Please upgrade your browser for the best possible experience.

Chrome Firefox Internet Explorer
×

Display Name Only Log In - Coming April 2, 2013

STAR WARS: The Old Republic > English > General Discussion
Display Name Only Log In - Coming April 2, 2013
First BioWare Post First BioWare Post

Albertwang's Avatar


Albertwang
03.08.2013 , 10:54 AM | #451
Any luck on figuring how to update the user name login?

DaRoamer's Avatar


DaRoamer
03.08.2013 , 11:04 AM | #452
Quote: Originally Posted by tausser View Post
Thanks for explaining it so cogently. And while using the same email for multiple sites is ok, using the same password is a really bad practice, you won't get any argument from me there.

I would also point out that I have no objection at all to de-coupling email from login and I don't think I conveyed any objection to that.

But you totally side-stepped the question I raised about people's *perceptions* regarding account security.

While Phillip (and you and others) can talk til you're blue in the face about how these changes will improve security, people conditioned for years by being told to never, ever share their login info are going to resist hearing that message.

BW even tells us in one loading screen tool-tip to never share your info, yet they now turn around and give half of it away to world + dog. Simply saying "oh, sure, never, ever tell anyone your password but, meh, your login doesn't really matter" isn't terribly reassuring at first blush.

I'll be the first to admit that, however much EA falls short in almost ever other regard, security certainly seems top-notch.
I didn't sidestep it exactly, I addressed it at the end of my post, but frankly I don't have a good answer or entirely disagree with what you're saying. Obviously, as illustrated in this thread, the perception is that doing this is a bad thing and it causes some people to panic and rage. The question becomes how much damage is this negativity really going to cause? I don't have any kind of data on that or have any clue what the real world costs for them to implement new logins for everyone is. My guess though is that people will complain at first but then forget about it when they realize there isn't any rampant account hijacking going on after the change. Until then all they can do is try to educate people.

Andryah's Avatar


Andryah
03.08.2013 , 11:45 AM | #453
Quote: Originally Posted by DaRoamer View Post
.....Obviously, as illustrated in this thread, the perception is that doing this is a bad thing and it causes some people to panic and rage. The question becomes how much damage is this negativity really going to cause? ....
Based on past observations.... there will be little to no impact over this in terms of damage from peoples perceptions. Even when an MMO gets a bad rep for ACTUAL hacked accounts... people don't leave.

It's the forums afterall...... "short attention span theater of sorts"....... Where yesterday's crisis is today's "Wut?" and tomorrow's "Huh??". People will quickly move on to raging over the color of the next release of the pet monkeys in cartel packs... and people threatening to quit over it.

TL;DR: this too shall pass.
Forum disputatio ------> est completum ineptias.

xxAtticusxx's Avatar


xxAtticusxx
03.08.2013 , 02:17 PM | #454
Without going into specifics, as I know you can't, how does using the display names help the development of new features, such as self-help services? My understanding, based upon your previous answers, is that because of the Free-To-Play players don't have an email associated with their accounts. Also, what other systems do you have in the pipeline concerning the new features coming after April 2nd?

As for those complaining about display name login, it is already available now. All these conspiracy theories about "Hackers will be able to hack accounts more easily now just by browsing the forums" etc., they could already do that now, but with the current security systems in place, they can't. Personally, I see this as a welcome change to simplifying the entire system.

Using emails for usernames was a terrible idea to begin with, they're long, clunky, should only be used for communication purposes and as usernames for the email service providers.
Atti'cus / Mi'ah / Kaey'n
___________________________

Jaey'den / Na'lla / Att'ii / At'ti / Ma'kii

AbsolutGrndZero's Avatar


AbsolutGrndZero
03.08.2013 , 02:56 PM | #455
Funny story, I just tried to login with my display name and kept getting errors... Couldn't figure it out because looking at my display name here it looks like what I think it should (it's also my Xbox Live Gamertag) but wait no it isn't... that's an o not a 0 ROFL

What was it 3 years ago when I created this account to apply for beta, it was AbsolutGrndZero because I hadn't had the thought to use an 0 as a added novelty to the name.


That said, now I really want to change it!
The Babylon Legacy
Harbinger
Racquel, Stancerry, Jennica, Porcelain

Blackavaar's Avatar


Blackavaar
03.08.2013 , 05:17 PM | #456
Quote: Originally Posted by Warwench View Post
you have been able to sign in with both email and display name for a while now.
You people keep saying this as if that makes it all okay and we have nothing to complain about.

Well, in case you didn't realize most people didn't even know that change was made. It wasn't announced. It was just done. And since most players don't read past the ability changes in patch notes it never got noticed. Actually, I'm not even sure it was in any patch notes and nobody posted anything about the addition of 3 extra words (or Display name) on the login. So, saying that it has been this way for a while does nothing to alleviate anyone's concerns and their concerns are valid regardless.

