 |
|
Apr 21, 2011, 02:27 PM // 14:27
|
#1 |
|
Desert Nomad
Join Date: Jan 2008
Profession: Mo/
|
Suggestion: Email alert your account is possible under attack
We all know a lot of accounts have been hacked, and the best protection you can do is to have a strong password that you don't use anywhere else.
Problem: Now if your account ever were hacked, hackers will always know your email address (can't change it), and your characters (I doubt you delete them all and create new) Now all they have to do is figure out your password, and that probably can be done with some clever botting, which puts even higher demand on creating a really strong password. But brute forcing a password like this would still take time, maybe days or weeks, wouldn't you like to know if someone is attempting hundreds of password combination on your account? Solution #1: If there's enough failed password attempts on your account, maybe 10 or more, send an email to the last registered email saying "There has been 1224 failed login attempts on your account, it's possible your account is under attack. We encourage you to change to a strong password and change it regulary." Solution #2: Allow us to change our email addresses for our guild wars accounts. Although this suggestion have been mentioned dozen of times, I hope it's repeatedly suggested because this is incredible important for our account security. Once again, please allow us to change our guild wars login email address. ---- Please, I don't want to see trolls posting things like "it's your fault, you should have had a stronger password", "don't share your account", etc. Personally I do that already, and secondly how would you know what I do with my account? I ask that replies are constructive in their nature, all we want is a more secure accounts. |
|
|
|
Apr 21, 2011, 03:24 PM // 15:24
|
#2 |
|
Ascalonian Squire
Join Date: Oct 2009
Guild: Jade Reapers [JD]
Profession: W/
|
Hmm I like the idea for the first solution.
As for the second one, I think it can work both ways: It would make the account safer, but in the event that a hacker does manage to get a hold of the new login information, that person would be able to change the email and the victim would lose their account  This could probably be solved if any changes required email confirmation, and I think at the moment, passwords can be changed from the NCSoft master account without email confirmation?Another idea which I liked, can't remember who suggested it, was the idea of some sort of "key" file that is unique to each player (generated by the game, can't remember the details xd)that they would need to have on their computer to be able to log into their account. Maybe a bad idea, but I definitely agree to having more secure accounts since my friend was also hacked recently and yeah he pretty much lost everything
|
|
|
|
|
Apr 21, 2011, 03:29 PM // 15:29
|
#3 |
|
Desert Nomad
Join Date: Jan 2008
Profession: Mo/
|
I doubt we would see any changes to GW1 though but it never hurts to try and to voice our opinions. GW2 will at least have stronger account security according to Anet (details unknown).
|
|
|
|
|
Apr 21, 2011, 04:32 PM // 16:32
|
#4 |
|
Desert Nomad
Join Date: Aug 2007
Location: Boston
Guild: We D Shot Your Stances [GODS]
Profession: A/W
|
Solution #1 is nice. Also, maybe after the 10 attempts, you have to wait awhile before you can try more.
|
|
|
|
|
Apr 21, 2011, 05:41 PM // 17:41
|
#5 |
|
Krytan Explorer
Join Date: May 2009
|
Imo you should be able to create one alias for your email adress, like [email protected] or @gw or whatever. If you can create and change that one by answering your security questions or by emailing support, it would suffice - imo. Also, instead of emailing you the number of failed attempts, it should show you from where you tried to login the last time regardless of a failed or successful attempt.
Then if something smells funny, contact support. |
|
|
|
|
Apr 21, 2011, 05:57 PM // 17:57
|
#6 | |
|
Academy Page
Join Date: Feb 2011
Profession: N/Rt
|
Quote:
|
|
|
|
|
|
Apr 21, 2011, 06:00 PM // 18:00
|
#7 |
|
Desert Nomad
Join Date: Jan 2008
Profession: Mo/
|
Personally I think it should only lock temporary for 10 minutes after 10 attempts, as well as send an email. Or at least like some other games I've seen, once you successfully login it will tell you "There has been 36753 failed login attempt since your last time. No panic."
