Um... where on earth did you even get the idea that Bioware would need/want your email password???????

 

Of course not!!! They never said they would, and there is absolutely no reason for them to have it.

Where did I get the idea? I underlined and bolded the part of the quote that gave me the idea. Look at the quote in my previous post.

This is how it works;

 

Trojans and other malicious software are installed to your computer by hackers who install them to your computer through various techniques.

 

These trojans, for example, read whatever you write on your screen and send it further to the hacker.

 

When you login with your email adress for example to swtor.com the hacker may then easily try to hack themselves to your email adress, hotmail as an example, which is easy to hack for people who know how to do it.

 

Then they just simply request a new password from swtor.com to your email adress they already hacked, and after they recieve a new passwotrd they make a hostile takeover of your swtor account.

 

NOW, when you only login with your "username" these trojans wont get any vital information from you, meaning the possibility of hostile takeover of your swtor account is decreased significantly.

Why on earth havent they told us this in the 'more info' parts around the website!!!? what you write here makes perfect sense BUT FREALZ why haven't they told us this if it is as simple as this. DOH! now they know my login! And what happens when I upset someone so much and that someone is either a knowledgable hacker or just a bafoon who decides he wants to shut me down even if temporarily and so logs in to my account numerously with the wrong password eventually causing a shut out till I go to my e-mail account to retrieve security details? (this happens on e-mail accounts and I'm just assuming it's the same for swtor)

Thanks for info

Where did I get the idea? I underlined and bolded the part of the quote that gave me the idea. Look at the quote in my previous post.

Reading comprehension fail. He said in the future, a HACKER would need to somehow get a hold of your email password in order to hack you, which would only happen from keylogging or you posting it publicly.

Good grief, now people are reading things into this that aren't even there.

I understand that account security is important to everyone, including me, including EA/Bioware. As it's been stated, usernames have already worked as a login. They didn't ADD this. They're just removing the other method.

And I have a hard time believing that all these people in this thread are well trained and versed in SWTOR's security framework and know something their own security team doesn't.

My hope this will lead to a global (cross-server cross-faction) chat system.

Please

Where did I get the idea? I underlined and bolded the part of the quote that gave me the idea. Look at the quote in my previous post.

:/ The line you are referring to is a hint that there will be security/verification measures linked to your email -- which is why they want to remove our email addresses from the login system.

In GW2, for example, a bit after launch they implemented a system such that the first time you try to log in from a new IP, you can't actually log in until an email is sent to your registered email account. From that email, you will need to verify the attempted login (or deny it!).

My hope this will lead to a global (cross-server cross-faction) chat system.

 

Please

I have no idea how this would be related....

Though I'd definitely like to be able to link up a related cross-faction guild chat somehow. I'm not holding my breath, though.

Where did I get the idea? I underlined and bolded the part of the quote that gave me the idea. Look at the quote in my previous post.

You completely failed at reading then. You need to go back and carefuly RE-READ what Phillip actual wrote.

Where did I get the idea? I underlined and bolded the part of the quote that gave me the idea. Look at the quote in my previous post.

Likely what he means is they will implement something like Guild Wars 2 where if they detect someone trying to log into your account from an IP that isn't yours they will send you an email to confirm that it is you. So if someone was trying to hack your account they still wouldn't be able to log in unless they also had your email account password. Even then they would STILL need the answers to your secret questions.

This is a lot of hoops for gold farmers to jump through.

The most common form of getting your account hacked is having another site you use hacked and their email/password database stolen. Philip mentioned this, they cannot account for poor security on other sites. Considering MANY people use the same combination on other sites the hackers use these lists and try them on gaming sites until they get a match. By removing email from the equation they eliminate this threat.

Targeting specific people and trying to brute force through passwords, emails and secret questions is uncommon and too much work for typical gold farmers.

And what happens when I upset someone so much and that someone is either a knowledgable hacker or just a bafoon who decides he wants to shut me down even if temporarily and so logs in to my account numerously with the wrong password eventually causing a shut out till I go to my e-mail account to retrieve security details? (this happens on e-mail accounts and I'm just assuming it's the same for swtor)

Thanks for info

Apparently (others have posted on this from personal experience elsewhere in the thread), the lockout only applies to THAT IP, not globally. So you can still log in from where you usually do, but the wannabe hacker is locked out.

I haven't read the 15 pages since this was posted, so forgive me if this has already been pointed out.

 

I sincerely hope that this does not mean that I have to give BW my e-mail account password! I will *not* be doing so. It would be tragic to lose customers over something so stupid.

No, I imagine that they will be doing the standard

if IP is X distance away from normal location lock account without additional verification code which is sent by email. Rift currently does this with their 'coin' lock system. So does Steam.

