Please upgrade your browser for the best possible experience.

Chrome Firefox Internet Explorer
×

Display Name Only Log In - Coming April 2, 2013

STAR WARS: The Old Republic > English > General Discussion
Display Name Only Log In - Coming April 2, 2013
First BioWare Post First BioWare Post

DarthTHC's Avatar


DarthTHC
03.11.2013 , 10:42 AM | #491
Quote: Originally Posted by UltimateKrucible View Post
Has anyone from BW commented on the fact that our usernames are there for everyone to see on the forums, and whether accounts will be blocked for numerous failed attempts to log in with them?

That's the part of this that keeps bugging me.
Yes, and if you can't be inconvenienced to read this thread for the (really good and informative) Phillip_BW posts answering exactly that question, you might try DevTracker: http://www.swtor.com/community/devtracker.php

UltimateKrucible's Avatar


UltimateKrucible
03.11.2013 , 11:26 AM | #492
Quote: Originally Posted by DarthTHC View Post
Yes, and if you can't be inconvenienced to read this thread for the (really good and informative) Phillip_BW posts answering exactly that question, you might try DevTracker: http://www.swtor.com/community/devtracker.php
Thanks for that - It's not a case of being inconvenieced, btw - I was asking if anyone from BW had responded, not where. I'm not going to search through 40 pages on the off chance that there was a BW response.

For what it's worth, he says: I can't go in to more detail other than to say that you are missing a bunch of security controls we have in place that make both of your scenarios incorrect. Both scenarios were thought of (and dozens more) and mitigated by both our existing solution as well as the added measures we are putting in place.

So, no details then. Just a 'trust us'. Make of that what you will.
. Shine on, you crazy pixel.

Funny post! The nine circles of SW:TOR PvP hell

Rafaman's Avatar


Rafaman
03.11.2013 , 11:44 AM | #493
Quote: Originally Posted by UltimateKrucible View Post
Thanks for that - It's not a case of being inconvenieced, btw - I was asking if anyone from BW had responded, not where. I'm not going to search through 40 pages on the off chance that there was a BW response.

For what it's worth, he says: I can't go in to more detail other than to say that you are missing a bunch of security controls we have in place that make both of your scenarios incorrect. Both scenarios were thought of (and dozens more) and mitigated by both our existing solution as well as the added measures we are putting in place.

So, no details then. Just a 'trust us'. Make of that what you will.
Err... plenty of details and more responses too. Just use the community search feature if you don't want to take a couple of minutes to peruse the thread.

DarthTHC's Avatar


DarthTHC
03.11.2013 , 11:48 AM | #494
Quote: Originally Posted by UltimateKrucible View Post
Thanks for that - It's not a case of being inconvenieced, btw - I was asking if anyone from BW had responded, not where. I'm not going to search through 40 pages on the off chance that there was a BW response.

For what it's worth, he says: I can't go in to more detail other than to say that you are missing a bunch of security controls we have in place that make both of your scenarios incorrect. Both scenarios were thought of (and dozens more) and mitigated by both our existing solution as well as the added measures we are putting in place.

So, no details then. Just a 'trust us'. Make of that what you will.
He actually gives a decent amount of detail. He's not going to outline the blueprint because that would be stupid.

Three questions for you:

1) How many SWTOR accounts have been compromised since December 2011?
2) How many WoW accounts were compromised last week?
3) Based on that thought experiment, or statistics if you have them, what do you think of SWTOR security?

UltimateKrucible's Avatar


UltimateKrucible
03.11.2013 , 12:29 PM | #495
Quote: Originally Posted by DarthTHC View Post
He actually gives a decent amount of detail.

"I can't go in to more detail "

Three questions for you:

1) How many SWTOR accounts have been compromised since December 2011?
2) How many WoW accounts were compromised last week?
3) Based on that thought experiment, or statistics if you have them, what do you think of SWTOR security?
1) Don't know
2) Don't care
3) Used to think it was good - now a bit sceptical.


What do you think of this response, and what it's saying about the background to all this?

