Curse

zwei2stein · Dec 22, 2009, 04:27 PM // 16:27

Quote:

Originally Posted by Arkantos

Has it demonstrated how thoughtless ANet is because they implemented an easily remembered security question, or has it demonstrated how thoughtless the players are because apparently some cannot remember their character names on their second account?

To be fair, people with mule accounts had no reason whatsoever to remember character names, or to be carefull when maning them: "Ftzkuqw Dqwer" is as good name for mule as any, in fact, i would be mildly annoyed if people with mule accounts named their mules with normal thought-out and rememberable character names, as it would mean that those names would be reserved and not avaiable for others who would actually play so named toon.

I mean, what point exactly would there be to be carefull about naming mules? At best you'd name mule toons something like "Weapons Sferferfg", "Weapons Two Otyerwertjh", etc to indicate what it stores, no point going any further. There was nothing whatsovere that indicated that toon name is ever going to be important past invite to guild (copy & paste makes even that point moot)

MagmaRed · Dec 22, 2009, 04:31 PM // 16:31

I find it sad that people can't remember a character name. I have little sympathy for that. If you are randomly assigning names then it isn't something you care much about anyway. It isn't hard to create storage characters with simple names that are easy to remember.

Although not the best solution, it is a working one, and will do as Ark mentioned. Glad they have stepped up to stop part of the problems while still working on the others.

Arkantos · Dec 22, 2009, 04:35 PM // 16:35

Quote:

Originally Posted by zwei2stein

To be fair, people with mule accounts had no reason whatsoever to remember character names, or to be carefull when maning them: "Ftzkuqw Dqwer" is as good name for mule as any, in fact, i would be mildly annoyed if people with mule accounts named their mules with normal thought-out and rememberable character names, as it would mean that those names would be reserved and not avaiable for others who would actually play so named toon.

I mean, what point exactly would there be to be carefull about naming mules? At best you'd name mule toons something like "Weapons Sferferfg", "Weapons Two Otyerwertjh", etc to indicate what it stores, no point going any further. There was nothing whatsovere that indicated that toon name is ever going to be important past invite to guild (copy & paste makes even that point moot)

Because it's generally useful to know what your characters name is. If the account is stolen, knowing character name(s) on the account is a viable way of getting it back (I know because it's helped me). You remember a characters name for the same reason you keep your auth key - security reasons.

What ANet did just saved hundreds if not thousands of accounts being stolen. That's a huge step in the right direction. If you don't know your character names, contact ANet and explain. Tell them your auth key (you should have this), tell them the IP address you regularly log onto, etc and there should be no problems. If you find this such a hassle, stop being selfish.

zwei2stein · Dec 22, 2009, 04:43 PM // 16:43

Quote:

Originally Posted by MagmaRed

If you are randomly assigning names then it isn't something you care much about anyway.

Really?

People who create characters they do not ever intent to play should care about those names? This is day 1 when those names are actually important, and not only importnat, but key to account.

Before that they were helpfull label at best. Not important, not supposed to be important, not even worth consideration.

I have a lot of sympathy for people who like game/are dedicated to it enough that they bought 4+ accounts just for storage. They should be also kind of important to devs, not locked out by unanounced update.

But I guess envy is strong thing, it must feel really good to go /ha-ha on someone who lost lots of work in eyeblink.

---

Update itself is good for security, but fankly, it got "Aneted": for update that can cut off your account access, it did not get communicated early enough. One week in advance could have fixed pretty much all compaints.

Hell, this deserved email one week in advance for each registered player. "Dude, if you want to play GW in future, make sure you remember your character name. PS: log in, it is fun.", Changing log-in method is kind of big deal.

Quote:

Originally Posted by Arkantos

Because it's generally useful to know what your characters name is. If the account is stolen, knowing character name(s) on the account is a viable way of getting it back (I know because it's helped me). You remember a characters name for the same reason you keep your auth key - security reasons.

What ANet did just saved hundreds if not thousands of accounts being stolen. That's a huge step in the right direction. If you don't know your character names, contact ANet and explain. Tell them your auth key (you should have this), tell them the IP address you regularly log onto, etc and there should be no problems. If you find this such a hassle, stop being selfish.

1) CD keys (and proper filled out user information) is more that enough to reasser account control.

2) Main hack wave is over. You have point, of course, this is going to make it harder to hack in furute. But guess what? Heads-up would not make it less secure, andwould actually help (not to mention assuring people something is being done)

3) Assume less, it make ass of you and me. I am actually able to remember character names, lock out is not my problem ...

joshuarodger · Dec 22, 2009, 04:46 PM // 16:46

Quote:

Originally Posted by MagmaRed

I find it sad that people can't remember a character name. I have little sympathy for that. If you are randomly assigning names then it isn't something you care much about anyway. It isn't hard to create storage characters with simple names that are easy to remember.

