OHHH JOY i can just see it now. Joe shmuckatelly gets upset with joe smoe's post then well hey since he / she already has 50% of his or hers log on then let the fun begin for their hack on them for revenge. There are alot of smart folks that play this game and giving them half of a logon is just silly.

 

At any rate it will force people to either not use the forums or delete all the past posts to avoid any credit farmers from phishing the forums for easy pickings. why not they now have HALF the logon.

 

so since we cant or are shuned from using another service they provide due to lack of security is there any other surprises down the road? was there really that many hacked accounts to warrent such a change?

Is anyone really surprised at this? This is BioWare we're talking about here. Bioware!

Isn't this something like what WoW did? And people are hacked over there daily. I don't understand these peoples thinking.

I tried many times to buy an authentication key without luck. I even asked in the customer service forums for another site or somewhere where I could buy one being I couldn't on the website they have. I got nowhere. I finally I gave up.

Now they've come up with an idea more ridiculous then WoW's. I doubt they'll change it even though no one is happy. They always do what they want regardless of the players. Everyone should know this.

Honestly, it has gotten to where this company at times just infuriates the hell out of me for their actions and/or inactions. I wish it wasn't like this as I like the game and wanted it so badly to succeed.

Is anyone really surprised at this? This is BioWare we're talking about here. Bioware!

 

Isn't this something like what WoW did? And people are hacked over there daily. I don't understand these peoples thinking.

 

I tried many times to buy an authentication key without luck. I even asked in the customer service forums for another site or somewhere where I could buy one being I couldn't on the website they have. I got nowhere. I finally I gave up.

 

Now they've come up with an idea more ridiculous then WoW's. I doubt they'll change it even though no one is happy. They always do what they want regardless of the players. Everyone should know this.

You've been able to log in with your display name for months now. Yet you're not hearing about rampant account hacking in SWTOR are you?

You've been able to log in with your display name for months now. Yet you're not hearing about rampant account hacking in SWTOR are you?

Isn't this not implemented yet? I use my password unlike their idea.

As for the hacking, I haven't checked nor did I say accounts here are hacked.

Isn't this not implemented yet? I use my password unlike their idea.

 

As for the hacking, I haven't checked nor did I say accounts here are hacked.

Been implemented for a while now.

^ your rants above are crazy conspiracy crap.

Been implemented for a while now.

 

^ your rants above are crazy conspiracy crap.

Edit*

Let me get this straight, your display name is the one you have here in the forums, right?

If it is, they want only this to log in which is something you don't use now, without passwords or anything else, right?

Now, I could be mistaken but I believe this is the way it and the way they wanted to be. If I'm wrong, then I apologize, if I'm not then .....

And you're telling me, me, that I been using my display name for a long time now. Really? And pray-tell, how and when have I used my display name to log in?

 

You don't know what you're talking about.

 

You seeking a job as a moderator or something? They not hiring.

I think you misunderstood. He meant that you (or a hacker) could have use your display name to log in for months. Right now both display name and email address are valid log in terms.

I think you misunderstood. He meant that you (or a hacker) could have use your display name to log in for months. Right now both display name and email address are valid log in terms.

Then if that was his intent, then I apologize but I didn't read it that way.

Many thanks for your input.

And you're telling me, me, that I been using my display name for a long time now. Really? And pray-tell, how and when have I used my display name to log in?

 

You don't know what you're talking about.

 

You seeking a job as a moderator or something? They not hiring.

you have been able to sign in with both email and display name for a while now. Everyone, not just you. Go try it. We'll wait.

It's all the back end systems and protections that phillip manages that are why there are not rampant account hacks. All they are trying to do is move to something that allows for more self service options to fix when you have problems and more options to better secure things on the back end. Self service means less calls to support, less time wasted, less unhappy people being on hold for a long time. The changes don't lower security in any way.

I'm not angling for a job, I already have one, I work in security. I test systems, design systems and break into systems every week and I am just tired of seeing the same irrelevant arguments over and over.

OK, I get it.

I get it that using our display name isn't any *less* secure than using our e-mail to login. (Though I still don't buy the assertion that it actually *increases* security in any way, either, since the login name is immaterial in terms of security, as many of you have pointed out.)

The main problem here is perception - rightly or wrongly, people *feel* that world + dog suddenly knowing half their login info makes their accounts less secure. And, after being told over and over and over again to NEVER, EVER GIVE OUT YOUR LOGIN INFO, BW goes and gives half of it to said world + dog. Little wonder that people are upset. o.O

I can accept their argument for de-coupling our email from our login, it seems reasonable.

But it would seem the discussion must have gone something like this:

"We want to de-couple e-mail from login."

