Jump to content

Display Name Only Log In - Coming April 2, 2013


CourtneyWoods

Recommended Posts

  • Replies 531
  • Created
  • Last Reply

Top Posters In This Topic

On the flip side, our display names are very visible to US, here -- but we're all subscribers. While this could lead to personally-motivated hacking, I imagine the sheer volume of that pales in comparison to the sort of email address farming sketched out above.

 

Like i said, you can already log in by using forum names, so what you're describing can already be done.

Link to comment
Share on other sites

[...]NOW, when you only login with your "username" these trojans wont get any vital information from you, meaning the possibility of hostile takeover of your swtor account is decreased significantly.

Granted, for people, who are unable to keep their own space at least somewhat secure, it might actually be an improvement, but answer me this...

 

Is the login process acepting unlimited false entries ?

 

Option A: it does.

Result: The possibility of a brute force hacking attempt to my account incresed by a magnitude. So far a potential hacker had to brute force my mail-addy and the password and get both right at the same time... you do not get info, if the username or the password was wrong, you only get info, that something was wrong. Also you would be unable to specifically target me, as you cannot know, which login my chars have. In the future, you will have my login already and "only" need to brute force my password.

 

Option B: it does not allow unlimited false entries...

Result: After X false attempts, the account is automatically suspended for security reasons.

Further result: Everyone who dislikes a posting I did can take my screen name and try to login on my account... do this 20x false and my account is automatically suspended... Of course, my security is not compromised in this scenario, but I got the hassle with getting my account back to working properly.

 

So while I do understand more than a bit of security issues, I do not see, how this change increases my security.

Link to comment
Share on other sites

Okay everybody, you all know that Bioware does an April Fool's joke every year right? This is all this is. It take in effect April 2. The day before they will say it's a joke. Everybody please stop getting so worked up over this. Like many have said, if they did do this change then any one would already have half your login info. Again this is nothing but a joke.
Link to comment
Share on other sites

Is the login process acepting unlimited false entries ?

 

Option B: it does not allow unlimited false entries...

Result: After X false attempts, the account is automatically suspended for security reasons.

Further result: Everyone who dislikes a posting I did can take my screen name and try to login on my account... do this 20x false and my account is automatically suspended... Of course, my security is not compromised in this scenario, but I got the hassle with getting my account back to working properly.

This one. It will therefore asks for one of your "personnal questions" as an additional requirement, without saying if the entries you previously filled (ID & Password) are right or wrong.

 

If you have a security key, personnal questions won't be asked.

Edited by Altheran
Link to comment
Share on other sites

Okay everybody, you all know that Bioware does an April Fool's joke every year right? This is all this is. It take in effect April 2. The day before they will say it's a joke. Everybody please stop getting so worked up over this. Like many have said, if they did do this change then any one would already have half your login info. Again this is nothing but a joke.

You do not joke about security issues. Never !

Link to comment
Share on other sites

Ok, my friend replied back... here is what he said...

 

It is much easier for people to compile lists of possible usernames this way, which is a decrease in security. All ou have to do is bot the forums and have it collect usernames. That being said, brute force attackss on the server at this time are useless. so huge lists of usernames be they emails or forum name are not as useful as you think. The most successful attacks will be with bots that gather both Usernames and keywords from multiple sites. Such as on site A you use your username to login but on site "B" you still use than username but login with an email. It gives you multiple sites of attack, especially since site "b" might be a guild forum and less secure.

Link to comment
Share on other sites

STOP THIS!

 

I*D*I*O*T*S!

 

Everybody knows my login after 2. April. The E-Maili use for login is not known to everbody.

 

How stupid can a company be!?

 

More security? No, i*d*i*o*t*s, its less security!

 

I have absoluetly no hope for BioWare and its developers. They can't do even the simlest things right.

Link to comment
Share on other sites

Like i said, you can already log in by using forum names, so what you're describing can already be done.

Interesting -- was that true before today? The blog entry says "available now" or whatever, but the notice is that email login will -stop- as of April 2nd.

 

If it's always been available, then it isn't a decrease in security (because the option people are objecting to has been there). /ponder

Link to comment
Share on other sites

You do not joke about security issues. Never !

