Please upgrade your browser for the best possible experience.

Chrome Firefox Internet Explorer
×

Display Name Only Log In - Coming April 2, 2013

STAR WARS: The Old Republic > English > General Discussion
Display Name Only Log In - Coming April 2, 2013
First BioWare Post First BioWare Post

Anariodin's Avatar


Anariodin
03.07.2013 , 03:01 PM | #401
This whole forum post makes me lols. I appreciate your short, long, very long, and duck answers. And since I am not a complete n00b at security, I am glad to see this change.

LarryRow's Avatar


LarryRow
03.07.2013 , 03:03 PM | #402
Quote: Originally Posted by Phillip_BW View Post
OK - you caught me. I'm only spending a few minutes on each answer. The reason there has usually been a day delay in answering the questions is that I'm writing up the answers out of office hours most of the time.
I know I speak for most (all?) of us when I say that going the extra mile is really appreciated. In my view, this amount of communication goes way beyond the expectations of a reasonable customer. So thanks! (Implied corollary: it would be a counterproductive mistake to hold every member of the swtor team accountable to this level of feedback! Okay, fellow swtor players?)

So it sounds like most people are worried that, on the surface, a readily obtainable (by an attacker) username is less secure than a maybe-secret email address. You have continually told us that there are other systems in place to ensure security beyond just username/password, but unless I missed it, you've been kind of vague about what they are. Perhaps shedding some (but not too much) light on what those systems are would alleviate some concerns.
A classic sig that should not be lost:
Quote:
Stunned , pew pew hack slash , stunned , running backward circles, stunned cannot move, pew pew, break stun, 30 second snare, wha?!?!!? stunned, knockdown, ...less stun more pew pew and hacknslash please.

Acer's Avatar


Acer
03.07.2013 , 03:55 PM | #403
Literally only posting to check and make sure my display name matches my forum name.
Acer :: Durendal
TRGA
Formerly of Starsider

Jadescythe's Avatar


Jadescythe
03.07.2013 , 03:56 PM | #404
I think the part of this thread that makes me lol the most is that you can already log in using display name now. So I'm not sure how people could possibly feel their security is more in jeopardy by taking the other login option away as currently they could obtain either to access your acct (along with password of course).

Second on my list of things in this thread that make me lol are the ridiculously awesome dev responses.

As a side note, GET A SECURITY KEY.
I have opinions and stuff

You could get free stuff with my referral link here

Chickensevil's Avatar


Chickensevil
03.07.2013 , 03:57 PM | #405
So I applaud you in your almost desperation in attempting to educate users on security. I also work a very similar job to yours, and have basically given up trying to educate my some 200k+ users... its almost impossible. We have mandatory training, briefings, education material... and sadly... people still make the same stupid mistakes all the time.

Of course we, for the most part, have the luxury of just blocking access to things which cause us the most trouble, because it is our network... you on the other hand, have to account for everyone having access and can't be so cynical about it...

Good luck on trying to get these people to understand why everyone in the world knowing your display name really doesn't matter... Here is a thought for everyone else...

Do you work for a company in which you actually have a company email address?
If you do, is this email address some semblance of your name?
Is this also what you use to log in to the company's network?

If you answered yes to these questions, which I am most certain that you did, then ask yourself, does the fact that someone knows either your company email address or your name in any way make your account log in less secure? Keeping in mind that most people can EASILY datamine your name from the company's website, or even through other random phishing techniques... heck even just guessing common first and last names!

For those who maybe dont work for a company where you have a company email and login, I will let you in on a secret, everyone I know of does their systems in this fashion. The government, Microsoft, Google, and yes, even Bioware all utilize these things. Why?

1. Your email address looks more profession when it contains your.name@company.com
2. It is easier to remember your login ID when it is your own name
3. It is easier for others to find your contact information if, you guessed it, they know your name.

