Actually, Steam doesn't use your DisplayName, your Steam username and displayname are different. How do I know? Simple, the name I use to log in to steam is different than what shows on my profile, my login name is also not listed among the "this player has also played as" names... Just saying.

Yep and he covered that in a later post. You might want to read all of Phillips posts before replying. Goes for anyone.

This is crap! Should at least be optional if you use a security key...

Why?

We have been able to log in with our user name / display name since f2p went live - months ago.

In all those months, how many times have you heard of a SWTOR account being compromised?

In that same time, how many WoW accounts have been compromised?

The security team for this game clearly knows what they're doing.

How about making the physical security key available again to players out side of North America?

Odd how after all of this itme it's still listed as available and yet out of stock, when it's unavailability is all down to US/Canadian export laws which I find pretty ironic when its probably manufactured in China!

How about making the physical security key available again to players out side of North America?

 

Odd how after all of this itme it's still listed as available and yet out of stock, when it's unavailability is all down to US/Canadian export laws which I find pretty ironic when its probably manufactured in China!

Looked at the back of mine. Yep, made in China.

And why has BW unstickied this thread that should be up until the change in roughly 3 weeks? Ashamed?

How about making the physical security key available again to players out side of North America?

 

Odd how after all of this itme it's still listed as available and yet out of stock, when it's unavailability is all down to US/Canadian export laws which I find pretty ironic when its probably manufactured in China!

He addressed that in one of his posts....

Looked at the back of mine. Yep, made in China.

 

And why has BW unstickied this thread that should be up until the change in roughly 3 weeks? Ashamed?

What exactly does the SWTOR security team have to be ashamed of?

How many compromised accounts have there been?

I mean, I could see if this thing were leaking like a seive, sure, beat 'em up. But it's locked up tighter than "the big dog" and they're about to make it even more secure.

Seriously, where's the rationality in this thread?

What exactly does the SWTOR security team have to be ashamed of?

 

How many compromised accounts have there been?

 

I mean, I could see if this thing were leaking like a seive, sure, beat 'em up. But it's locked up tighter than "the big dog" and they're about to make it even more secure.

 

Seriously, where's the rationality in this thread?

Still you are not answering the actual question. Why unsticky news about how to log in to the game 3 weeks before it is the only way to log in?

Seriously, are all fanatics tactic only deflection?

Still you are not answering the actual question. Why unsticky news about how to log in to the game 3 weeks before it is the only way to log in?

 

Seriously, are all fanatics tactic only deflection?

Actually that's a good question. The answer may be related to the large number of sticky threads and the fact that this news has made the front page of the launcher.

That's a theory anyway. If the purpose of stickies is to convey information, well, the launcher frankly will do a better job of that for more people than a forum post can.

And we can, of course, keep discussing it and it will keep popping to the front page as we do.

But I assure you, my goal wasn't "deflection" but rather, "Let's look really closely at the reality of account security in SWTOR as it relates to the 'embarrassed' wise-crack."

If someone who left the game comes back after the change and never posted on the forums, they may have a hard time logging back in. I hope BW thought of that and has planned some way to recover Display Name option somewhere where it will send the display name to the e-mail on record.

I doubt they will have the link to the news in the launcher forever either.

If someone who left the game comes back after the change and never posted on the forums, they may have a hard time logging back in. I hope BW thought of that and has planned some way to recover Display Name option somewhere where it will send the display name to the e-mail on record.

 

I doubt they will have the link to the news in the launcher forever either.

They did send an email.

They did send an email.

Yep but some people use their "spam collector" e-mail address that they rarely check. /innocent look One reason I don't get too mad if a hacker gets my e-mail address from a game since only get spam from mailing lists there.

a silly useless change that makes things less secure in my opinion

Please do share with us your education, experience, and results in the field of network / account security.

a silly useless change that makes things less secure in my opinion

This has been addressed. Leave security to the professionals. But, thanks for sharing your opinion.

Has anyone from BW commented on the fact that our usernames are there for everyone to see on the forums, and whether accounts will be blocked for numerous failed attempts to log in with them?

That's the part of this that keeps bugging me.

Has anyone from BW commented on the fact that our usernames are there for everyone to see on the forums, and whether accounts will be blocked for numerous failed attempts to log in with them?

 

That's the part of this that keeps bugging me.

Yes, and if you can't be inconvenienced to read this thread for the (really good and informative) Phillip_BW posts answering exactly that question, you might try DevTracker: http://www.swtor.com/community/devtracker.php

Yes, and if you can't be inconvenienced to read this thread for the (really good and informative) Phillip_BW posts answering exactly that question, you might try DevTracker: http://www.swtor.com/community/devtracker.php

Thanks for that - It's not a case of being inconvenieced, btw - I was asking if anyone from BW had responded, not where. I'm not going to search through 40 pages on the off chance that there was a BW response.

