What about the IP checks and secret answers they will need to log in to the account?

 

And that can't be combined with a secret login name?

 

It's still the removal of a layer of security, simple as that. No matter how you look at it, it's easier to hack accounts now as you no longer need to aquire a person's email account. People that throw their email account all over the place and at the same time advertise that they play won't be less safe, but those of us that made email accounts for the purpose to have the maximum possible security now have to face that was for nothing.

 

Thing is they announce that they are planning to add more security, but right now they only removed some. At the very least they should have done those at the same time. Part of me hopes a lot of accounts get hacked now, so BW/EA can MAYBE see the error of their ways. Ofcourse I do not wish it upon (most) players, even the free ones with bad reputation (needing on everything and refusing to comment when confronted with that) that ruin it for other free players. Not to mention hacked accounts may revive credit scamming, it'll be easier for them now to steal accounts.

 

Part of me wants to make 100 accounts with less than strong passwords and chalange people to try and gain access to them, but BW already did that for us. I hope their logs will show an increase in login attempts before it's too late. I fear for everyone without an authenticator!

Please be aware that beginning on April 2, 2013, logging in to the game or website will require your Display Name. Email addresses will no longer be accepted; your Display Name will be the only accepted option.

 

Read More

 

 

So basically, now every retarded kiddie will be able to block any account just entering 10+ times the wrong password to the Display Name he can get from Forums?

 

Great job BioWare!

I would rather use my forum name then my email , my question is why did wow drop using the forum name display name whatever it gets called at the time I was playing wow to log on ,, to me displaying any name but a charater name might be worse . but wow did say there was a major issue with using display names account names etc to log in and went with using Email over this way because they said it wasn't safe and allowed more hackes etc ... one of the main reason they did the battle.net thing so it was safer with emails .. and easyer to keep track of accounts ...

 

IF I remember right wow tried to make players display there RL name on the forums but dropped it for charater names .. and this might be as bad displaying a user name and not a name you only can find in a game once logged in ..

 

sorry jwing . but yea id rather use my forum name, display name, account name, whatever you call it .. but is it really safer sense it seems to work much better with emails all the webb I have yet to have my email misused by some one else but have had to change some user names due to they got hacked ..

 

 

Just asking don't shot me ..

 

 

how and were is your setup that much diff then wow ?

 

What happens if you all go for a battle.net type thing ? which IMO is much more hack prove ..

 

I just don't want my account baned because of a display name . issue ..then I have to fight you all over it

 

you can't tell it wont happen anything can happen at any time ..

Edited March 6, 2013 by tanktest

Quote: Originally Posted by WSS_Toxin

I don't like this, if you are going to make us log in with our display names at least make it so we can change our display names at least one time.

I have that on my list of things to look at already. That is a much harder challenge to change though as Display Name is also a unique reference, and changing the unique reference can create a ton of data inconsistencies. Technically possible, but not technically easy to accomplish. I wouldn't hold your breath on this one.

 

So adding the one more field ("Forum Name") in SQL database user record and making it shown at the UserPost is very costly for you? That could be done by any school kid in a matter of 10 minutes worktime.

 

Crap... This game is falling deeper and deeper to the point of beyond rescue...

Edited March 6, 2013 by Missandei

If this site detects you logging in from a different computer it will ask you one of the security questions you had to choose during account set-up and if you can't answer it you won't be allowed to log in to this site or the game

 

Yes. And when your account is blocked due to the numerous failed hack attempts... guess what? You have to dial to the Bioware CS that already proved as a total bull..t..

Have you prepared to a 5hrs waiting on the line to just get reset your account to be allowed you to log in?

So adding the one more field ("Forum Name") in SQL database user record and making it shown at the UserPost is very costly for you? That could be done by any school kid in a matter of 10 minutes worktime.

 

Crap... This game is falling deeper and deeper to the point of beyond rescue...

 

I really like how its all ways to hard to do ,to me is a excuse, learn it, do it, then move on, is how I look at it ..

Edited March 6, 2013 by tanktest

All for this change tbh.

 

Do I use my email address in a million other places? Yup.

 

Are the vast majority of internet users even more insecure than me? You bet they are.

 

Some of you are extremely secure and use a different email address and password for every MMO and website you sign up to. This change is not for you. This is for the vast majority of internet users who use the same email address for everything and change the password they use for everything once every 5 years.

Edited March 6, 2013 by Niaymh

So in case you haven't come across me before (most haven't!), I'm Phillip Holmes, the Senior Manager of Security here at Star Wars: The Old Republic.

 

I have that on my list of things to look at already. That is a much harder challenge to change though as Display Name is also a unique reference, and changing the unique reference can create a ton of data inconsistencies. Technically possible, but not technically easy to accomplish. I wouldn't hold your breath on this one.

 

Hi Phillip,

 

If, when we had purchased the game and set up our display names, we had known you were going to do this, there is no way, in hell, I would have called myself Scorpiooooo with five o's.

 

Please, for the love of god, let us change our display names so we can log in like normal people. I understand it's not the end of the world but it would be a damn lot easier for us if you would.

 

Thank you.

 

Scorpio ... oooo

So did anyone recognice that this is possible since the beginning?

I mean you all scream how this will lower securiy but in fact there is no change in security at all. It is even a rise of security because now the most vulnareble part of the login your mail adresse which lot of people use in more then one game or on more than one website is out of the login process.

All people here should get their facts straight before the scream and moan.

Ok, and how is your forum name any different?

 

My forum name is not my email that can be hacked and used to retreive my password.

AWESOME AWESOME AWESOME CHANGE!

 

I love companies who think of theyre customer`s security and well being!