This does nothing to take away from security. So then why does it matter if some randomly thought up username that you likely use all over the internet as your avatar is a big deal if it is also used to log in to the site and the game? Your avatar is an anonymous identifier you use... I mean... hey... we could switch to making you use your real name as both your display on the website and also your login ID.
Quote:
First man says to the second man: Why are you hitting your head against the wall over and over?
Second man responds: Because it feels so good when I stop
Zetliam - Empire - Bounty Hunter - Pot5
Armory

Warwench's Avatar


Warwench
03.07.2013 , 04:10 PM | #406
Quote: Originally Posted by Anariodin View Post
This whole forum post makes me lols. I appreciate your short, long, very long, and duck answers. And since I am not a complete n00b at security, I am glad to see this change.
same here. i know more than most about different things and with everything taken into account, this change is good, for the better and will continue to enhance what is already VERY good account security. there is a reason there are not huge threads on the forums with people complaining their accounts got hacked.

and I can tell you, it's not because the bad guys aren't trying.

RavensBloodyClaw's Avatar


RavensBloodyClaw
03.07.2013 , 04:15 PM | #407
Dear Jeebus you people are all idiots. Had you been using only your user name to log on to the website and the game client this whole time, this would not even be an issue.

The display name I use here is used only here and nowhere else. It does not even come close to the email address I use for it and the password here is not the same as my email address password. You don't have to have your passwords match nor do you have to match your user name to the first part of your email address.

Also the security question answers are meaningless as you can provide any sort of an answer for them. e.g.
Q. Where were you born?
A. I like hooters or A. banana

Due to the fact I have been on the net for 20+ years, I have accumulated literally hundreds of user names and passwords and security questions. The majority I can actually remember, but I still have them on a spread sheet which is encrypted on a encrypted thumb drive. Not one of my accounts has ever been hacked or been a part of a website that has been hacked and user names stolen. That's not to say a website wasn't hacked, just that my accounts were never hacked nor stolen.

I want to know how many of you out there have had an account that has been hacked?

Pscyon's Avatar


Pscyon
03.07.2013 , 04:22 PM | #408
Quote: Originally Posted by Twickers View Post
how often have we actually heard about accounts being hacked?
I despise how the term is usually misused as badly as it is, because most of the time people aren't "hacked"; they either give away their account info to phishing, people they shouldn't have trusted or have it stolen by keyloggers and other types of malware. In the majority of cases account theft is due to carelessness and/or stupidity. Few and far between are the times people lose their accounts due to someone sitting down and actively highjacking their account by circumventing or figuring out the password...
Sith Sorcerer

Warwench's Avatar


Warwench
03.07.2013 , 04:23 PM | #409
Just to put this in perspective.

given adequate other controls (which they obviously have).

It doesnt matter if I have your login ID (whether it's email or username).

it matters if I have that, and your password.

Since your email is generally static (and usually reasonably unique, ie generally only you use it at each website you sign up to).. when various websites get hacked (which happens a lot) and a email/password combo ends up on a rather large list, chances are much better than you have used the same email and password here.

if you use a username, chances of you using the same username and password on multiple sites is slimmer, as it's not unique to you (ie bob@bob.com is unique to bob if it's his email address, but TheBob might be already taken so on here he is BobTehAwsum).

I know from doing security on some large authentication systems that every time there is a massive password dump from a newly hacked site, there is a LARGE increase in successful logins to the systems i was monitoring.

You guys only need to think about your account, Phil needs to think about all the accounts and has access to much more data, so having been in a similar position I both agree with and trust him.

TL;DR email is unique to you, username might not be. password reuse chance is much lower.

VarKoE's Avatar


VarKoE
03.07.2013 , 04:30 PM | #410
Quote: Originally Posted by DarthTHC View Post
LULZ. You're not reading Phillip_BW's posts, are you?

Incompetent? He seems extraordinarily competent!
Nerf Phillip. He is clearly OP

Thanks for the security tips Phillip.