Only the meek get pinched. The bold survive.(███████████████████████████████████║║█[Θ]█]◙◙◙◙◙◙◙◙[█]

PaZPyX's Avatar


PaZPyX
03.08.2013 , 11:11 PM | #457
Given that this is 45 pages long now, likely it's been voiced already, but as a customer's opinion, I'd repeat it even then.

1) Hopefully having login name decoupled from the email address would mean the email address for an account becomes changeable.

2) Please refrain from "security through obscurity" practices when it comes to end users; these are more of an annoyance (to both legit users and determined attackers) than any valid help or detriment. For example, things like (a) security questions, (b) not being able to find an account name for character name (and message players by their account name) are serious inconveniences in the game. A login has a public part (name, email, etc) and a private part (password); making sure the private part remains private is the responsibility of the user -- as EULA clearly states, I believe. Additional security features (hide account name, set up security questions, set up security key, invalid login limit) may be nice as long as they are optional, because ordinarily, using a strong password should be enough. If I use "password" for password and suddenly have my account stolen -- then I get what I deserve. If I use the same password for my account as I use for some forum and suddenly have my account stolen -- I get what I deserve. If I log in from some machine without making sure it's adequately protected from keyloggers and sniffers, and suddenly have my account stolen -- I get what I deserve. If, on the other hand, I have my account stolen because somebody hacked EA and stole my login info from under your noses -- then you get what you deserve by losing me as a subscriber, security questions or no.
Q: What happens when the value of Pi changes?
A: The universe reboots.

Ruhrpottpatriot's Avatar


Ruhrpottpatriot
03.09.2013 , 05:37 AM | #458
Quote: Originally Posted by PaZPyX View Post
1) Hopefully having login name decoupled from the email address would mean the email address for an account becomes changeable.
It already is, afaik.

Quote: Originally Posted by PaZPyX View Post
[...]Additional security features (hide account name, set up security questions, set up security key, invalid login limit) may be nice as long as they are optional, because ordinarily, using a strong password should be enough. If I use "password" for password and suddenly have my account stolen -- then I get what I deserve. If I use the same password for my account as I use for some forum and suddenly have my account stolen -- I get what I deserve. If I log in from some machine without making sure it's adequately protected from keyloggers and sniffers, and suddenly have my account stolen -- I get what I deserve. If, on the other hand, I have my account stolen because somebody hacked EA and stole my login info from under your noses -- then you get what you deserve by losing me as a subscriber, security questions or no.
You really should read this article. A password no longer is the means of securing an account. Bioware knows that and they have back-end systems in place which you don't see nor experience (as a normal customer) which prevent account hacking even if your password is stolen (granted, only if you have security questions and or one-time-key-authentificator)

For those who didn't have the chance to read Phillips posts, here are the links, which explain in great detail why the new system is actually better:
http://www.swtor.com/community/showt...06#post5954106 (Courtney's starting post)
http://www.swtor.com/community/showt...36#post5955636 (First reply)
http://www.swtor.com/community/showt...16#post5961316 (Second reply)
http://www.swtor.com/community/showt...75#post5961675 (Third reply)
http://www.swtor.com/community/showt...607377&page=39 (Fourth reply)

To summarize a bit:
1. The Username is not a better system per se, it is neutral. No security is gained or lost for SWTOR, only if another site is hacked the chances of your info falling into wrong hands is reduced via decoupling. It is like you are telling a person the name on which your bank account is registered.
2. Switching to usernames enables the security department to introduce more back-end measures to further strengthen the account (this is the main reason why they are doing the change)
3. Multiple systems for account protection are already in place (Password, Authenticator, SAQ, IP-Check, to name the disclosed ones), most of them back-end.
4. There will be no way to block an account just by knowing his display name and then typing in the password wrong multiple times (or more specific: The one who does it gets his IP blocked, you can still log-in normally)
5. The changes has nothing to do with your ingame character names.
6. You already can log-in with your username.
7. He's a brit.

I really urge you to read his posts, they are very detailed and explain why the change is a good thing.

Pscyon's Avatar


Pscyon
03.09.2013 , 07:18 AM | #459
Quote: Originally Posted by LarryRow View Post
This is totally off-topic, but why do so many people leave the default post display at 10 per page? I can't deal with that many page refreshes; much rather scroll through a longer page. This post is on page 12 for me.
Often been wondering the same thing, on a lot of forums. Personally I find 20 responses per page to be good. 10 makes the threads just seem excessively huge and you're clicking "next page" every other minute.
Sith Sorcerer

Ruhrpottpatriot's Avatar


Ruhrpottpatriot
03.09.2013 , 11:43 AM | #460
A quick question for our head of security:
Has there been a thought of switching form the current SK app to the Google SK app? Arena net has scrapped their own version of an authenticator in favour for Googles.
I think this could also benefit TOR, as the Google app is probably used by more people. It also has Blackberry support already.