"Great idea! Let's have people create a new, secret login name that no one but them and us will know."

"Nah, that's too much work and expense, plus they'll all ***** about having to do it. Let's just make them use their display names, since we already have that ability in place."

"Yeah, you're right! They won't object to that."

Did it even occur to BW, what a s***storm this would generate?

Or did it occur to them and they just went with their usual **** 'em?

Anyhow, thanks to Phillip for doing his best to both explain it and put the best spin on it.

Please be aware that beginning on April 2, 2013, logging in to the game or website will require your Display Name. Email addresses will no longer be accepted; your Display Name will be the only accepted option.

 

Read More

is this a joke?

How does that improve security, no one knows, my e-mail im using, and every one can see my forum user name.

i guess EAware, wants me to end my sub.

is this a joke?

 

How does that improve security, no one knows, my e-mail im using, and every one can see my forum user name.

 

i guess EAware, wants me to end my sub.

The joke is that there are 43 pages of replies to this thread, along with 4 detailed dev posts, and you read none of them beyond the first one. It has been explained many times.

The joke is that there are 43 pages of replies to this thread, along with 4 detailed dev posts, and you read none of them beyond the first one. It has been explained many times.

so you say i should had read the 43 pages, before posting?

No, i should not since i dont know you, and your opinion is not valid.

OK, I get it.

 

I get it that using our display name isn't any *less* secure than using our e-mail to login. (Though I still don't buy the assertion that it actually *increases* security in any way, either, since the login name is immaterial in terms of security, as many of you have pointed out.)

 

The main problem here is perception - rightly or wrongly, people *feel* that world + dog suddenly knowing half their login info makes their accounts less secure. And, after being told over and over and over again to NEVER, EVER GIVE OUT YOUR LOGIN INFO, BW goes and gives half of it to said world + dog. Little wonder that people are upset. o.O

 

I can accept their argument for de-coupling our email from our login, it seems reasonable.

 

But it would seem the discussion must have gone something like this:

 

"We want to de-couple e-mail from login."

 

"Great idea! Let's have people create a new, secret login name that no one but them and us will know."

 

"Nah, that's too much work and expense, plus they'll all ***** about having to do it. Let's just make them use their display names, since we already have that ability in place."

 

"Yeah, you're right! They won't object to that."

 

Did it even occur to BW, what a s***storm this would generate?

 

Or did it occur to them and they just went with their usual **** 'em?

 

Anyhow, thanks to Phillip for doing his best to both explain it and put the best spin on it.

It increases security because the number one way people's accounts get compromised it due to email/password combos stolen from other, less secure, sites. This is basically what happens:

Hacker breaks into Company A server. Finds their email/password log in information for all their users.

This list is distributed/sold in underground channels where it is added to a master list.

The master list is used to go to a game website, like SWTOR, and try every email/password combination. This isn't brute forcing a single account, it's trying all of them once. Because many people use the same password for multiple websites, they go through thousands of combinations until they get hits. So now they have someone's password.

Of course they still can't log in, but since people are also dumb enough to use the same passwords for their email, they now have access to that too and they can do more malicious stuff.

By eliminating email as a login, you eliminate this entire method of account hijacking.

Additionally it now allows them to add extra security measures which may require you accessing your email. This is how Guild Wars 2 does it. "Hey, someone from China was trying to access your account. If this is you, click this link to unlock your account at this location". Now since a hacker no longer has any way of knowing which email is associated with your account, they have a MUCH harder time circumventing this security provision.\

As far as costs go, since they don't consider your username at all when designing their security, there is no reason to waste time and resources to implement a separate login name for everyone. Better to try to do what they're doing an explain why this is happening and correct people's misconceptions about your login name being know as being a bad thing.

so you say i should had read the 43 pages, before posting?

 

No, i should not since i dont know you, and your opinion is not valid.

Yes, having an understanding of the situation before posting is a wise idea, otherwise you look foolish. You may have at least wanted to read the dev posts in the thread where everything is explained clearly.

so you say i should had read the 43 pages, before posting?

 

No, i should not since i dont know you, and your opinion is not valid.

Maybe not read the 43 pages (I certainly didnt) but read the dev posts.

Is anyone really surprised at this? This is BioWare we're talking about here. Bioware!

And how many hacking reports have you seen from people playing Bioware games?

Isn't this something like what WoW did? And people are hacked over there daily. I don't understand these peoples thinking.

You use your email to log in to Battle.net.

I tried many times to buy an authentication key without luck. I even asked in the customer service forums for another site or somewhere where I could buy one being I couldn't on the website they have. I got nowhere. I finally I gave up.

http://www.swtor.com/info/security-key

Now they've come up with an idea more ridiculous then WoW's. I doubt they'll change it even though no one is happy. They always do what they want regardless of the players. Everyone should know this.