 

Keep up the good work =)

This is a really stupid change. Using e-mail as login was a bad idea - but this is worse. There should be a separate login ID that is different from display name.

 

NO PART OF MY LOGIN SHOULD BE PUBLICLY VISIBLE

 

And the response from BW makes me /facepalm

My forum name is not my email that can be hacked and used to retreive my password.

Oh, sure, how about people who still use such antiquated technology as e-mail clients that download and then delete your e-mails from the server? So even if someone hacks your e-mail account on one of 28 days of the month when Bioware doesn't send notifications that your account was billed or something, he still won't have anything. That and is it so hard to google your very public display name and connect it to an e-mail? Also, if your e-mail gets hacked, BioWare helpfully refers to you by display name in all personal messages like Cartel Coin purchase confirmations. So, if anything, it only makes it easier to target specific players.

This is a really stupid change. Using e-mail as login was a bad idea - but this is worse. There should be a separate login ID that is different from display name.

 

NO PART OF MY LOGIN SHOULD BE PUBLICLY VISIBLE

 

And the response from BW makes me /facepalm

Yeah, pretty much that. Other games do have that, so what's the problem here? Edited March 6, 2013 by SeriouslyMike
Quoted one more important post.

So did anyone recognice that this is possible since the beginning?

To be honest, I would have never thought, that a publically known value would be allowed as a login, and I am using my e-mail since day one.

 

I admit, that the upcoming change does indeed not decrease but increase the security (as the forum name is currently already known and also already allowed to use as login).

 

Still I would prefer to have a login name, which is NOT visible to the public (like my mail addy would be now, if there were not the second login, which just bypasses that secret).

Edited March 6, 2013 by JPryde

While I agree that using an e-mail as login has issues, using a name visible in the forums is just plain stupid.

Why can't I have an account name which is not visible to the rest of the world?

Only people that post on the Forums have their Display Name visible to others currently. Even then we took that into account when designing the updated system and I wouldn't recommend trying to attack known Display Names...

 

So two things here. Not everybody knows your Display Name, and an attacker will need to figure out your email account in order to attempt to take over your SWTOR account. We are implementing a few other measures (more news on that in the few weeks!) to ensure that account take over risk is mitigated.

 

We did look at using a secondary 'login only' display name, but sadly this would create more confusion and increase costs associated with support of the new system rather than decrease existing support costs. And again, I stress that knowledge of the Display Name in of itself is not a security measure - we have many other controls in place to mitigate that knowledge.

 

So apparently people willing to post on the forums to give feedback are not considered important enough to protect properly because it would cost too much.

 

I STRONGLY urge you to look again at a secondary login name.

Just curious, could this change have any impact on the game itself? For example, will my Display Name perhaps also eventually migrate into SWTOR itself? Or is this purely a change for the site?

While I understand that some are concerned by this change, at present there is nothing stopping you using a forum user name and trying to login into a posters account, right now!

This is not a change to what is currently already available, we have not had wholesale hacking attempts for the past year that this has been available to hackers, I do not foresee this being an issue in the future.

 

Hackers work by duping you into giving them your Password via you being stupid or via Malware Key loggers, so by avoiding being stupid and having good internet security you have nothing to fear!

 

Unless BW are hacked and the passwords are stolen!

They probably want me to call customer service again after my 5h and 45 minute ordeal. They checked the tape and they want to keep me 6 hours this time. Somehone 5h and 45 minutes is not a nice round figure. Everyone can see my new username now so they can have fun blocking my account

 

username: leafy_bug

 

 

Enjoy with random passwords and random security codes from the security key.

Edited March 6, 2013 by Leafy_Bug

While I understand that some are concerned by this change, at present there is nothing stopping you using a forum user name and trying to login into a posters account, right now!

 

While this is true, it is not a strong argument in favor of this system. IT SHOULD NEVER HAVE BEEN THIS WAY IN THE FIRST PLACE. If they are serious about wanting to improve security, removing the e-mail login is only a very small first step - changing to a separate login is what they should do.

 

Yes any would-be hacker would also have to get past password, security questions and possibly an authenticator, that still does not mean you should hand them the username.

Go figure. It makes little sense. Actually, it makes no sense at all.

 

All this is, is another attempt to copy WoW.

 

Probably this is another attempt to sell us something for account protection. Don't doubt it.

 

 

you used to log into wow this way but wow said it was to unsafe if remember right that's why they went with emails and battle,net and like another poster said this is not a copy of wow , It more like going back wards if they were making it a copy of wow weres there version of battle.net ? I think they are trying to be more them which to me is better, but this might be bad well see

Edited March 6, 2013 by tanktest

By the way, for all who hope for an April Fools... I SERIOUSLY hope not for one simple reason: you do NOT make jokes about the security of private Data these days...

 

Layna

ANOTHER mashup BioWare? Isn't the massacre you apply to all classes/commendations enough already? Seriously, who's responsible for all these changes?

This is not April Fool, this BioWare!

• removing email address from login - no issue with it and understand the change
  
• forcing my display name as my login - major issue with it
  

 

Any wannabe script kiddie can get a list of usernames now, just simply by browsing the forums. You are now giving 1/3 the information to any person browsing the forums. This is NOT more secure.

 

It doesn't matter either that you have the security controls to mitigate the attacks, when you broadcast(via forum display names) a list of usernames to the public, it is WRONG, and I challenge you to find a security book that would even suggest such a ludicrous idea.

 

Instead make it a separate login name, completely. In fact, add a policy so that it cannot be your display name or email address.

 

I know this suggestion has already been mentioned, I find it hard to believe that a college grad with a job as a security professional would actually suggest this and BW/EA upper management might want to reconsider the person running security.