Please upgrade your browser for the best possible experience.

Chrome Firefox Internet Explorer
×

Display Name Only Log In - Coming April 2, 2013

STAR WARS: The Old Republic > English > General Discussion
Display Name Only Log In - Coming April 2, 2013
First BioWare Post First BioWare Post

iamthehoyden's Avatar


iamthehoyden
03.07.2013 , 09:38 PM | #431
Quote: Originally Posted by RikHar View Post
And you're telling me, me, that I been using my display name for a long time now. Really? And pray-tell, how and when have I used my display name to log in?

You don't know what you're talking about.

You seeking a job as a moderator or something? They not hiring.
I think you misunderstood. He meant that you (or a hacker) could have use your display name to log in for months. Right now both display name and email address are valid log in terms.
aren't you a little short for a stormtrooper?
---------------
Fan Fiction: My Name is Solomon Crae The Man in the Box

RikHar's Avatar


RikHar
03.07.2013 , 09:44 PM | #432
Quote: Originally Posted by iamthehoyden View Post
I think you misunderstood. He meant that you (or a hacker) could have use your display name to log in for months. Right now both display name and email address are valid log in terms.


Then if that was his intent, then I apologize but I didn't read it that way.

Many thanks for your input.

Warwench's Avatar


Warwench
03.07.2013 , 09:46 PM | #433
Quote: Originally Posted by RikHar View Post
And you're telling me, me, that I been using my display name for a long time now. Really? And pray-tell, how and when have I used my display name to log in?

You don't know what you're talking about.

You seeking a job as a moderator or something? They not hiring.
you have been able to sign in with both email and display name for a while now. Everyone, not just you. Go try it. We'll wait.

It's all the back end systems and protections that phillip manages that are why there are not rampant account hacks. All they are trying to do is move to something that allows for more self service options to fix when you have problems and more options to better secure things on the back end. Self service means less calls to support, less time wasted, less unhappy people being on hold for a long time. The changes don't lower security in any way.

I'm not angling for a job, I already have one, I work in security. I test systems, design systems and break into systems every week and I am just tired of seeing the same irrelevant arguments over and over.

tausser's Avatar


tausser
03.07.2013 , 10:25 PM | #434
OK, I get it.

I get it that using our display name isn't any *less* secure than using our e-mail to login. (Though I still don't buy the assertion that it actually *increases* security in any way, either, since the login name is immaterial in terms of security, as many of you have pointed out.)

The main problem here is perception - rightly or wrongly, people *feel* that world + dog suddenly knowing half their login info makes their accounts less secure. And, after being told over and over and over again to NEVER, EVER GIVE OUT YOUR LOGIN INFO, BW goes and gives half of it to said world + dog. Little wonder that people are upset. o.O

I can accept their argument for de-coupling our email from our login, it seems reasonable.

But it would seem the discussion must have gone something like this:

"We want to de-couple e-mail from login."

"Great idea! Let's have people create a new, secret login name that no one but them and us will know."

"Nah, that's too much work and expense, plus they'll all ***** about having to do it. Let's just make them use their display names, since we already have that ability in place."

"Yeah, you're right! They won't object to that."

Did it even occur to BW, what a s***storm this would generate?

Or did it occur to them and they just went with their usual **** 'em?

Anyhow, thanks to Phillip for doing his best to both explain it and put the best spin on it.
It's hard work to tell which is Old Harry when everybody's got boots on.

Blazingfinn's Avatar


Blazingfinn
03.07.2013 , 11:01 PM | #435
Quote: Originally Posted by CourtneyWoods View Post
Please be aware that beginning on April 2, 2013, logging in to the game or website will require your Display Name. Email addresses will no longer be accepted; your Display Name will be the only accepted option.

Read More
is this a joke?

How does that improve security, no one knows, my e-mail im using, and every one can see my forum user name.

i guess EAware, wants me to end my sub.

DaRoamer's Avatar


DaRoamer
03.07.2013 , 11:18 PM | #436
Quote: Originally Posted by Blazingfinn View Post
is this a joke?

How does that improve security, no one knows, my e-mail im using, and every one can see my forum user name.

i guess EAware, wants me to end my sub.
The joke is that there are 43 pages of replies to this thread, along with 4 detailed dev posts, and you read none of them beyond the first one. It has been explained many times.

Blazingfinn's Avatar


Blazingfinn
03.07.2013 , 11:31 PM | #437
Quote: Originally Posted by DaRoamer View Post
The joke is that there are 43 pages of replies to this thread, along with 4 detailed dev posts, and you read none of them beyond the first one. It has been explained many times.
so you say i should had read the 43 pages, before posting?

