View Single Post

JPryde's Avatar

03.05.2013 , 10:58 AM | #29
Quote: Originally Posted by WahineKoa View Post
[...]NOW, when you only login with your "username" these trojans wont get any vital information from you, meaning the possibility of hostile takeover of your swtor account is decreased significantly.
Granted, for people, who are unable to keep their own space at least somewhat secure, it might actually be an improvement, but answer me this...

Is the login process acepting unlimited false entries ?

Option A: it does.
Result: The possibility of a brute force hacking attempt to my account incresed by a magnitude. So far a potential hacker had to brute force my mail-addy and the password and get both right at the same time... you do not get info, if the username or the password was wrong, you only get info, that something was wrong. Also you would be unable to specifically target me, as you cannot know, which login my chars have. In the future, you will have my login already and "only" need to brute force my password.

Option B: it does not allow unlimited false entries...
Result: After X false attempts, the account is automatically suspended for security reasons.
Further result: Everyone who dislikes a posting I did can take my screen name and try to login on my account... do this 20x false and my account is automatically suspended... Of course, my security is not compromised in this scenario, but I got the hassle with getting my account back to working properly.

So while I do understand more than a bit of security issues, I do not see, how this change increases my security.
~~~ Macht Wächter ~~~
Jhoira, Skarjis, Trântor, Ric-Xano, Sabri-torina, Tir-za, Shaina ...
We do not brake for Wookiees !