View Single Post

Phillip_BW's Avatar

03.06.2013 , 05:18 PM | #303 Click here to go to the next staff post in this thread. Next  
Starting at page 21...

Quote: Originally Posted by Missandei View Post
So basically, now every retarded kiddie will be able to block any account just entering 10+ times the wrong password to the Display Name he can get from Forums?

Great job BioWare!
Easy answer here: No.
Even accomplished kiddies will not be able to block any account by just entering 10+ times the wrong password. They can't do that today either. The current system requires knowing the correct password (if they can get that far) to even attempt at being able to 'block' an account.

Quote: Originally Posted by Missandei View Post
Yes. And when your account is blocked due to the numerous failed hack attempts... guess what? You have to dial to the Bioware CS that already proved as a total bull..t..
Have you prepared to a 5hrs waiting on the line to just get reset your account to be allowed you to log in?
One of the key reasons we are making this change is to enable an implementaiton of a variety of self-service options where you will no longer have to call CS.

Quote: Originally Posted by Mallorik View Post
My forum name is not my email that can be hacked and used to retreive my password.
Not a question, but thank you for 'getting' one of the reasons we are making this change

Quote: Originally Posted by SeriouslyMike View Post
Oh, sure, how about people who still use such antiquated technology as e-mail clients that download and then delete your e-mails from the server? So even if someone hacks your e-mail account on one of 28 days of the month when Bioware doesn't send notifications that your account was billed or something, he still won't have anything. That and is it so hard to google your very public display name and connect it to an e-mail? Also, if your e-mail gets hacked, BioWare helpfully refers to you by display name in all personal messages like Cartel Coin purchase confirmations. So, if anything, it only makes it easier to target specific players.
Yeah, pretty much that. Other games do have that, so what's the problem here?
I totally agree that if your personal email is compromised that you will be vulnerable to many issues. I don't believe you that it is easy to google a Display Name and connect it to an email address. Even then, I don't believe its easy to find the password for that email account.

I'll stress again (and I know, I repeat myself a lot!) that protecting your personal email account is very important. Use a unique password, and if possible get a two-factor system such as Two-Step for GMail. I like GMail's solution.

Quote: Originally Posted by Terin View Post
Just curious, could this change have any impact on the game itself? For example, will my Display Name perhaps also eventually migrate into SWTOR itself? Or is this purely a change for the site?
This will affect how you authentication within the Launcher, and the Website. Nothing else will change in regard to using Display Name only for log in purposes.

Quote: Originally Posted by old_benn View Post
I haven't read the 15 pages since this was posted, so forgive me if this has already been pointed out.

I sincerely hope that this does not mean that I have to give BW my e-mail account password! I will *not* be doing so. It would be tragic to lose customers over something so stupid.
I really really do not want you to tell us your email account password. Please don't! :jawa_grin:

Quote: Originally Posted by bowlergirl View Post
You might not be able to answer this question...

Do you guys hire former hackers to attempt to hack the site and user information to make your security better? I have heard about companies outsourcing reformed hackers to help their businesses.
I've found most 'former hackers' aren't that good at real security testing. Most might get lucky a couple of times on a well known exploit, but for testing 'all the things'? Not in my experience. There is always the exception, but thus far I haven't come across anybody who purports to be a former hacker who has been somebody I would pay money to.
The answer to 'do you use internal and/or external security penetration testers to run security tests against your site and user information to make your security better' is: yes.

Quote: Originally Posted by Soul_of_Flames View Post
Display name "ONLY" log in. Does this mean they are removing security keys?
No - we are not removing Security Keys.

Heh, I should have read through the rest of the posts before thinking I needed to answer lots of new questions! I'm up to page 31 now, so if there are more questions I'll post when I can, until then I leave you with a wookie wearing sunglasses!

Phillip Holmes
SWTOR Head of Security