Curse

Kanyatta · Jan 17, 2008, 11:10 PM // 23:10

Quote:

Originally Posted by Meo Yeong

wasn't only a few months ago where people claimed that when they purchased eotn online that they got hacked?

I don't buy games online, heck, I hardly buy anything online, having money floating around in the interwebz just doesn't make me feel secure, and most things you buy online, maybe a few dollars cheaper, but you'll save by going to Best Buy, because you don't have to pay any shipping or processing fees.

Even though I don't do online transactions often, I would guess having a storage code wouldn't cause them to not delete all of your PvE characters, which would be a much bigger loss than your stuff in storage (unless you're super rich and have like, 300k+)

Basically, it would be useful to the small percentage of players that aren't secure with their personal information, or the people that trust the Internet is completely safe and secure.

Vlatro · Jan 18, 2008, 03:47 AM // 03:47

First off, NO ONE has been hacked. Period. People misuse the term. To be hacked implies that there is some way (unknown to everyone else) to bypass the security of a password. The only problem is, if such a workaround did exist, someone would spread the word and it would be discovered on a "Hack" site. Even if they did not, AreaNet would see one IP and/or one MAC address accessing many accounts, and the "Hacker" would be promptly shut down.

People who claim to have been hacked are either lying, or more likely did something stupid to initiate the breakdown in security. People who use bots for instance are at risk since the bot could load a keylogger and send it back to the author. This is why the "No 3rd party apps" warning is on the login screen, for your protection.

Another common way people steal from accounts is by stealing passwords saved in the shortcut. If you have it auto-login with the -password=XXXXX command line parameter, anyone who has access to your PC can view it. Don't save your password if other people in your house, dorm room, office etc can't be trusted.

Weak passwords are common. Use upper and lower case, numbers, letters and symbols, always 15 character+ in count when ever you are able to.

Don't use the same password for multiple logins. If you register on your guild's website with the same email address and password as you used to set up your account, the admin can see all that info. In many cases even forum moderators have access to that. Different passwords are needed for different applications, never use the same one over and over.

Don't share accounts with friends.

again

Don't share accounts with friends.

As of this moment, every alleged hack since GW left alpha has been initiated by an act of user stupidity. Areanet has gone out of their way to warn people about these things. There is simply no code they could write into the game that'll give the user common sense.

That being said, I do support the idea of a more robust security. We have been hack free for a long time, and I don't see any immediate danger under the current system, but more security is always better. There may be an unknown and unforeseen exploit that could compromise an account. The more measures in place against that, the less likely we'll have one.

I think a second password or PIN would be inconvenient and inefficient. I would start by putting in a better hash system, allowing more characters in the password (both quantity and type like "¿ æ â » ½" etc.) I would offer an option to "authenticate" the computer via MAC address or Processor ID, linking your computer to your account. If you get a new computer, you login to the website and reassign it. That would have to be an opt-in thing as many people would never think about it and flood tech support, but at least the option would be there for those of us who choose to use it.

pamelf · Jan 18, 2008, 06:43 AM // 06:43

oh wow, i cannot imagine anything more annoying. Totally /notsigned.

Meo Yeong · Jan 18, 2008, 04:48 PM // 16:48

There was multiple people that had there accounts stripped of all there stuff and characters deleted in which one of them I know happend to and they don't use bots and are pretty computer savy so to say no one was hacked is bs.

Being I myself am a network admin (ccna qualified) if someone wants to seriously hack then they will try and may even do so. I am quite aware of such things as hash strings and such and even on my home setup I am running ppp with chap so people can't snif the lines but that only covers my end.

To say that anet is fullproof and that it is totally put on the customer is also bs. Not all users are as profecient as some of us and keyloggers just don't come from bot/macro programs but other ways too.

Now onto the home routers people use. These are not real routers and they don't contain half the security of a real router. These home routers are actually gateway switches and they do secure to point but they don't have the security of a real router. I would tell anyone to look at their gateway switch logs and and I bet you will see multiple ip's port scanning you. This is an every day occurence on all networks.

Also I would like to point out being that I have worked for both a canadian and an American DSL company (teletech doing verizon dsl tech support) half the time there is users that have the routers but because they can't get them setup don't use them. You talk to a verizon or bell Canada rep and if there is any issues on the line they will tell the users to remove the routers. I can't even begin to count how many users dont have a router or even a software firewall on their system. A lot of users think that an antivirus system is more then enough.

Regardless even with all that security hackers can get in regardless if they are using a trojan (horse) being a program to hide their keyloggers or other methods.

There is also other threads pertaing to people claiming they got hacked and Gaile in that developers update said that the client got hacked for that mallyx trick.

Nothing is full proof as you think just because you got a fancy password and a cheap gateway switch lol.

Liselle Morrow · Jan 18, 2008, 06:00 PM // 18:00

The one thing I don't understand is why a password for storage? If my account got hacked, what's in my storage vault would just about be the last thing I'd worry about. The real value is in a shitload characters, which I worked too hard on to see some little hacker punk delete them.

If they're going to set up a second line of defense it also makes no sense to make it another selected-by-the-user password. So far most cases of hacking seem to be just a result of ignorance and negligence on the part of user. Like already said a million times before, a security system doesn't and shouldn't cover stupid behaviour on the part of the user. If you really want to secure your product, the only way is by forcefully reeducating the user on how to properly secure his own computer and I don't see that happening anytime soon...

Meo Yeong · Jan 18, 2008, 08:38 PM // 20:38

Quote:

Originally Posted by Liselle Morrow

The one thing I don't understand is why a password for storage? If my account got hacked, what's in my storage vault would just about be the last thing I'd worry about. The real value is in a shitload characters, which I worked too hard on to see some little hacker punk delete them.

Maybe your worth is on your characters but there is people like myself that have way more worth inside our storages then across all of our characters.

ecto, gems, weapon collections, some pets come to mind

MisterB · Jan 18, 2008, 08:48 PM // 20:48

Quote:

Originally Posted by Curse You

*looks at sticky in Sardelac Sanitarium*

We have a candidate for closure!

This post wins.
http://www.guildwarsguru.com/forum/s...php?t=10214062
Close, please.

TheLichMonky · Jan 18, 2008, 10:12 PM // 22:12

Quote:

Originally Posted by stretchs

OR, you could just be sure your computer is secure and you have a good password so that getting into your account isn't an issue

Why cant your computer and storage be safe? I think its a wonderful idea