Account Security Concerns - Page 2 - Guild Wars Forums

Silverthorn · Apr 11, 2005, 05:23 AM // 05:23

They chose to make the account names something that is commonly given out to other people. By making that choice they made accounts more vulnerable than they needed to be. That is why I feel it is not my responsibility to assure my accounts security. A normal account name isn't something you would go around telling to other people. So no big deal keeping it to yourself. But an email address is made to be given out to people so you can talk to them. So its not the most ideal method of keeping something secure.

Midnight Scorpion · Apr 11, 2005, 05:26 AM // 05:26

Hack e-mail is a whole different ballgame.

As to Sin's response, I can agree.

However, this thread wouldn't exist in the first place, if e-mails had not been used as a measure for logging into the game. Not everyone is a hard-core secure-all-their-assets type person. The use of e-mail login would be a sort of indirect exploitation of the casual non-internet savvy user.

Change e-mail to login name and this thread could disappear forever.

Note: I'm not a pro at this kind of stuff, it's my honest serfish opinion.

Sin · Apr 11, 2005, 05:49 AM // 05:49

Quote:

Originally Posted by Midnight Scorpion

As to Sin's response, I can agree.

However, this thread wouldn't exist in the first place, if e-mails had not been used as a measure for logging into the game. Not everyone is a hard-core secure-all-their-assets type person. The use of e-mail login would be a sort of indirect exploitation of the casual non-internet savvy user.

Thanks midnight scorpion!

Sure it can be abused, yet we do not know what other disclamers, suggestions, etc., will be in the final release via manuals and popup/help windows. Until then the threat really hasn't showed a cause for concern, as nothing has been said that anyone's account has been compromised.

Quote:

Originally Posted by Silverthorn

They chose to make the account names something that is commonly given out to other people. By making that choice they made accounts more vulnerable than they needed to be. That is why I feel it is not my responsibility to assure my accounts security. A normal account name isn't something you would go around telling to other people. So no big deal keeping it to yourself. But an email address is made to be given out to people so you can talk to them. So its not the most ideal method of keeping something secure.

As far as giving out an email or what a "normal" account name is, that's entirely relative to the situation. Having one free email somewhere for GuildWars is still having it to communicate with someone, just not everyone. And Silverthorn at no time is the security and privacy of any acount you call yours not your concern. There is no excusing yourself from responsibility for any property you call your own. Silverthorn please accept that responsiblity, I learnt it making mistakes too. We all did. How else does anyone become internet "savvy?"

Anyway, good luck with it! Understand it isn't that I am opposed to more internal account security, just not in lieu of our desire to pretend we don't have a self-imposed obligation by claiming ownership. I will make no further effort in regard to the matter.

Silverthorn · Apr 11, 2005, 06:05 AM // 06:05

Ok let me use an example to illustrate my point. What if your bank used your home phone number for your bank account number. Would you then find it acceptable to have to go out and get a 2nd phoneline to give out to people so you had 1 that was safe and secure for your bank account? Its not reasonable to expect people to do that.
A customer pays money to access the game. Some of that money should go to ensure that our accounts are safe without the player being forced to take extra steps on thier own to ensure its safety.
If you don't agree with me fine, but don't tell me I'm trying to shirk all responsibility because you have a different opinion on the matter.

Darkmane · Apr 11, 2005, 06:15 AM // 06:15

I agree.. this is a security flaw/risk.

But we do not yet know what information will be rquired when we put in our full game key. It could be loging in will be different. I would like to see Gaile pop in and give some thought on this though. Email addresses are just too easy to get. And if you use a fake one to setup the account, and for some reason you forget your password, or lets say someone gets your email address and password through any means. How will they work out recovery, theres no way to tell if the person playing the account is the actual owner. Its not like they can cross reference you by using a credit card number since theres no paying by credit card. Kinda makes you wonder.. who has my email address...

Manderlock · Apr 11, 2005, 06:18 AM // 06:18

Quote:

Originally Posted by Silverthorn

Ok let me use an example to illustrate my point. What if your bank used your home phone number for your bank account number. Would you then find it acceptable to have to go out and get a 2nd phoneline to give out to people so you had 1 that was safe and secure for your bank account? Its not reasonable to expect people to do that.
A customer pays money to access the game. Some of that money should go to ensure that our accounts are safe without the player being forced to take extra steps on thier own to ensure its safety.
If you don't agree with me fine, but don't tell me I'm trying to shirk all responsibility because you have a different opinion on the matter.

wow nice illustration, well that means im back in it

i shouldnt have to give out personal info to play a game there i said it.