We did look at using a secondary 'login only' display name, but sadly this would create more confusion and increase costs associated with support of the new system rather than decrease existing support costs.
. Shine on, you crazy pixel.

Funny post! The nine circles of SW:TOR PvP hell

DarthTHC's Avatar


DarthTHC
03.11.2013 , 12:43 PM | #496
Quote: Originally Posted by UltimateKrucible View Post
1) Don't know
2) Don't care
3) Used to think it was good - now a bit sceptical.


What do you think of this response, and what it's saying about the background to all this?

We did look at using a secondary 'login only' display name, but sadly this would create more confusion and increase costs associated with support of the new system rather than decrease existing support costs.
If you had read all of Philip_BW's posts, you would understand that there are 3 types of information that can secure accounts:

1) Something you know
2) Something you have
3) Something you are

The user name is identification; not authentication. Even if you try to consider the user name as authentication, it and password are both in the first category. They'd be redundant.

If you can't see that SWTOR account security is THE standard in MMOs today, you're not trying very hard. SWTOR accounts don't get compromised. They don't get locked out because of someone else trying to compromise them. The security model is rock solid.

The guy that designed that stellar security system is now trying to improve its security while also improving self-servicability.

Your concern - that having the user name portion of authentication known - has been addressed at least twice by Phillip_BW posts in this thread. If you would like to disagree with him, I'm sure he'd welcome the discussion. But I expect you might be asked to present credentials and well-founded, robust arguments.

I don't have a problem with EA controlling development and support costs for this, especially if no real gain would be made in security as a result of the investment. I don't mind his response to that at all.

UltimateKrucible's Avatar


UltimateKrucible
03.11.2013 , 01:00 PM | #497
Quote: Originally Posted by DarthTHC View Post

snip

.
No need to be so defensive. I asked a legitimate question, got the answer and remain sceptical. I see security being weakened, apparently on cost grounds.

You don't think so - good for you.
. Shine on, you crazy pixel.

Funny post! The nine circles of SW:TOR PvP hell

Andryah's Avatar


Andryah
03.11.2013 , 01:05 PM | #498
Quote: Originally Posted by UltimateKrucible View Post
I'm not going to search through 40 pages on the off chance that there was a BW response.
You do not have to. You could simply scroll through devtracker and see only the BW responses and skip all the other people that have said exactly the same things you have and asked the same questions and made the same excuses for the redundant questions.

http://www.swtor.com/community/devtracker.php
sayonara SWTOR. I will miss the game, I will miss many players, I will NOT miss being lied to and deceived. I will not miss rookie level mistakes of epic proportions.

Andryah's Avatar


Andryah
03.11.2013 , 01:06 PM | #499
Quote: Originally Posted by UltimateKrucible View Post
No need to be so defensive. I asked a legitimate question, got the answer and remain sceptical. I see security being weakened, apparently on cost grounds.

You don't think so - good for you.
DarthTHC was not being defensive. He was actually going out of his way to help you by re-stating what has already been stated by BW multiple times, as well as by many other respondents to this thread.

You clearly did not bother to read all of what Phillip shared in his multiple long responses to the thread. OR, you simply refuse to believe what Phillip has stated with regard to concerns about it weakening security.
sayonara SWTOR. I will miss the game, I will miss many players, I will NOT miss being lied to and deceived. I will not miss rookie level mistakes of epic proportions.

DarthTHC's Avatar


DarthTHC
03.11.2013 , 01:08 PM | #500
Quote: Originally Posted by UltimateKrucible View Post
No need to be so defensive. I asked a legitimate question, got the answer and remain sceptical. I see security being weakened, apparently on cost grounds.

You don't think so - good for you.
Security is not being weakened though. I don't understand how you can say you've read Phillip_BW's posts in this thread and still think that.

Today - right now - I can log in using DarthTHC as the user name. We've all been able to log in with our forum names instead of our email addresses since f2p went live - months ago.

In all that time, we have never heard of even one SWTOR account being compromised. And we SWTOR players are vocal. We'd have heard if it happened.

The only place forcing user ID to be email address is more secure is in peoples' minds, which are powerful, but aren't always right.