Jump to content

Display Name Only Log In - Update 2 - Coming April 2, 2013


Phillip_BW

Recommended Posts

  • Replies 110
  • Created
  • Last Reply

Top Posters In This Topic

Well, I do like to picture Mr. Holmes as a big yellow duck now.

 

Quick, someone do some fan art.

 

That link is broken, it redirects me to the main page of the Origin site.

 

Hm....I'm lost, then.

 

When I go to the main site, I just search "swtor" and the security key comes up. Maybe try doing a browser cache dump?

Edited by chuixupu
Link to comment
Share on other sites

I for one liked the duck thing. It was a good way to be light-hearted and represent the questions that he obviously takes seriously as is evident in him replying to them. After all, it is better to use a question and attribute it to a random person rather than call out specific angry forum-goers. The duck thing just broke it up and made it easier to stay interested in. Good work, Phillip!

 

I think the changes are good, as I have always been a little wary of using my email address for things. I use LastPass to type it in for me so I don't have to do it in case I have a keylogger on my system.

 

Lastly, any person that uses xkcd as an explanation for anything gets serious props in my book!

Link to comment
Share on other sites

Considering how many people asked pretty much the same question in various different guises of language, the use of Mr. YellowDuck was warranted. Yellow ducks are adorable, but real ducks are the most terrifying things to be behold. Would have rather he used "Generic SWTOR Player #7789"?

 

*peck*

 

Maybe Mr. Phillip_BW talks to his yellow bathtub duck a lot, to share his security ideas and secrets.

 

Okay, but getting serious for a second, we are pretty sure he is pulling all the duck references from the phrase "have your ducks in a row," right? Where else could it be coming from?

Link to comment
Share on other sites

This seems a crazy amount of information for something like a change of login.

 

Is the current login so bad that all this work is really required, we have a game that needs serious work and a community that want to know whats going on. Wouldn't it be far better to spend all this time and effort in to making the game better and talking to the community.

Link to comment
Share on other sites

Okay, but getting serious for a second, we are pretty sure he is pulling all the duck references from the phrase "have your ducks in a row," right? Where else could it be coming from?

 

Maybe, but it seems there's just one yellow duck hogging the mic...

 

This is why I shouldn't be awake at 5am - stupid work and it's stupid early starts. Time to waddle off and... something something mallard.

Link to comment
Share on other sites

Do you know where Security Keys are for sale in the EU and/or generally outside of the US? As far as I'm aware, Security Keys are not currently for sale outside of the US.

 

Perhaps Mr. Philip_BW could help with this?

 

Do you have a smart phone? There's an app version too. I used it before I got the CE.

Link to comment
Share on other sites

@Phillip_BW

 

I got to say I love how you are able to explain in simple terms complex IT security concepts and practices.

 

There has been so many clueless posts and non sense suggestions of IT security practices in this forums by ppl who think they know better than the people that actually work on IT security.

 

If I were you, I would have probably strangled to death all the ducks in frustration while reading some of the post in these threads.

 

Keep up the good work man!

Edited by Aelrail
Link to comment
Share on other sites

This seems a crazy amount of information for something like a change of login.

 

Is the current login so bad that all this work is really required, we have a game that needs serious work and a community that want to know whats going on. Wouldn't it be far better to spend all this time and effort in to making the game better and talking to the community.

 

It's a crazy amount of information because there have been a crazy number of questions asked about the topic. A couple of weeks ago Phillip_BW answered 15-20 questions from a thread with 40 pages concerning "flaws" in the new security system. He's helping the community who wants to know what is going on, but that's not his job.

 

Phillip_BW was hired to do security work for the game. He's always been interested in security systems, how to break in, how to keep them safe, and went to school to learn how to keep information from spreading to the wrong people. He's knows a lot more about computer security than you or I, as evidenced by his recent forum posts, and since the things he is saying seem to be true so I trust him. Like he said in his post, he wouldn't excel at other aspects of the game, producing a product that isn't up to the standards you have for SWTOR. But if you let him work on the security he will exceed your standards and you won't even know it.

 

On the other hand, maybe this whole securuity changeover is so Philip can have a better system to steal everyone's passwords and infect your computers with keyloggers. Hey, BW, you have someone looking over Phillip's shoulders at all times, right?

Link to comment
Share on other sites

This seems a crazy amount of information for something like a change of login.

 

Is the current login so bad that all this work is really required, we have a game that needs serious work and a community that want to know whats going on. Wouldn't it be far better to spend all this time and effort in to making the game better and talking to the community.

 

You are disregarding the mass hysteria week before last when they posted this was coming. :rolleyes: Where do you think he got all the MrDuck questions and hyperbole from?... this very forum.

 

You are also disregarding people like yourself... ie: people who will always find an angle of attack on any topic that a Bioware staff member might present. ;)

 

Please to note: The team that develops in game content =/= the team that manages and maintains account security (out of game, or in game). ;)

Edited by Andryah
Link to comment
Share on other sites

I'm not sure who this "MrYellowDuck" is, but he's a moron!