Sin · Apr 11, 2005, 06:53 AM // 06:53

Silverthorn, you are shirking all responsiblity.

It is said and now for your example...

You are using a multi-jurisdictionally regulated busines as your example, one that, case in point to what I expressed about them balancing interests, is regulating your account not to protect you but to protect the national treasury and national economy. You may be surprised to find out but your email address and/or account in GuildWars should they be compromised, shall not effect the national economy of the United States. Obviously that would make it too easy for the terrorists huh?

What makes this so ridiculous is that the banks would use your phone number in a heartbeat if the effect of potential compromise of yours and everyone elses account would have no serious impact on the government and thus why they have a government telling them what to do and how to do it. Can you see how everyone is in it for their own interests and what you see as security is merely the balance of interests as it exists today?

You clearly are so busy wanting to off-load your responsiblity you can only stoop to demanding I don't state your obvious attempts to shirk all responsibility for what they are. Any and I mean ANY security measures to protect any information in any database, if not mandated by government, is merely a formality--done as a courtesy and actually in the interest of protecting that database holder's liability be it bank, credit card company, etc. Bank accounts have a tendency to carry liability because the deposit is your property even after it is in the bank, you legally are a creditor to the bank--they will extend you greater courtesy especially when presented with the goverment's desire they do so for other long-term potential impacts. A computer game does not carry that weight, especially one with no monthly fee and where free email addressess are available all over the internet. Most important is the computer account isn't generated by you having property to deposit, it is generated by you wanting to purchase into its use--The buyer is at the will of the seller by agreement; you have no property on deposit; the game isn't yours; no one owes you return of anything. Banks sell services in the interest of you trusting them with the deposit, that trust IS their product.

I know you would get another phone line and not even try to take on the bank if they started using your phone number because the value of their services and use of your deposit at your direction is far greater than the 50 dollars you paid for the game. Do you see at all that this idea they need more security is merely a convenience/inconvenience position on your part, an alibi to justify shirking your repsonsiblity because the value of the account is less than what you believe is the value of your trouble to get another email?

All I have been saying is your balancing of interests is to set aside the power you have and assume someone else should do it with the belief they'll watch out for you, when their interest is their own. Note again that I am not against more security, merely how you are making it necessary because of what you don't want to do. So now how is that not you shirking your responsibility? Being I did say I am not against futher security in the previous post, then the only way i could be disagreeing with you is in your shirking your responsibility.

Anyway, it appears you would rather hold what I am saying up as an argument against you. I am sorry you feel that way.

Silverthorn · Apr 11, 2005, 11:06 PM // 23:06

Meh Sin, i got about halfway through your post then got sick of reading. Your just posting to try and argue and I'm not gonna waste my time reading any more of your posts. I have a legitimate concern in my eyes. And its not your place to determine if its a valid concern or not. So how about you stop trying to argue and get in the way of someone trying to find an answer to thier questions. You've voiced your opinion so how about you just wait and see if someone from arenanet answers like the rest of us.

Apr 11, 2005, 05:26 AM // 05:26	#22
Midnight Scorpion Frost Gate Guardian Join Date: Mar 2005 Guild: None Profession: Mo/	Hack e-mail is a whole different ballgame. As to Sin's response, I can agree. However, this thread wouldn't exist in the first place, if e-mails had not been used as a measure for logging into the game. Not everyone is a hard-core secure-all-their-assets type person. The use of e-mail login would be a sort of indirect exploitation of the casual non-internet savvy user. Change e-mail to login name and this thread could disappear forever. Note: I'm not a pro at this kind of stuff, it's my honest serfish opinion. Last edited by Midnight Scorpion; Apr 11, 2005 at 05:30 AM // 05:30..

