Please upgrade your browser for the best possible experience.

Chrome Firefox Internet Explorer
×

Display Name Only Log In - Coming April 2, 2013

STAR WARS: The Old Republic > English > General Discussion
Display Name Only Log In - Coming April 2, 2013
First BioWare Post First BioWare Post

RobCFrame's Avatar


RobCFrame
03.09.2013 , 11:37 PM | #471
My login has never been an email address. Calling it 'Display Name' only served to confuse me. It is never displayed anywhere.

Nemhain's Avatar


Nemhain
03.10.2013 , 04:26 AM | #472
Quote: Originally Posted by PaZPyX View Post
Given that this is 45 pages long now, likely it's been voiced already, but as a customer's opinion, I'd repeat it even then. (...)
(...) -- then you get what you deserve by losing me as a subscriber, security questions or no.
I had my account hacked in other mmorpg (which I played for almost 6 years) and I was the most carefull as a user can be, I didn't deserve what happened to me in that case. If a hacker wants to hack your account he will, we just have to make their life as harder as possible, and trust the people that looks up for our accounts security do their best to avoid it.

You should follow the advice of Ruhrpottpatriot
Quote: Originally Posted by Ruhrpottpatriot View Post
For those who didn't have the chance to read Phillips posts, here are the links, which explain in great detail why the new system is actually better:
http://www.swtor.com/community/showt...06#post5954106 (Courtney's starting post)
http://www.swtor.com/community/showt...36#post5955636 (First reply)
http://www.swtor.com/community/showt...16#post5961316 (Second reply)
http://www.swtor.com/community/showt...75#post5961675 (Third reply)
http://www.swtor.com/community/showt...607377&page=39 (Fourth reply)

I really urge you to read his posts, they are very detailed and explain why the change is a good thing.
Apparently some people like you didn't even bother to look at that posts, like Ruhrpottpatriot said: "I really urge you to read his posts(...)". Not only you but everyone, before posting here.
"Mercy is not true, your sins are next to mine"

Hengeste's Avatar


Hengeste
03.10.2013 , 08:40 PM | #473
Quote: Originally Posted by Ruhrpottpatriot View Post
It already is, afaik.


You really should read this article. A password no longer is the means of securing an account. Bioware knows that and they have back-end systems in place which you don't see nor experience (as a normal customer) which prevent account hacking even if your password is stolen (granted, only if you have security questions and or one-time-key-authentificator)


I really urge you to read his posts, they are very detailed and explain why the change is a good thing.
I read the first couple of pages of this link and I was honestly amazed mostly because it actually makes sense, unfortunately. I will not profess to know exactly the headaches that BW has nor at this point in my life will I ever fully be able to. However, given that I am logging in with a physical key generator every time and might be changing to an android app instead, I feel relatively safe logging in because the code changes with every press of the button.

I would suggest that BW perhaps consider an exercise in greater explanation with this move, if it has not already been that is.
Ideals are fine, for ideal times and these are less than ideal times. This is WAR!
Jedi Knight with a Shadow size bad attitude

DisNamConInaLang's Avatar


DisNamConInaLang
03.11.2013 , 03:49 AM | #474
Quote: Originally Posted by Hengeste View Post
I read the first couple of pages of this link and I was honestly amazed mostly because it actually makes sense, unfortunately. I will not profess to know exactly the headaches that BW has nor at this point in my life will I ever fully be able to. However, given that I am logging in with a physical key generator every time and might be changing to an android app instead, I feel relatively safe logging in because the code changes with every press of the button.

I would suggest that BW perhaps consider an exercise in greater explanation with this move, if it has not already been that is.
Lots of sensationalist points made in that article, but every logical attack he makes begins with the assumption that something is already vulnerable or has been compromised -- the database containing the passwords (which should be protected at a minimum by web service layers, and the passwords should be hashed with a unique salt), the computer the user accesses, the length and strength of the password itself, or the carelessness of the housekeeper in trusting someone over the phone whose identity isn't properly verified. That doesn't prove anything about passwords being outdated. That's like saying keys are outdated because the burglar has stolen the key or broken a window. And yet keys remain the staple of physical security. And passwords the staple of web security. Utter fallacy.