 

Well I hope you bunch resistant panties because this is a joke just wait till next month. If this was such a big thing to do they could just put it in effect tomorrow. There is no need to wait a month

Link to comment
Share on other sites

does that mean that if i sign in with that name, i play that specific character? if so what happens to all my other characters, do i have to sign them in by name too? seems like an aweful lot of remembering for people like me who have 12 characters. :confused:
Link to comment
Share on other sites

Well I hope you bunch resistant panties because this is a joke just wait till next month. If this was such a big thing to do they could just put it in effect tomorrow. There is no need to wait a month

 

The reason to wait a month is for those that don't go to the website often. Just like when Blizzard did the WoW and Battle-net merge, it was OPTIONAL for a month before it became mandatory.

 

If it is just a joke, then it's in very bad form because security issues are not a joking matter, and it's not April 1st. I've never seen an MMO website post their jokes a month ahead of time.

Link to comment
Share on other sites

It has probably already been said, but it bears repeating:

 

Security-wise that's fairly stupid!

 

Everyone can see my display name; far fewer people can see my email address, so that change takes one element of uncertainty out of the equation for brute-force attacks.

 

Effectively, after this change, it's become even more vital that people use the authenticator, since the password is otherwise the only thing that an attacker would have to guess! That password is then the only thing standing between them and credit card fraud!

 

Please reconsider this move, and please please PLEASE consider splitting everything related to actual payments into a separate account with different credentials, kind of like Mythic did it in WAR.

 

(edit) Yes, security questions blah blah blah, but if you answered those honestly, they're so ridiculously weak that they might as well not be there.

Edited by Laurreth
Link to comment
Share on other sites

Using email as a login is moronic, i have played mmos since everquest was in beta. Ive been hacked once and it was when wow changed their logins to emails. Ever since then ive always had to create a new and seperate email for games dumb enough to use email as your log in.
Link to comment
Share on other sites

Effectively, after this change, it's become even more vital that people use the authenticator, since the password is otherwise the only thing that an attacker would have to guess! That password is then the only thing standing between them and credit card fraud!

 

.

 

You know, I wonder if that's their intent? They want everyone to buy the authenticator? Granted, I use the mobile app that's free, but still.

Link to comment
Share on other sites

Using email as a login is moronic, i have played mmos since everquest was in beta. Ive been hacked once and it was when wow changed their logins to emails. Ever since then ive always had to create a new and seperate email for games dumb enough to use email as your log in.

 

Ok, and how is your forum name any different?

Link to comment
Share on other sites

Interesting -- was that true before today? The blog entry says "available now" or whatever, but the notice is that email login will -stop- as of April 2nd.

 

If it's always been available, then it isn't a decrease in security (because the option people are objecting to has been there). /ponder

 

I've been logging in by using my forum name for months now. It was avaliable since F2P, I believe.

Edited by Altheran
Link to comment
Share on other sites

does that mean that if i sign in with that name, i play that specific character? if so what happens to all my other characters, do i have to sign them in by name too? seems like an aweful lot of remembering for people like me who have 12 characters. :confused:

 

It refers to the 'Forum Handle' you gave your account. You won't have to login with character names.

Link to comment
Share on other sites

The issue is two-fold in terms of security.

 

If you were wise, used a unique e-mail address for origion which you used nowhere else, keep your PC clean of keyloggers and used a unique password. Then yes, this move is a step back in terms of security as one element of the login is being handed out to the world to see.

 

However! Most people who had this level of common sense, will probably also have an authenticator added to their account to top things off.

 

The average Joe however, fails to care for account security. They use the same email address here, as well as on dozens of other locations. Additionally, different passwords are also unheard off. And authenticators? Well, they're just annoying! Needing to type in an extra security measure and all. Furthermore, keyloggers? Well, never happens to me and if so, who cares right?

 

For that latter group, which is a major chunk of for who the CS will be busy resolving hacked account issues, this move IS an improvement in security. As once yet another website, game server, MMO database or whatever gets hacked and emails and passwords are lost, their accounts are less likely to be lost the next day as they may not have had the opportunity to have the same username here. And there is nothing really tying their username here, to that random email address in hacked listings.

Link to comment
Share on other sites

Wait, I see what this is... They meant for this to only be for F2P/preferred players and not for subscribers.

Then they're going to sell them an unlock that will let them use their email address to log in.

 

Am I right?

Link to comment
Share on other sites

April Fools?

 

Nope, not April's Fool because you can already use your display name to log in through the game & website so come 2nd of April you just wont be able to use your email address anymore. My question is, can we change our display name before hand?

 

:ph_danger:

Link to comment
Share on other sites


×
×
  • Create New...