Although not the best solution, it is a working one, and will do as Ark mentioned. Glad they have stepped up to stop part of the problems while still working on the others.

meh, i have 5 different accounts, 4 of which are primarily storage. the name of a character on accounts i almost never play unless i'm moving something around in storage or picking up a gift from Nick, "isn't something i care much about" at all. i never had a reason to care since i probably have a grand total of 10 hours played, combined, on 3 of those accounts. this also still doesn't help with keyloggers at all. while it is a step, it's still not a very good step.

isildorbiafra · Dec 22, 2009, 04:53 PM // 16:53

Quote:

Originally Posted by Tom Swift

Hopefully this will help avoid account steeling

Ah....

But............

If a hacker does some how manage to get past this the player is in for a much much larger loss than before.

Previously, if someone stole your account all you had to do was ask for a password change to be sent to your email, log in, and take the account back. (at least for a non NC master account linked one - I've never linked mine so I don't know I it works the same way or not) Anyway, if discovered in time and done quickly enough, the player could prevent some theft and save some valuables. Plus, there was no particular reason for the thief to take the time to delete the characters themselves.

Now, however, if the thief does manage to get into your account, they can prevent you from taking it back by deleting all the characters and creating one of their own. Since you no longer know the names of any of the characters, you will not be able to log in and, since you will not be able to log in, your old password will still work on the account ("Please note that your old password will remain valid until you login with your new password." from the change password email sent by ANet). This means, until you go all the way through support, the thief has all the leisure they want to log in and out of your account and to do whatever they want with your account.

I don't know if thieves would actually do this, since the point of many is to take stuff rather than to steal the account itself. But I can't help feeling a bit uneasy about the fact that if the prevention does not work, there is no way to limit damages.

Easy Peasy. Just email support and include a picture of your account key card and your set. Hackers dont have those.

And regardring to what hackers would do? I read on an Aion Forum that hackers not only stole the accounts. They even went so far as to use the accounts for botting. So afther the owner retrieved the account they still got banned for botting; and had to submit another ticket with support to get the ban lifted.

Riot Narita · Dec 22, 2009, 04:54 PM // 16:54

Quote:

Originally Posted by zwei2stein

But I guess envy is strong thing, it must feel really good to go /ha-ha on someone who lost lots of work in eyeblink.

They haven't lost their work, unless... in addition to not knowing any character names at all, they ALSO cannot provide any proof of account ownership to support (the info Arkantos listed)

Quote:

Originally Posted by zwei2stein

Heads-up would not make it less secure, andwould actually help (not to mention assuring people something is being done)

No, a warning would not have made it less secure, however... imagine they had the change ready to go, but they delayed putting it out for say, 1 week for people to note down their character names. Then imagine you got hacked during that week... bad enough to lose your stuff, but then to find out that A-Net could have prevented it? But they didn't because a few people might not know their character names? People that only need to contact support to get everything back, while you contact support and get an empty account to stare at?

It wasn't perfect, but I really think they did The Right Thing.

Quote:

Originally Posted by joshuarodger

this also still doesn't help with keyloggers at all. while it is a step, it's still not a very good step.

True. But at least I am able to do stuff to try and protect myself against keyloggers.

Everyone with an NCsoft master account was dependant on NCsoft's rubbish security, and were vulnerable to an attack that they could do nothing to prevent. GW's security question helps enormously against that vulnerability. "Not a very good step"? I'd call it an extremely good step.

samberum · Dec 22, 2009, 05:01 PM // 17:01

Hats off to Anet and a job well done!

There finally acted to a panicked player base, the the reason for worry was legit.

Easily remembered my character name and entered the login screen without a hitch.

Arkantos · Dec 22, 2009, 05:02 PM // 17:02

Quote:

1) CD keys (and proper filled out user information) is more that enough to reasser account control.

2) Main hack wave is over. You have point, of course, this is going to make it harder to hack in furute. But guess what? Heads-up would not make it less secure, andwould actually help (not to mention assuring people something is being done)

I agree, but shit happens and you lose stuff like CD keys. You're right, before this there was no reason to have to remember character names, but on the other hand, there was never really no reason to not remember them. Again, I completely agree, a heads up would have been a much better approach, but they didn't give us one. I don't know why, but it seemed like they weren't allowed to inform us before for some odd reason.

Quote:

this also still doesn't help with keyloggers at all. while it is a step, it's still not a very good step.

It helps with keyloggers if you have your character name saved prior to being infected (which is going to prevent many, many stolen accounts). Not a very good step? Only for people who don't remember their character names, who should still be able to access their account if they contact support. For everyone else, it's a step that's going to work.

**cosyfiep** · Dec 22, 2009, 06:08 PM // 18:08

right after I create a character I take a screenshot---with the ui so I have a record of that character (even if I deleted it later).
At certain times I have also taken screenshots of all of my characters at the log in screen ...mules et.al.
I also added my mules to my friends list so I at least know one name for each of those (not to mention I did spend a considerable amount of time coming up with the names, sorry).
So now to log in I have to enter a password and character name, no biggie....a simple solution that I hope will help out.....though would still wish to de-link my account from the master account!

so this update gets a 7.5...good idea, but a small warning would have been nice (30min would have been sufficient I believe for most ----and just 'we are going to have an emergency outage repair' would have been enough to tell people).

a step in the right direction

Pandora's box · Dec 22, 2009, 06:14 PM // 18:14

Quote:

Originally Posted by MagmaRed

I find it sad that people can't remember a character name. I have little sympathy for that. .