 

He is a random_proto_player waiting to pounce on every comment by a Bioware staff member with a quack-quack here... and a peck-peck there. :D It is a species known as Quackasaurus Rex, which likes to prey on innocent creatures on the forum and endlessly distract the local wildlife by making much roaring and gnashing over anything and everything.

 

I must say however that Phillip pwned him, plucked his feathers, and said duck is ready to be served. :p

Edited by Andryah
Link to comment
Share on other sites

He is a random_proto_player waiting to pounce on every comment by a Bioware staff member with a quack-quack here... and a peck-peck there. :D It is a species known as Quackasaurus Rex, which likes to prey on innocent creatures on the forum and endlessly distract the local wildlife by making much roaring and gnashing over anything and everything.

 

I must say however that Phillip pwned him, plucked his feathers, and said duck is ready to be served. :p

 

I bet that name is now taken in game if it wasn't already.

Link to comment
Share on other sites

My question is this:

 

What's with everything being duck related?

 

Shouldn't you be getting all your Jawas in a row? :jawa_wink:

 

I've never seen a duck round these parts till you showed up.

 

Why would you be lining up ducks or Jawas? That doesn't really make any sense.

Link to comment
Share on other sites

i always have to answer my security question every time i log into the launcher and the forums even though i use the same computer.

 

i know for the forums i always have my browser clear the active logins/cookies and all the jazz so i think thats the reasoning for having to answer my sec questions everytime on the forums but i was wondering why i have to for the launcher as well

My brother has that problem, too. He needs to answer the security question every single time he logs in, even when he does it from the same PC. According to phone support, some accounts are bugged that way and need to answer the question every time and "they are working on it". He was told that back in June, though. Hopefully that won't mean the people that suffer from that bug will get spammed by these new security question e-mails every single time he logs into the game or forums. Edited by Glzmo
Link to comment
Share on other sites

My brother has that problem, too. He needs to answer the security question every single time he logs in, even when he does it from the same PC. According to phone support, some accounts are bugged that way and need to answer the question every time and "they are working on it". He was told that back in June, though. Hopefully that won't mean the people that suffer from that bug will get spammed by these new security question e-mails every single time he logs into the game or forums.

 

My wife's was bugged that way for awhile. Then one day it stopped asking her the security question each time. It did happen to stop after we called customer support - she couldn't remember one of her answers and it locked up on her.

Link to comment
Share on other sites

You can check your own email address at http://pwnedlist.com/ for instance as one of the posts on the previous thread indicated.

 

One of those little security 'thingies' is not to click on unknown links.

 

[*]Don't click links you don't know inside emails. Go to the website you think you need to go to and type the url in the hard way. Takes longer, but helps protect you...

 

It would have been helpful for a security person to explain the link first.

 

Was Your Email Account Hacked? PwnedList Can Tell You

Feb 2, 2012

http://www.pcworld.com/article/249148/was_your_email_account_hacked_pwnedlist_can_tell_you.html

 

Don't click it. :D Always use Google cache to access articles.

 

We are working on a new 'Forum Display Name' capability so that people will at some point in the future be able to change the name used on the forums. Which way we go about that (choose a character name? let you write whatever you want?) is still being decided and that will impact the amount of work required and therefore the 'when'.

 

Again, this gives the impression of security on the cheap. Where security decisions are based on 'penny wise and pound foolish' cost/risk assessment.

 

It is also not something that can be easily implemented in a matter of minutes. Regardless of if the change would be as simple as adding a column in a database, there is still getting that data presented to the website securely, providing the ability to input data into the column itself (again securely), and that is before we have our awesome QA team make sure the functionality works as expected. We won't say 'soon' on this feature, as it is too early to be able to predict when this could be rolled out.

 

Although the good news is this extra security is likely to be implemented by BioWare/Electronic Arts. Something, I believe, American Express (and other companies) forced on users years back.

 

My concern, again, are many notable security breaches have occurred through illegal use of high level accounts with high level system access. The 'on the cheap' security philosophy being one of the contributing factors. Again, we'll see if PBW is lulling hackers with misdirection ("don't throw me into the briar patch"), or BioWare is setting itself up to be another Sony.

 

For the average user, changing ALL your passwords regularly is a good easy security measure.

 

A good guideline as presented by Authorize.net, a VISA company:

(Did you really click the link??? :o)

http://support.authorize.net/authkb/index?page=content&id=A233&actp=LIST

To strengthen the security of your payment gateway account, you are required to change your password every 60-90 days. This requirement is also necessary for Authorize.Net to maintain compliance with the Payment Card Industry Data Security Standard (PCI DSS), which requires periodic password changes, strong passwords (alpha-numeric combinations, minimum character length, etc.), programmatic memory of previous passwords to prevent reuse, password lockout after invalid attempts, and other password security measures. These standards are detailed in PCI DSS Requirement 8: “Assign a unique ID to each person with computer access.” Requirement 8.5.9 specifically states:

 

 

  • 8.5.9 For a sample of system components, obtain and inspect system configuration settings to verify that user password parameters are set to require users to change passwords at least every 90 days.

