kinds of hell trying to get mine linked properly (half linked sucks so much more than fully linked or not at all) and I am still baffled when juggling my accounts.

luinks did you check your bulk/junk mail just in case they got filtered? I only had emails in my inbox and none of them were from PlayNC or had any relavence at all to GW and PlayNC - just thought I would check before Gaile asks XD

Russell.Crowe · Nov 28, 2006, 03:41 PM // 15:41

I agree that it compromises security. Another thing that compromises the security of accounts is the password recovery process. Has anyone actually checked it? I think it is ridiculous that all you have to do is type in your email account to get the password on the account reset. You should at least have to answer some sort of security question along with supplying the email (most other services do this, improves account security). Most other services make you choose a question and answer that only you would know. Under the current system, if your email account was hacked, this person could take over your GW account. IMO this needs to be changed. I have sent emails about this before, and I still see it hasn't been changed.

Loviatar · Nov 28, 2006, 03:48 PM // 15:48

Quote:

Originally Posted by Russell.Crowe

Under the current system, if your email account was hacked, this person could take over your GW account. IMO this needs to be changed. I have sent emails about this before, and I still see it hasn't been changed.

REALITY CHECK HERE

if a hacker is reading your email he is probally reading everything else as well.

in which case.......

GW IS THE LEAST OF YOUR PROBLEMS

<this has been a reality check>

luinks · Nov 28, 2006, 04:45 PM // 16:45

nope nothing in junk mail eviance :3