Algorithms exist to stretch the length of time it takes to calculate password hashes, thus making brute force much more unlikely to succeed. Brute force only works in the first place against unsalted hashes of exposed passwords or systems that accept infinite logon attempts. It still remains that a large enough password (20 characters or more, maybe a little less) cannot be brute force cracked or guessed. Humans can remember strings that long if properly constructed: twentYplUschar@cterS! is one trivial example. If they're lazy then that is a different story, but once again doesn't prove anything about passwords being inherently weak or outdated.

I will stipulate that as systems grow complex the vulnerabilities appear in various ways. All of these need to be protected in order for the password to be useful. That, I take it, is the author's point, but again that does not prove the password to be useless.

The fact remains that humans put a much higher premium on convenience than security. The former is easy to understand and directly impacts productivity, unlike the latter. People need to be educated and pressure needs to be placed on large companies in order for any real change to occur.

Leonick's Avatar


Leonick
03.11.2013 , 06:48 AM | #475
Quote: Originally Posted by Phillip_BW View Post
Only people that post on the Forums have their Display Name visible to others currently. Even then we took that into account when designing the updated system and I wouldn't recommend trying to attack known Display Names...

You should log on to Steam again - they currently only use the equivalent of DisplayName, and that name is what you are known as to all your friends (and in the community section of Steam for that matter).
Actually, Steam doesn't use your DisplayName, your Steam username and displayname are different. How do I know? Simple, the name I use to log in to steam is different than what shows on my profile, my login name is also not listed among the "this player has also played as" names... Just saying.
My Characters on the Progenitor
Raiah - Jedi Consular (Sage), Nesalia - Smuggler (Scoundrel)
Guild: The Kestrel Minority

Warwench's Avatar


Warwench
03.11.2013 , 06:58 AM | #476
Quote: Originally Posted by Leonick View Post
Actually, Steam doesn't use your DisplayName, your Steam username and displayname are different. How do I know? Simple, the name I use to log in to steam is different than what shows on my profile, my login name is also not listed among the "this player has also played as" names... Just saying.
Yep and he covered that in a later post. You might want to read all of Phillips posts before replying. Goes for anyone.

DarthTHC's Avatar


DarthTHC
03.11.2013 , 06:59 AM | #477
Quote: Originally Posted by buaala View Post
This is crap! Should at least be optional if you use a security key...
Why?

We have been able to log in with our user name / display name since f2p went live - months ago.

In all those months, how many times have you heard of a SWTOR account being compromised?

In that same time, how many WoW accounts have been compromised?

The security team for this game clearly knows what they're doing.
Human beings see oppression vividly when they're the victims. Otherwise they victimize blindly and without a thought. ~ Isaac Bashevis Singer

SleepyJoeFriday's Avatar


SleepyJoeFriday
03.11.2013 , 07:01 AM | #478
How about making the physical security key available again to players out side of North America?

Odd how after all of this itme it's still listed as available and yet out of stock, when it's unavailability is all down to US/Canadian export laws which I find pretty ironic when its probably manufactured in China!

Jacen_Starsolo's Avatar


Jacen_Starsolo
03.11.2013 , 07:24 AM | #479
Quote: Originally Posted by SleepyJoeFriday View Post
How about making the physical security key available again to players out side of North America?

Odd how after all of this itme it's still listed as available and yet out of stock, when it's unavailability is all down to US/Canadian export laws which I find pretty ironic when its probably manufactured in China!
Looked at the back of mine. Yep, made in China.

And why has BW unstickied this thread that should be up until the change in roughly 3 weeks? Ashamed?

BobaScott's Avatar


BobaScott
03.11.2013 , 07:54 AM | #480
Quote: Originally Posted by SleepyJoeFriday View Post
How about making the physical security key available again to players out side of North America?

Odd how after all of this itme it's still listed as available and yet out of stock, when it's unavailability is all down to US/Canadian export laws which I find pretty ironic when its probably manufactured in China!
He addressed that in one of his posts....