Please upgrade your browser for the best possible experience.

Chrome Firefox Internet Explorer
×

Display Name Only Log In - Coming April 2, 2013

STAR WARS: The Old Republic > English > General Discussion
Display Name Only Log In - Coming April 2, 2013
First BioWare Post First BioWare Post

WahineKoa's Avatar


WahineKoa
03.06.2013 , 02:06 AM | #211
AWESOME AWESOME AWESOME CHANGE!

I love companies who think of theyre customer`s security and well being!

Keep up the good work =)

Sambril's Avatar


Sambril
03.06.2013 , 02:14 AM | #212
This is a really stupid change. Using e-mail as login was a bad idea - but this is worse. There should be a separate login ID that is different from display name.

NO PART OF MY LOGIN SHOULD BE PUBLICLY VISIBLE

And the response from BW makes me /facepalm

SeriouslyMike's Avatar


SeriouslyMike
03.06.2013 , 02:25 AM | #213
Quote: Originally Posted by Mallorik View Post
My forum name is not my email that can be hacked and used to retreive my password.
Oh, sure, how about people who still use such antiquated technology as e-mail clients that download and then delete your e-mails from the server? So even if someone hacks your e-mail account on one of 28 days of the month when Bioware doesn't send notifications that your account was billed or something, he still won't have anything. That and is it so hard to google your very public display name and connect it to an e-mail? Also, if your e-mail gets hacked, BioWare helpfully refers to you by display name in all personal messages like Cartel Coin purchase confirmations. So, if anything, it only makes it easier to target specific players.
Quote: Originally Posted by Sambril View Post
This is a really stupid change. Using e-mail as login was a bad idea - but this is worse. There should be a separate login ID that is different from display name.

NO PART OF MY LOGIN SHOULD BE PUBLICLY VISIBLE

And the response from BW makes me /facepalm
Yeah, pretty much that. Other games do have that, so what's the problem here?

JPryde's Avatar


JPryde
03.06.2013 , 03:00 AM | #214
Quote: Originally Posted by chuuuuucky View Post
So did anyone recognice that this is possible since the beginning?
To be honest, I would have never thought, that a publically known value would be allowed as a login, and I am using my e-mail since day one.

I admit, that the upcoming change does indeed not decrease but increase the security (as the forum name is currently already known and also already allowed to use as login).

Still I would prefer to have a login name, which is NOT visible to the public (like my mail addy would be now, if there were not the second login, which just bypasses that secret).
~~~ Macht Wächter ~~~
Vanjervalis Chain
Jhoira, Skarjis, Trântor, Ric-Xano, Sabri-torina, Tir-za, Shaina ...
We do not brake for Wookiees !

Prester-John's Avatar


Prester-John
03.06.2013 , 03:21 AM | #215
While I agree that using an e-mail as login has issues, using a name visible in the forums is just plain stupid.
Why can't I have an account name which is not visible to the rest of the world?

Sambril's Avatar


Sambril
03.06.2013 , 03:22 AM | #216
Quote: Originally Posted by Phillip_BW View Post
Only people that post on the Forums have their Display Name visible to others currently. Even then we took that into account when designing the updated system and I wouldn't recommend trying to attack known Display Names...

So two things here. Not everybody knows your Display Name, and an attacker will need to figure out your email account in order to attempt to take over your SWTOR account. We are implementing a few other measures (more news on that in the few weeks!) to ensure that account take over risk is mitigated.

We did look at using a secondary 'login only' display name, but sadly this would create more confusion and increase costs associated with support of the new system rather than decrease existing support costs. And again, I stress that knowledge of the Display Name in of itself is not a security measure - we have many other controls in place to mitigate that knowledge.
So apparently people willing to post on the forums to give feedback are not considered important enough to protect properly because it would cost too much.

I STRONGLY urge you to look again at a secondary login name.

Terin's Avatar


Terin
03.06.2013 , 03:23 AM | #217
Just curious, could this change have any impact on the game itself? For example, will my Display Name perhaps also eventually migrate into SWTOR itself? Or is this purely a change for the site?

danielearley's Avatar


danielearley
03.06.2013 , 04:08 AM | #218
While I understand that some are concerned by this change, at present there is nothing stopping you using a forum user name and trying to login into a posters account, right now!
This is not a change to what is currently already available, we have not had wholesale hacking attempts for the past year that this has been available to hackers, I do not foresee this being an issue in the future.

Hackers work by duping you into giving them your Password via you being stupid or via Malware Key loggers, so by avoiding being stupid and having good internet security you have nothing to fear!

Unless BW are hacked and the passwords are stolen!

Leafy_Bug's Avatar


Leafy_Bug
03.06.2013 , 04:22 AM | #219
They probably want me to call customer service again after my 5h and 45 minute ordeal. They checked the tape and they want to keep me 6 hours this time. Somehone 5h and 45 minutes is not a nice round figure. Everyone can see my new username now so they can have fun blocking my account

username: leafy_bug


Enjoy with random passwords and random security codes from the security key.

Sambril's Avatar


Sambril
03.06.2013 , 04:46 AM | #220
Quote: Originally Posted by danielearley View Post
While I understand that some are concerned by this change, at present there is nothing stopping you using a forum user name and trying to login into a posters account, right now!
While this is true, it is not a strong argument in favor of this system. IT SHOULD NEVER HAVE BEEN THIS WAY IN THE FIRST PLACE. If they are serious about wanting to improve security, removing the e-mail login is only a very small first step - changing to a separate login is what they should do.

Yes any would-be hacker would also have to get past password, security questions and possibly an authenticator, that still does not mean you should hand them the username.