Try reading the very detailed responses in this thread from the head of their security, maybe.

Phillip and BW et al.

No worries, your work here is done. Thank you. You have provided the information and many who have taken the time to read your posts now understand. Others will never really take the time to get informed, have their own opinions based on their own biases, or frankly are just here to feed the machine.

You have my sympathies on April 2 as the machine will crank up again and regurgitate the same insipid conversation.

I don't understand how this help security. No one knows what email I use to log in. Everyone knows your 'Display Name'. Granted they need to know the security questions, but knowing each persons display name is one less barrier IMO.

i agree. no one knows my email. in fact i don't type it in anymore. anyone knows what my display name is. i really don't get how this improves the security of our accounts. this seems like a huge step backwards. WHERE? where does this explain that this is more secure? i do not want to waste time reading through all these emo posts. WHY? why does the first dev post not just explain how this improves things? cause i don't get it... and it really should be in the first post.

i agree. no one knows my email. in fact i don't type it in anymore. anyone knows what my display name is. i really don't get how this improves the security of our accounts. this seems like a huge step backwards. WHERE? where does this explain that this is more secure? i do not want to waste time reading through all these emo posts. WHY? why does the first dev post not just explain how this improves things? cause i don't get it... and it really should be in the first post.

Read all of the dev's posts in this thread.

I hate that I had to replace my comfortable with secure passwords now :mad:

Phillip and BW et al.

 

No worries, your work here is done. Thank you. You have provided the information and many who have taken the time to read your posts now understand. Others will never really take the time to get informed, have their own opinions based on their own biases, or frankly are just here to feed the machine.

 

You have my sympathies on April 2 as the machine will crank up again and regurgitate the same insipid conversation.

Totally agree with you Rafaman, apparently loads of people seems to post here without taking the time to read Mr. Phillip Holmes posts, I've done it and all my doubts and fears pretty much disapeared.

Maybe not read the 43 pages (I certainly didnt) but read the dev posts.

This is totally off-topic, but why do so many people leave the default post display at 10 per page? I can't deal with that many page refreshes; much rather scroll through a longer page. This post is on page 12 for me.

One last post from me to help show why this is a good thing, and I am going to use my own real world data for it.

Gamigogames was compromised last year, I had an account there, along with 8.2 million other people. They got my username, my email and my (weakly) hashed password. - http://massively.joystiq.com/2012/07/23/eight-million-gamigo-user-accounts-compromised/

The username is not the same as the one I use here, but the password is.

I happen to be using a unique password for that site (as I do for every site thanks to LastPass) but had I been using the same password in multiple locations, my account on SWTOR could have been at risk.

any place that uses my email, and that password (if it was the same) would have been at risk.

the places using a login name that is different? Safe.

This. This is why. That is as simple (and real world) as I can make it for you.

If you are interested in how i get notifications of when my information is compromised, how I secure my stuff (my day job is in security) send me a PM.

Hello,

any place that uses my email, and that password (if it was the same) would have been at risk.

the problem here however is not using the same account identifier, but using the same password. Using the same user credentials on multiple sites is convenient. However convenience is diametrically opposed to security.

Best regards,

- Iaitanto

Hello,

 

 

 

the problem here however is not using the same account identifier, but using the same password. Using the same user credentials on multiple sites is convenient. However convenience is diametrically opposed to security.

 

Best regards,

- Iaitanto

totally agree. Bioware can't control if you use the same password though, they can assume many people do and put in controls to reduce the impact of that risk.. They already do that. This change allows them to lower the number of times compromised creds could directly be used to attack an account, put in better detection's on the back end to detect unauthorized users and put in self help services.

in my book, win, win and win. Less chance of comp, better layered protections and a better customer experience.

Hacker breaks into ... By eliminating email as a login, you eliminate this entire method of account hijacking.

Thanks for explaining it so cogently. And while using the same email for multiple sites is ok, using the same password is a really bad practice, you won't get any argument from me there.

I would also point out that I have no objection at all to de-coupling email from login and I don't think I conveyed any objection to that.

But you totally side-stepped the question I raised about people's *perceptions* regarding account security.

While Phillip (and you and others) can talk til you're blue in the face about how these changes will improve security, people conditioned for years by being told to never, ever share their login info are going to resist hearing that message.

BW even tells us in one loading screen tool-tip to never share your info, yet they now turn around and give half of it away to world + dog. Simply saying "oh, sure, never, ever tell anyone your password but, meh, your login doesn't really matter" isn't terribly reassuring at first blush.

I'll be the first to admit that, however much EA falls short in almost ever other regard, security certainly seems top-notch.