Big thanx for the replys Phillip_BW

 

 

And since this topic is about security and you are the Senior Manager of Security, i hope you dont mind me asking:

 

When will we in Europe and Asia-Pacific be able to buy Physical Security Keys?

 

And please dont give me that baloney that its possible via the Origin Store, or even via the US Origin Store... cause they dont ship outside the US.

Dude, atleast in germany we can buy physical security keys from any tech markt.. like Saturn or Media Markt...

One concern that I have is that it seems this is opening up a way for people to "grief" each other by intentionally trying to log into someone else's account and failing a number of times, resulting in the account getting locked out. Currently, the only way to re-enable the account is to call customer service.

 

I, personally, don't want to have to call customer service to get my account re-enabled over and over again if someone decides they want to pick on me. That would be enough to make me not want to play this game anymore.

 

Are there any plans to address this scenario?

Someone (well, probably several someones) asked about this scenario up top, and Phillip directly addressed it (it is the second scenario of the two he's responding to):

I can't go in to more detail other than to say that you are missing a bunch of security controls we have in place that make both of your scenarios incorrect. Both scenarios were thought of (and dozens more) and mitigated by both our existing solution as well as the added measures we are putting in place.

They'll probably associate a range of IPs to your login and when you access services from an unrecognized range you'll have to authenticate further through your mobile device, e-mail, security questions, or a combination of the 3.

Hell, they might even ask you to recognize the names of your characters and, if correct, the last flashpoint / operation /warzone you ran on it.

I guess what I'm trying to say is that my name is a registered trademark and it's good to know they can't make me change it without breaking everything.

They'll probably associate a range of IPs to your login and when you access services from an unrecognized range you'll have to authenticate further through your mobile device, e-mail, security questions, or a combination of the 3.

 

Hell, they might even ask you to recognize the names of your characters and, if correct, the last flashpoint / operation /warzone you ran on it.

 

I guess what I'm trying to say is that my name is a registered trademark and it's good to know they can't make me change it without breaking everything.

At least for me personally all would be fine, if they implemented a system like that. I consider it reasonable secure. It's just that you're already able to login with your account name, and I didn't encounter any problems, as I tried to login from a pc that I have definitely not used before.

Maybe you can explain: why

 

Blizzard changed the login from login-name to email and said: this is more safety

Bioware changed the login from email to login name

 

Logic!

 

And blizzard has a liitle bit more user and my email adress on the battle net is additional my login to sc2 and D3 and wow:rolleyes:

The reasons they are doing this was stated. Blizzard has lots of backend validation including delays on cc purchases. Lots of valid methods each with risks and strengths. This is a good approach for helping people that may not realize all the dangers. You dont seriously think this is less secure do you? If i am not mistaken you can log on with the account name now.

But you are certainly entitled to your roll eyes opinion. Stay in a holiday inn last night?

Yeah, I wouldn't mind seeing it tighten up a bit which seems like what they're trying to do. I look forward to reading the run down of what's coming.

I would like to take this moment to recognize the work of the late, great Bettie Page. A body type 2 if there ever was one.

The world needs more zaftig bombshells.

Case 1:

 

nobody knows what e-mail I use for SWTOR, except BioWare (really noboby, just me and BioWare)

 

my e-mail has about 20+ chracters including @ - and .

 

Case 2:

 

everybody can read my nickname here

 

it has 7 characters

 

Which one is more secure, Phillip?

 

What kind of education do you have, Phillip? Cook?

1 - You can already log in with your display name

2 - Even if you guessed the password you wouldn't be able to log in unless you also knew the secret question answers

There are more security checks happening here than just username/password.

One concern that I have is that it seems this is opening up a way for people to "grief" each other by intentionally trying to log into someone else's account and failing a number of times, resulting in the account getting locked out. Currently, the only way to re-enable the account is to call customer service.

 

I, personally, don't want to have to call customer service to get my account re-enabled over and over again if someone decides they want to pick on me. That would be enough to make me not want to play this game anymore.

 

Are there any plans to address this scenario?