     

  • For service providers only, review internal processes and customer/user documentation to verify that customer passwords are required to change periodically and that customers are given guidance as to when, and under what circumstances, passwords must change.


 

PCI DSS requires compliance with this standard for both service providers like Authorize.Net and all merchants who process credit card transactions. To learn more, please visit: https://www.pcisecuritystandards.org/index.shtml.

 

If you have difficulty remembering strong passwords without writing them down, you might try one of the following tips to create strong passwords that are easy to remember:

 

  • String several words together to produce a passphrase, and make an acronym from it. You can create acronyms from the words in a song, a poem, or other sequence of words that you can easily remember. For example, “Stopping by woods on a snowy evening” becomes “sbwoase.” Then apply the other strong password requirements—capital letters, numbers, special characters—to create a strong password. By applying the other strong password measures you can make this acronym into a password, for example, “sBw0@se1922.”
  • Deliberately misspell a word, and then add a number or substitute special characters to create a password. For example, if you respell “security” phonetically as “sekooritee,” you can then turn the word into the password “seky00r1T.” Note: Do not choose a common misspelling such as “mispelling”or the word “misspelling.”
  • Combine a number of facts, such as dates and events, and add a number or substitute a special character. For example, you can turn the words “Pearl Harbor” and the date “December 7, 1941” into “pe@rL12741HArb0r.” Another example would be to take a holiday (such as Boxing Day) and its date (December 26) to make “12b0x1ng26d@Y.”
  • Shift a word up or down one row, or left or right one character on the keyboard. For example, if you shift the word “security” by one character to the left, you obtain “awxyeurt.” Once you apply the other strong password requirements you would have a strong password such as “aW3yeur+.”
  • Shift letters in a word a certain number of letters up or down the alphabet. For example, if you shift the Ts in the word “thirty-three” back four letters, you would get “phirpy-phree.” Applying additional strong password requirements would give you the password, “phiRpy#phrE5.”

 

Important: Do not use any of the example passwords shown above. Since these examples have been published, they can be used fraudulently. These are only examples to show you possibilities for strong yet memorable passwords.

 

And:

Password Policy

http://www.authorize.net/files/PasswordPolicy.pdf

 

It is imperative that you implement adequate security to

protect your payment gateway account from unauthorized

activity. One key way to protect your account is to change

your account password on a regular basis. The following

Authorize.Net Password Security Policy will help you select

strong new passwords.

 

+ Your password must be at least eight characters long. Longer passwords may be

even stronger.

+ Your password must include a combination of upper and lower case letters,

numbers, AND non-alphanumeric symbols.

+ Your password may not be a standard dictionary word, even if it is spelled

backwards.

+ Your password may not use common symbol substitutions for letters, such as $ for s.

+ Your password may not be the same as your user login ID.

+ Your password may not be blank.

 

Please also consider the following guidelines for safeguarding your password and

increasing the security of your payment gateway account.

 

+ Your password should not contain any information about you that can be easily

discovered, such as a spouse or child’s name, a license plate or street address

number.

+ Do not share your password with anyone. If you have reason to believe that your

password may have become compromised, change it immediately.

+ Do not write your password down. Keep it in memory only. If you absolutely must

write your password down, store it in a secure location accessible only to you.

+ Do not enable settings that allow your Web browser to “remember” your password.

+ If for any reason you need to share your password, do so only in person or over a

live phone call with an authorized person. Never share your password via e-mail or

voice mail.

+ Never display or transmit your password in any communication or online

transmission (other than when logging into your account).

+ Never share your user login ID and password in the same communication.

 

/*

 

"the code is more what you'd call "guidelines" than actual rules"

Pirates of the Caribbean: The Curse of the Black Pearl

Link to comment
Share on other sites

Dear Phillip from Bioware.

 

When I read your text I'm getting really pissed. You are not only arrogant, no you're also totally intolerant to the community regarding their questions. Instead of that you would take the user name for the question, no you take a duckface, an alibi face.

 

Your writing style is overbearing and I think you like to read yourself.

 

If i were your boss, I'd love to move you away from the community and send you back to the servers because that is not way to to communicate with the community. Maybe you speak with your friends or staff, assistant in Texas but not with the community! For the most of the german community you are faildet with your way.

 

But hey, there is a vacancy. I'm sure since you fits in well.

 

This is my opinion. Maybe a bit harsh but this is how I interpret you.

But i'm still a german sub with bad english. What we are already value:rolleyes:

 

  • More then twice Stickys in Germand and French Forum.
  • Missing translation of your text
  • MIssing presence of CM's in German/French Forum.

Edited by Leonalis
Link to comment
Share on other sites

Dear Leonalis,

 

Maybe this is a cultural divide, but, please lighten up.

 

Phillip's posts have been some of the more interesting, friendly, and overall fun yellow posts that I've seen on this forum since the early days. He's not a customer service representative. He's the security guy.

Link to comment
Share on other sites


×
×
  • Create New...