Some people use the same names in every game, others try to create new ones. I play many games every year. Just started Dragon Age. But now you menation it: I really cannot recall the name of that chr. lol! Same for my old Neverwinter night chr's. The only names I remember are the ones I use more frequently in games. What about players who come back after months? Fortunately our Guild has an option to ask questions on a website. But what to do if someone asks for a chr. name, claiming he/she forgot it? This 'solution' has a lot of consequenses!

Anduin · Dec 22, 2009, 06:25 PM // 18:25

I am using my brother's old account. I don't have access to the email, no idea what the code was that came with his copy, and even though I use the correct password and character name, it still won't let me in.

They won't respond to my tickets either.

Tom Swift · Dec 22, 2009, 06:26 PM // 18:26

Quote:

Originally Posted by isildorbiafra

Easy Peasy. Just email support and include a picture of your account key card and your set. Hackers dont have those.

Sure - after waiting several hours to several days for ANet to get around to your support ticket.

Before this you could reset password then log on, kicking the hacker off, and taking back your account immediately.

That is my concern - that if the hacker deletes your characters you can no longer log on to activate the new password. You have to wait for support to get around to you.

Of course, I hope there are other security measures in place.

But the best by far would be to be the option to make characters undeletable, ensuring that no matter what happens you favorite characters will survive and you will at least retain access to the account.

headlesshobbs · Dec 22, 2009, 06:31 PM // 18:31

Quote:

Originally Posted by Tom Swift

That is my concern - that if the hacker deletes your characters you can no longer log on to activate the new password. You have to wait for support to get around to you.

Of course if the hacker deletes ALL of your characters, while tragic at least you can just leave the character slot blank.

Regina Buenaobra · Dec 22, 2009, 06:53 PM // 18:53

Quote:

Originally Posted by Chaosx1

I really wouldn't mind if they gave you a heads up that this update was going to happen, therefore people would know up ahead to remember their character names.

If we have given players advance warning that this security update would be implemented, and when it would be implemented, the hackers would have been given advanced warning, too. Players would have been prepared, would have been able to check all their accounts, but don't forget---the hackers would have been forewarned as well.

headlesshobbs · Dec 22, 2009, 07:01 PM // 19:01

You have to remember that whatever info is shared with the public can also be shared between criminals, terrorists, and of course HACKERS.

Nobody is under obligation for releasing sensitive info to anyone. What I feel is that anet took the steps which were necessary for keeping our security protected. As long as our accounts stay safe, the negatives have no impact.

joshuarodger · Dec 22, 2009, 07:06 PM // 19:06

Quote:

Originally Posted by Arkantos

It helps with keyloggers if you have your character name saved prior to being infected (which is going to prevent many, many stolen accounts). Not a very good step? Only for people who don't remember their character names, who should still be able to access their account if they contact support. For everyone else, it's a step that's going to work.

you're probably right actually. ouch, saying that kind of hurt a little. keyloggers aren't Anet's responsibility in the first place. this is a pretty decent step in the right direction. i would still prefer a password protected storage access option but this is a decent option for now. much better than it was yesterday, at any rate. guess it's time to go through all my posts in ventari's and edit out my ign, then start just pm'ing it through guru.

Fay Vert · Dec 22, 2009, 07:40 PM // 19:40

Quote:

Originally Posted by Regina Buenaobra

If we have given players advance warning that this security update would be implemented, and when it would be implemented, the hackers would have been given advanced warning, too. Players would have been prepared, would have been able to check all their accounts, but don't forget---the hackers would have been forewarned as well.

And just how would forewarning them help them?

While it has tightented up security a bit, it has inconvenienced many players, and what is worse, hackers now have a very good reason to delete your GWAMM characters.

Way to go FailNet.

(hope you like the bold bits)

Regina Buenaobra · Dec 22, 2009, 07:44 PM // 19:44

Quote:

Originally Posted by Fay Vert

And just how would forewarning them help them?

While it has tightented up security a bit, it has inconvenienced many players, and what is worse, hackers now have a very good reason to delete your GWAMM characters.

Because you don't have any data or detailed information about the exact nature of the attacks, it's perfectly understandable that it's difficult to grasp how this helps players. However, if you take a look at the login screen, on the right side, there is text in red letters that will shed light on this issue for you.

Aleta · Dec 22, 2009, 07:47 PM // 19:47

Quote:

Originally Posted by Regina Buenaobra

If we have given players advance warning that this security update would be implemented, and when it would be implemented, the hackers would have been given advanced warning, too. Players would have been prepared, would have been able to check all their accounts, but don't forget---the hackers would have been forewarned as well.

Good point

and while I do still have some deep seated anger at my main account being hacked, I will also say thank you that steps are being taken