|
|
|
|
|
Apr 21, 2011, 07:52 PM // 19:52
|
#8 |
|
Academy Page
Join Date: Apr 2011
Guild: Shadow Cats [Cats]
Profession: Mo/Me
|
Problem:
Now if your account ever were hacked, hackers will always know your email address (can't change it), and your characters (I doubt you delete them all and create new) You can change your account name they are currently in the process of trying to do that for me although you have to jump through a lot of security protocol. |
|
|
|
|
Apr 21, 2011, 09:27 PM // 21:27
|
#9 |
|
Forge Runner
Join Date: Dec 2005
Guild: Super Fans Of Gaile [ban]
Profession: W/
|
Brute force isn't the only way they get account information. It almost certainly one of the least likely ways for them to hack an account.
|
|
|
|
|
Apr 21, 2011, 10:33 PM // 22:33
|
#10 |
|
Wilds Pathfinder
Join Date: Jul 2008
Profession: Rt/
|
As Reverend Dr said Bruteforcing is highly unlikely. More likely it'd be through keylogging, RAT'ing or simply iStealer. All 3 of those would give them your password and wouldnt require any amount of "password attempts". The best way to be secure is have the account email be used only for guildwars and have your password be unique. As far as im concerned hacking a guildwars account is no longer even worth attempting. The game isnt alive and the items on the accounts left arent valuable to anyone. You should feel safe knowing no one has any need for your account nor a want.
|
|
|
|
|
Apr 21, 2011, 10:58 PM // 22:58
|
#11 |
|
Desert Nomad
Join Date: Jan 2008
Profession: Mo/
|
It's certainly one of the ways to get into your account, or the whole "strong password" mantra is moot. If going by last 2 replies you could just as well use the password abc123 as long as it's on a unique email and not used elsewhere, nobody would bother except through possible keylogging.
I had my account hacked once, the email was unique and never used elsewhere, never shared account with others, had an up-to-date antivirus and most certainly not running a keylogger as I don't download junk and pirated software of the net. Now the password was the weaker link and could have been brute forced as part of it contained a mix of english words and numbers (and no it wasn't abc123). In anyway I certainly run a stronger password these days but it still leaves 2/3rd of my login information still available to previous account thieves as there's no reliable ways to change it. As password is certainly my only way of keeping it from getting hacked again, I wouldn't mind seeing if it was under attack again. Seeing posts people are still being hacked almost daily shows it's still very much a threat and saying hacking guildwars is no longer worth it is just plain ignorant. |
|
|
|
|
Apr 22, 2011, 12:50 AM // 00:50
|
#12 |
|
Forge Runner
Join Date: Sep 2010
Location: Somewhere far away from you
Guild: The Mirror of Reason[SNOW]
Profession: W/
|
NCsofts stance on account security is nothing short of horrid. I have seen people get hacked that I knew very well in real life and they would never give their account info to anyone and are way to smart to become the victim of a phisher. I agree a lot of people get their account stolen(not hacked) because they give out their info to total strangers but that is no reason to just say that's how everyone's account gets lifted. I have seen f2p games that have better security features that I would love in GWs like a password to get into your accounts storage, a virtual keyboard that you use to type your log in password and a lockout feature that suspends any activities on your account while you cant play. Hackers will get more and more desperate to get your account so they can make money through RMT and will find new and different ways to acquire your info.
|
|
|
|
|
Apr 22, 2011, 07:05 PM // 19:05
|
#13 |
|
Wilds Pathfinder
Join Date: Jul 2008
Profession: Rt/
|
Possible fixes:
1. Optional IP limiting. (Have the user be able to set their primary IP if they dont plan on moving around alot. Meaning only that IP can log into that account unless deactivated by the user. Which would of course have to be done at that IP as well.) 2. Hibernation. (If you know you wont be on for a few weeks have a hibernation timer. You can lock your account down to be unable to be accessed without a randomly generated code which is given to you upon hibernation.) 3. Refreshing password. (For some things i have my password perish once a month so that i have to create a new one. For some people this is too much of a hassle but so is getting hacked and starting over.) Hacking a guildwars account is worthless. Hacking a PlayNc is now worthless because you cant even get into the account unless you know what possible ign that email goes to. There is nothing left in this game of value to hackers but ego. It is FAR less likely that you are being hacked for anything you have rather than just being hacked because you were vulnerable. Stay safe campers. |
|
|
|
 |
|
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT. The time now is 04:05 AM // 04:05.
jQuery(document).ready(checkAds()); function checkAds(){if (document.getElementById('adsense')!=undefined){document.write("_gaq.push(['_trackEvent', 'Adblock', 'Unblocked', 'false',,true]);");}else{document.write("