For what it's worth, he says: I can't go in to more detail other than to say that you are missing a bunch of security controls we have in place that make both of your scenarios incorrect. Both scenarios were thought of (and dozens more) and mitigated by both our existing solution as well as the added measures we are putting in place.

So, no details then. Just a 'trust us'. Make of that what you will.

Thanks for that - It's not a case of being inconvenieced, btw - I was asking if anyone from BW had responded, not where. I'm not going to search through 40 pages on the off chance that there was a BW response.

 

For what it's worth, he says: I can't go in to more detail other than to say that you are missing a bunch of security controls we have in place that make both of your scenarios incorrect. Both scenarios were thought of (and dozens more) and mitigated by both our existing solution as well as the added measures we are putting in place.

 

So, no details then. Just a 'trust us'. Make of that what you will.

Err... plenty of details and more responses too. Just use the community search feature if you don't want to take a couple of minutes to peruse the thread.

Thanks for that - It's not a case of being inconvenieced, btw - I was asking if anyone from BW had responded, not where. I'm not going to search through 40 pages on the off chance that there was a BW response.

 

For what it's worth, he says: I can't go in to more detail other than to say that you are missing a bunch of security controls we have in place that make both of your scenarios incorrect. Both scenarios were thought of (and dozens more) and mitigated by both our existing solution as well as the added measures we are putting in place.

 

So, no details then. Just a 'trust us'. Make of that what you will.

He actually gives a decent amount of detail. He's not going to outline the blueprint because that would be stupid.

Three questions for you:

1) How many SWTOR accounts have been compromised since December 2011?

2) How many WoW accounts were compromised last week?

3) Based on that thought experiment, or statistics if you have them, what do you think of SWTOR security?

He actually gives a decent amount of detail.

 

"I can't go in to more detail "

 

Three questions for you:

 

1) How many SWTOR accounts have been compromised since December 2011?

2) How many WoW accounts were compromised last week?

3) Based on that thought experiment, or statistics if you have them, what do you think of SWTOR security?

1) Don't know

2) Don't care

3) Used to think it was good - now a bit sceptical.

What do you think of this response, and what it's saying about the background to all this?

We did look at using a secondary 'login only' display name, but sadly this would create more confusion and increase costs associated with support of the new system rather than decrease existing support costs.

1) Don't know

2) Don't care

3) Used to think it was good - now a bit sceptical.

 

 

What do you think of this response, and what it's saying about the background to all this?

 

We did look at using a secondary 'login only' display name, but sadly this would create more confusion and increase costs associated with support of the new system rather than decrease existing support costs.

If you had read all of Philip_BW's posts, you would understand that there are 3 types of information that can secure accounts:

1) Something you know

2) Something you have

3) Something you are

The user name is identification; not authentication. Even if you try to consider the user name as authentication, it and password are both in the first category. They'd be redundant.

If you can't see that SWTOR account security is THE standard in MMOs today, you're not trying very hard. SWTOR accounts don't get compromised. They don't get locked out because of someone else trying to compromise them. The security model is rock solid.

The guy that designed that stellar security system is now trying to improve its security while also improving self-servicability.

Your concern - that having the user name portion of authentication known - has been addressed at least twice by Phillip_BW posts in this thread. If you would like to disagree with him, I'm sure he'd welcome the discussion. But I expect you might be asked to present credentials and well-founded, robust arguments.

I don't have a problem with EA controlling development and support costs for this, especially if no real gain would be made in security as a result of the investment. I don't mind his response to that at all.

 

snip

 

.

No need to be so defensive. I asked a legitimate question, got the answer and remain sceptical. I see security being weakened, apparently on cost grounds.

You don't think so - good for you.

I'm not going to search through 40 pages on the off chance that there was a BW response.

You do not have to. You could simply scroll through devtracker and see only the BW responses and skip all the other people that have said exactly the same things you have and asked the same questions and made the same excuses for the redundant questions.

http://www.swtor.com/community/devtracker.php

No need to be so defensive. I asked a legitimate question, got the answer and remain sceptical. I see security being weakened, apparently on cost grounds.

 

You don't think so - good for you.

DarthTHC was not being defensive. He was actually going out of his way to help you by re-stating what has already been stated by BW multiple times, as well as by many other respondents to this thread.

You clearly did not bother to read all of what Phillip shared in his multiple long responses to the thread. OR, you simply refuse to believe what Phillip has stated with regard to concerns about it weakening security.

No need to be so defensive. I asked a legitimate question, got the answer and remain sceptical. I see security being weakened, apparently on cost grounds.

 

You don't think so - good for you.

Security is not being weakened though. I don't understand how you can say you've read Phillip_BW's posts in this thread and still think that.

Today - right now - I can log in using DarthTHC as the user name. We've all been able to log in with our forum names instead of our email addresses since f2p went live - months ago.

In all that time, we have never heard of even one SWTOR account being compromised. And we SWTOR players are vocal. We'd have heard if it happened.

The only place forcing user ID to be email address is more secure is in peoples' minds, which are powerful, but aren't always right.