No, i should not since i dont know you, and your opinion is not valid.

DaRoamer's Avatar


DaRoamer
03.07.2013 , 11:41 PM | #438
Quote: Originally Posted by tausser View Post
OK, I get it.

I get it that using our display name isn't any *less* secure than using our e-mail to login. (Though I still don't buy the assertion that it actually *increases* security in any way, either, since the login name is immaterial in terms of security, as many of you have pointed out.)

The main problem here is perception - rightly or wrongly, people *feel* that world + dog suddenly knowing half their login info makes their accounts less secure. And, after being told over and over and over again to NEVER, EVER GIVE OUT YOUR LOGIN INFO, BW goes and gives half of it to said world + dog. Little wonder that people are upset. o.O

I can accept their argument for de-coupling our email from our login, it seems reasonable.

But it would seem the discussion must have gone something like this:

"We want to de-couple e-mail from login."

"Great idea! Let's have people create a new, secret login name that no one but them and us will know."

"Nah, that's too much work and expense, plus they'll all ***** about having to do it. Let's just make them use their display names, since we already have that ability in place."

"Yeah, you're right! They won't object to that."

Did it even occur to BW, what a s***storm this would generate?

Or did it occur to them and they just went with their usual **** 'em?

Anyhow, thanks to Phillip for doing his best to both explain it and put the best spin on it.
It increases security because the number one way people's accounts get compromised it due to email/password combos stolen from other, less secure, sites. This is basically what happens:

Hacker breaks into Company A server. Finds their email/password log in information for all their users.
This list is distributed/sold in underground channels where it is added to a master list.
The master list is used to go to a game website, like SWTOR, and try every email/password combination. This isn't brute forcing a single account, it's trying all of them once. Because many people use the same password for multiple websites, they go through thousands of combinations until they get hits. So now they have someone's password.
Of course they still can't log in, but since people are also dumb enough to use the same passwords for their email, they now have access to that too and they can do more malicious stuff.

By eliminating email as a login, you eliminate this entire method of account hijacking.

Additionally it now allows them to add extra security measures which may require you accessing your email. This is how Guild Wars 2 does it. "Hey, someone from China was trying to access your account. If this is you, click this link to unlock your account at this location". Now since a hacker no longer has any way of knowing which email is associated with your account, they have a MUCH harder time circumventing this security provision.\

As far as costs go, since they don't consider your username at all when designing their security, there is no reason to waste time and resources to implement a separate login name for everyone. Better to try to do what they're doing an explain why this is happening and correct people's misconceptions about your login name being know as being a bad thing.

Quote: Originally Posted by Blazingfinn View Post
so you say i should had read the 43 pages, before posting?

No, i should not since i dont know you, and your opinion is not valid.
Yes, having an understanding of the situation before posting is a wise idea, otherwise you look foolish. You may have at least wanted to read the dev posts in the thread where everything is explained clearly.

Twickers's Avatar


Twickers
03.07.2013 , 11:49 PM | #439
Quote: Originally Posted by Blazingfinn View Post
so you say i should had read the 43 pages, before posting?

No, i should not since i dont know you, and your opinion is not valid.
Maybe not read the 43 pages (I certainly didnt) but read the dev posts.
The loneliest people are the KINDEST, the saddest people smile the BRIGHTEST, the most damaged people are the WISEST, ALL because they do not wish to see another soul suffer the same way they did. - Author Unknown

chuixupu's Avatar


chuixupu
03.08.2013 , 12:33 AM | #440
Quote: Originally Posted by RikHar View Post
Is anyone really surprised at this? This is BioWare we're talking about here. Bioware!
And how many hacking reports have you seen from people playing Bioware games?

Quote:
Isn't this something like what WoW did? And people are hacked over there daily. I don't understand these peoples thinking.
You use your email to log in to Battle.net.

Quote:
I tried many times to buy an authentication key without luck. I even asked in the customer service forums for another site or somewhere where I could buy one being I couldn't on the website they have. I got nowhere. I finally I gave up.
http://www.swtor.com/info/security-key

Quote:
Now they've come up with an idea more ridiculous then WoW's. I doubt they'll change it even though no one is happy. They always do what they want regardless of the players. Everyone should know this.
Try reading the very detailed responses in this thread from the head of their security, maybe.
Wardens of Fate / Alea Iacta Est
The Tarkus Legacy ~ The Harbinger/Jedi Covenant