Jump to content

Display Name Only Log In - Coming April 2, 2013


CourtneyWoods

Recommended Posts

  • Replies 531
  • Created
  • Last Reply

Top Posters In This Topic

I don't understand how this help security. No one knows what email I use to log in. Everyone knows your 'Display Name'. Granted they need to know the security questions, but knowing each persons display name is one less barrier IMO.
Link to comment
Share on other sites

I don't understand how this help security. No one knows what email I use to log in. Everyone knows your 'Display Name'. Granted they need to know the security questions, but knowing each persons display name is one less barrier IMO.

 

But like he said if you post on the forums at all there is your display name, not the email address, i only see this making it easier for peoples accounts to get hacked....

Link to comment
Share on other sites

But like he said if you post on the forums at all there is your display name, not the email address, i only see this making it easier for peoples accounts to get hacked....

 

A) EAware redefining terms AGAIN. Display Name = Forum "Handle" for those curious.

 

B) While at first blush it would seem that going from Email ( usually unknown/private ) to Handle ( very public ) there may seem to be a risk to security for hacking. I for one would expect to have A LOT of hacking attempts given how many people "love me" here. :rolleyes: What you have is a fall back to the "questions" you were asked to associate with your account. These are triggerred if you don't log in from a consistante IP. Update your questions and change your password to be 10+ characters long with at least 2 Upper case, 2 lower case letters, 2 numbers, and 2 special characters. Nothing to worry about. :cool:

Link to comment
Share on other sites

Okay, so here is a challenge for security experts:

 

1. Find out my display name

2. Find out my e-mail addy, which I use for SWTOR and this website.

3. Evaluate which of the two is harder to find out.

4. Explain how the new system will improve security

 

This is a ludicrous change. You remove a more or less hidden value and replace it by an openly accessible value and call that an improvement in security ??

Link to comment
Share on other sites

Please be aware that beginning on April 2, 2013, logging in to the game or website will require your Display Name. Email addresses will no longer be accepted; your Display Name will be the only accepted option.

 

Read More

 

You are actually decreasing security using display name, not increasing it.

To be secure compliant logon name has to be unique and not shown to whole world.

It may create some fuss in the begging , but please add different logon name.

Link to comment
Share on other sites

I don't understand how this help security. No one knows what email I use to log in. Everyone knows your 'Display Name'. Granted they need to know the security questions, but knowing each persons display name is one less barrier IMO.

 

exactly

 

no one "knows" my e-mail or my real identity but everyone on these forums knows my username

 

my mind is conjuring scenes where some butthurt player has a tiff with another and begins trying to hack an account

where 1/2 of the login information is available for the world to see

Link to comment
Share on other sites

April Fools?

April fools before the said day is odd. And they purposely chose the 2nd, because the 1st would be calling for not taking them seriously.

 

So no, i don't think it's an april fool.

 

so now everyone will know half of what you use to login?

iuno theres a reason why something like steam doesn't show people your account name...

It's not like if you could already log in by using your account name... wait it is the case.

By now, by reading your Forum name, I'm already able to fill half of your login requirements.

 

Basically, it was probably that they noticed something like the possibility to change a SWTOR password by accessing to Origin, as they are exactly similar, and as Origin security is lower, maybe it allowed to skip some securities like the personnal question. By doing so hacking swtor will not allow to access Origin by "one stone two birds", and as Origin is protected, then maybe the "password change" becomes safer.

Edited by Altheran
Link to comment
Share on other sites

Dude.. F this. What the hell? Isn't it bad enough you mess up in every other way that you FORCE this on people too?

 

Edit: Hold on- next game BW/EA makes will be "We listen to fans." like ME3 or SW:TOR.. This entire thread is full of people asking them /NOT/ to change it, will they care? Nah! ;)

Edited by LordMilitus
Link to comment
Share on other sites

This is an excellent Security Update as this will do several things from a global Security prospective.

 

 

  1. Help to protect individuals identities or identifying information. In some Countries around the world the use of Email addresses is considered a identifying piece of information thus the use of it could be a violation of legal laws (e.g. possibly Germany).
  2. Unify all cross-reference actions from account and forum.

 

 

The question I have will we be allowed to do a one-time Account Name change if we desire without losing history of our posting?

 

Additionally I am wondering if we will see a purge of inactive User accounts to free up possible accounts for new player?

 

BTW before you think #1 is not the case. I work professionally in Information Security and hold several Global Certifications including my CISSP and thus understand the Risk and pain. I do see and understand why some of you do not agree, but understand if your system is compromised it is a layer of overall security not account security for the game. It is the larger individual that is being considered here not the SWTOR.

Edited by Yaesive
Updating
Link to comment
Share on other sites

I would be interested to hear from the devs on this -- though I'm not sure how much they're willing to talk about security measures, for obvious reasons.

 

I think, though, the idea is that the kind of processes used to steal accounts by gold farmers, etc. may simply try to log in with any email address they can get their hands on and attempt to brute-force the passwords. Guild Wars 2 went through a few security contortions after release and heavily recommended that your GW2 email address NOT be used for any other purpose, to minimize the risk of this kind of attack.

 

On the flip side, our display names are very visible to US, here -- but we're all subscribers. While this could lead to personally-motivated hacking, I imagine the sheer volume of that pales in comparison to the sort of email address farming sketched out above.

Link to comment
Share on other sites

Okay, so here is a challenge for security experts:

 

1. Find out my display name

2. Find out my e-mail addy, which I use for SWTOR and this website.

3. Evaluate which of the two is harder to find out.

4. Explain how the new system will improve security

 

This is a ludicrous change. You remove a more or less hidden value and replace it by an openly accessible value and call that an improvement in security ??

 

This is how it works;

 

Trojans and other malicious software are installed to your computer by hackers who install them to your computer through various techniques.

 

These trojans, for example, read whatever you write on your screen and send it further to the hacker.

 

When you login with your email adress for example to swtor.com the hacker may then easily try to hack themselves to your email adress, hotmail as an example, which is easy to hack for people who know how to do it.

 

Then they just simply request a new password from swtor.com to your email adress they already hacked, and after they recieve a new passwotrd they make a hostile takeover of your swtor account.

 

NOW, when you only login with your "username" these trojans wont get any vital information from you, meaning the possibility of hostile takeover of your swtor account is decreased significantly.

Link to comment
Share on other sites

Yeah, this is a very very bad idea.

So now, in order to hack my account, you need to figure out my email address (which is unique to SWTOR) and my password.

 

After this change, you will know that my username is Rankyn because it's plastered all over the forum and all you're left to do is try to figure out my password.

You've essentially done 50% of the work for anyone trying to hack my account.

 

If security is the real issue then our usernames need to be a 3rd option that is neither our email address or our forum name.

Link to comment
Share on other sites


×
×
  • Create New...