Apr 11, 2005, 06:53 AM // 06:53	#27
Sin Banned Join Date: Mar 2005 Location: The Joint :p	Silverthorn, you are shirking all responsiblity. It is said and now for your example... You are using a multi-jurisdictionally regulated busines as your example, one that, case in point to what I expressed about them balancing interests, is regulating your account not to protect you but to protect the national treasury and national economy. You may be surprised to find out but your email address and/or account in GuildWars should they be compromised, shall not effect the national economy of the United States. Obviously that would make it too easy for the terrorists huh? What makes this so ridiculous is that the banks would use your phone number in a heartbeat if the effect of potential compromise of yours and everyone elses account would have no serious impact on the government and thus why they have a government telling them what to do and how to do it. Can you see how everyone is in it for their own interests and what you see as security is merely the balance of interests as it exists today? You clearly are so busy wanting to off-load your responsiblity you can only stoop to demanding I don't state your obvious attempts to shirk all responsibility for what they are. Any and I mean *ANY* security measures to protect any information in any database, if not mandated by government, is merely a formality--done as a courtesy and actually in the interest of protecting that database holder's liability be it bank, credit card company, etc. Bank accounts have a tendency to carry liability because the deposit is your property even after it is in the bank, you legally are a creditor to the bank--they will extend you greater courtesy especially when presented with the goverment's desire they do so for other long-term potential impacts. A computer game does not carry that weight, especially one with no monthly fee and where free email addressess are available all over the internet. Most important is the computer account isn't generated by you having property to deposit, it is generated by you wanting to purchase into its use--The buyer is at the will of the seller by agreement; you have no property on deposit; the game isn't yours; no one owes you return of anything. Banks sell services in the interest of you trusting them with the deposit, that trust IS their product. I know you would get another phone line and not even try to take on the bank if they started using your phone number because the value of their services and use of your deposit at your direction is far greater than the 50 dollars you paid for the game. Do you see at all that this idea they need more security is merely a convenience/inconvenience position on your part, an alibi to justify shirking your repsonsiblity because the value of the account is less than what you believe is the value of your trouble to get another email? All I have been saying is your balancing of interests is to set aside the power you have and assume someone else should do it with the belief they'll watch out for you, when their interest is their own. Note again that I am not against more security, merely how you are making it necessary because of what you don't want to do. So now how is that not you shirking your responsibility? Being I did say I am not against futher security in the previous post, then the only way i could be disagreeing with you is in your shirking your responsibility. Anyway, it appears you would rather hold what I am saying up as an argument against you. I am sorry you feel that way. Last edited by Sin; Apr 11, 2005 at 07:04 AM // 07:04..

Apr 11, 2005, 05:23 AM // 05:23	#21
Silverthorn Ascalonian Squire Join Date: Apr 2005 Location: D/FW, Texas Guild: Dark Radiance Profession: Mo/N	They chose to make the account names something that is commonly given out to other people. By making that choice they made accounts more vulnerable than they needed to be. That is why I feel it is not my responsibility to assure my accounts security. A normal account name isn't something you would go around telling to other people. So no big deal keeping it to yourself. But an email address is made to be given out to people so you can talk to them. So its not the most ideal method of keeping something secure.

Apr 11, 2005, 06:05 AM // 06:05	#24
Silverthorn Ascalonian Squire Join Date: Apr 2005 Location: D/FW, Texas Guild: Dark Radiance Profession: Mo/N	Ok let me use an example to illustrate my point. What if your bank used your home phone number for your bank account number. Would you then find it acceptable to have to go out and get a 2nd phoneline to give out to people so you had 1 that was safe and secure for your bank account? Its not reasonable to expect people to do that. A customer pays money to access the game. Some of that money should go to ensure that our accounts are safe without the player being forced to take extra steps on thier own to ensure its safety. If you don't agree with me fine, but don't tell me I'm trying to shirk all responsibility because you have a different opinion on the matter.

Apr 11, 2005, 06:15 AM // 06:15	#25
Darkmane Lion's Arch Merchant Join Date: Feb 2005	I agree.. this is a security flaw/risk. But we do not yet know what information will be rquired when we put in our full game key. It could be loging in will be different. I would like to see Gaile pop in and give some thought on this though. Email addresses are just too easy to get. And if you use a fake one to setup the account, and for some reason you forget your password, or lets say someone gets your email address and password through any means. How will they work out recovery, theres no way to tell if the person playing the account is the actual owner. Its not like they can cross reference you by using a credit card number since theres no paying by credit card. Kinda makes you wonder.. who has my email address...

Apr 11, 2005, 11:06 PM // 23:06	#28
Silverthorn Ascalonian Squire Join Date: Apr 2005 Location: D/FW, Texas Guild: Dark Radiance Profession: Mo/N	Meh Sin, i got about halfway through your post then got sick of reading. Your just posting to try and argue and I'm not gonna waste my time reading any more of your posts. I have a legitimate concern in my eyes. And its not your place to determine if its a valid concern or not. So how about you stop trying to argue and get in the way of someone trying to find an answer to thier questions. You've voiced your opinion so how about you just wait and see if someone from arenanet answers like the rest of us.