This actually doesn't happen and I know that for a fact. I once had to log in to my girlfriend's son's account who lives in another state with his father. Since I was logging in from a different location than where he normally logs in I was prompted to answer a security question. Neither me nor my gf were able to guess his answer so after 3 or 4 tries his account was locked. Now, he could still log in from home just fine but I wasn't able to here even after he told me the answer to the question.

ok

at present I have 4 step security system for swtor which are :-

1 Game Password

2 Game Key Fob for security number to be inputted into launcher

3 E-mail Password different from Games one

4 E-mail Verification if e-mail account is accessed not on the registered PC (GM-mail,Google) sent to my phone

if you force me to use my Display name it goes down to 2

1 Game password

2 Game Key Fob for security number to be inputted into launcher

now what happens if I get this bug with the Security Key which some are still getting it or the battery runs out and at present we can't get them in the UK for some reason .. then it goes down to 1

1 Game password

Also I can view these forums without logging in on a diff. PC and can see everyone's display name..so much for sub players only seeing my name....

so your telling me this is more secure,I can vouch for my PC but can you vouch for your web site being secure and i'll have it in writing and on headed paper please ..

After reading this thread, I have come to a conclusion. There is a MASSIVE security hole in SWTOR's login system. You can log in by a publically displayed username already.

I'd like to make a suggestion. Disable this publically displayed username login system and force everyone to log in though the more secure email login system.

ok

 

at present I have 4 step security system for swtor which are :-

 

1 Game Password

2 Game Key Fob for security number to be inputted into launcher

3 E-mail Password different from Games one

4 E-mail Verification if e-mail account is accessed not on the registered PC (GM-mail,Google) sent to my phone

 

if you force me to use my Display name it goes down to 2

 

1 Game password

2 Game Key Fob for security number to be inputted into launcher

 

now what happens if I get this bug with the Security Key which some are still getting it or the battery runs out and at present we can't get them in the UK for some reason .. then it goes down to 1

 

1 Game password

 

so your telling me this is more secure,I can vouch for my PC but can you vouch for your web site being secure and i'll have it in writing and headed paper please ..

 

Also I can view these forums without logging in on a diff. PC and can see everyone's display name..so much for sub players only seeing my name....

It also checks your IP address. If you're not in the same location as normal it asks for answers to your security questions.

This is not a April 1st joke!!!!

 

Why!

 

You can log in right now with your user name....

 

last straw for me from this company, just unsubbed.

You've been able to do this for months.

A smart man knows what to say, a truly wise man knows when to say it.

so now everyone will know half of what you use to login?

My thoughts exactly. Half of what they need is displayed for them. Unless, when we post, it shows our chosen character name instead.

The email you sent out looks like a phishing email. You should tell people to log into their accounts with out a link. It would be easy to grab account info, especially for those who don't have an authenticator by using this email form.

They hammer us at work about this.

My thoughts exactly. Half of what they need is displayed for them. Unless, when we post, it shows our chosen character name instead.

It would be nice to have a similar forum system to that which The Game That Shall Not Be Named is/was running, wherein you have a selection of your ingame characters and your avatar/display name is your character's appearance (including armour, these were busts) and their name. I think there may also have been your server name?

Of course a system like that would require an armoury and for SWTOR to catalogue its items on the website in some sort of searchable database. Too bad technology like that doesn't exist anywhere on the internets...

I pray that we have not problems once this goes effect.

Already in effect since Free-to-Play launched (11/15) and from what i know, no problems at all.

The email you sent out looks like a phishing email. You should tell people to log into their accounts with out a link. It would be easy to grab account info, especially for those who don't have an authenticator by using this email form.

 

They hammer us at work about this.

I even remember this very thing when I look a computers class haha.

I THINK THIS IS WHY THEY ARE DOING IT

They are trying to protect us from a Hacker tactic called Combo'ing. What Combo'ing is, is when a bunch of hacker attack a weak website that does not have good security and raid it for "Login & Password" info. Then, they take the login & passwords and start trying to use them on other websites (Examples- Paypal, Bank websites, GAME websites, credit card websites, ect, ect, ect.) and when they find a match they get on to the account and then they screw you. This tactic works quite often because people now more than ever are forced to register to online sites in order to get access to the site and most people HATE trying to remember several login's & passwords so, they try as much as possible to recycle the same login & password if they can (I try not reuse passwords for this reason but, people do it all the time). By changing their login requirement to a screen name it helps secure your information due to the fact most web sites want you to use your email address as your login and there fore most of the time hacker using this technique are going to try to use your email address as the login and then apply the password they found.

I THINK THAT'S WHY THEY ARE DOING THIS BUT, I COULD BE WRONG.

At least the response is not as explosive as when Blizzard almost made displaying real names mandatory.

Wow... I would immagine it would be!

--------- --------- ---------

In response to everyone ranting on how this decreases account security, you are wrong. Players were always able log in using account names as well as emails. This decreases the options of hackers.

Not only that, they have stated that even more security measures will be put into place which have yet to be accounced.

Chill out.