Hilarious..... except the hypothetical you quoted is inaccurate.

 

It's pretty simple to put anti-griefing measures in place with existing systems to prevent this. In fact, it's clear that they already exist, and have since launch. But hey... feel free to try to grief forum members and see what happens. They will lock-out your IP (since it is not recognized and validated for the account you are trying to grief), and then look it up to see in their database to see what actual SWTOR account validly uses your IP and then send you a ban notice for attemting to hack someone elses account.

You're arguing from the point of view of a competent and benevolent company, and also from the point of view of "better security doesn't cost money", so because it's pretty simple, it's already implemented and with no bugs.

Well, sorry, but this is EA/Bioware, and although they made a decent game, there are still simple-to-fix bugs in the game that haven't been fixed (saber blades disappearing for example), and let's not forget that you have to CALL their understaffed and outsourced tech support department to maybe get a fix to a bug or issue that was their fault to begin with.

So, yeah, I'd like to have the logon ID be secret, as an added security measure, for my own peace of mind.

And hey, I tried to grief Mr. Security Expert himself, no IP ban looks like, so maybe your assumption that it's already in place is wrong. They do have a stupid captcha that appears after the 5th attempt, I guess to verify that it's not a web bot doing a brute force attack. As if captcha works in this day and age.

Anyway, I hope you get hacked and have to phone for support to get your account back, just to have all this confidence you have in them be shattered. Cause you really need it.

I was just reading Philip_BW's comments on the new Display Name log-in and I get it.

Theyre also locking down SWTOR.com in relation to all of the other fan sites out there as they do this.

Yes, the SWTOR Forums show the actual display name you'll be logging in with. But those other sites out there that are SWTOR fan sites, but allow you to log in through email, are probably where most of this problem is coming from.

Once THOSE sites have your email, and your password, the admins of those sites could easily sell or gift that info, or use it themselves to hack into your account, assuming you used the same email to log into SWTOR.com and the 3rd party site.

Relying on email and a password (which they already have extra systems to bolster) leaves their system vulnerable to other systems that are hacked.

By moving to Display Name, those other sites will be losing their advantage, unless you go use your same login-name over there at that site...

You completely failed at reading then. You need to go back and carefuly RE-READ what Phillip actual wrote.

Wow, aren't you just a ray of sunshine? Thanks for all the helpful details and explanation. /sarcasm

You know, since I'm so stupid that I can't even read, perhaps you could try to explain to me what Phillip meant by the underlined portion of his quote, rather than just berate me. Be sure to use small words though, since I'm too stupid to understand regular vocabulary.

But you'd rather just insult and move on, instead of actually *contributing* to the conversation.

But before you actually contemplate being helpful, you needn't bother, because DaRoamer did a great job of it already.

Thank you, DaRoamer, for helping to explain what might have been meant by that comment. I sincerely hope you're right about that. And thank you for contributing a positive environment to the normally negative forums.

You're arguing from the point of view of a competent and benevolent company, and also from the point of view of "better security doesn't cost money", so because it's pretty simple, it's already implemented and with no bugs.

 

Well, sorry, but this is EA/Bioware, and although they made a decent game, there are still simple-to-fix bugs in the game that haven't been fixed (saber blades disappearing for example), and let's not forget that you have to CALL their understaffed and outsourced tech support department to maybe get a fix to a bug or issue that was their fault to begin with.

 

So, yeah, I'd like to have the logon ID be secret, as an added security measure, for my own peace of mind.

 

LOLWUT?

What do game bugs and personal peeves about the game have to do with this topic?

Back on topic.....SWTOR probably has the best security track record and reputation in the industry at this time. They have completely avoided what most other modern MMO releases have fallen victim to... large numbers of hacked accounts due to inadequate security protocols.

So simply on an evidenced based assessment, in the context of account security (not game bugs), SWTOR operates a secure and professional service.

Anyway, I hope you get hacked and have to phone for support to get your account back, just to have all this confidence you have in them be shattered. Cause you really need it.

Well, how sweet of you.

No worries though.... my account here is safer then any other MMO on the market, and I currently play several of them.

I notice that you purposely avoided answering the most logical way to make our accounts more secure, my suggestion to have us all create New Unique Account Names, instead of using names that can be easily gleaned off any forum we use.

 

I myself play many Online Games and use many forums and I use the same Display Name (aka. Forum Handle) in all of them. Using that as my login is not a more secure way of doing anything. What kind of "Security Expert" can ignore that simple logic?

 

This user is right. I know him from STO because he did a helpful post on STO that got stickied. He doesn't know who I am there because I don't use the same display name (lucky me). I picked one more "Star Warsy" for this site.

Now let's look at the "security" between STO and TOR now. I know his username to log in to the game in TOR. I have NO clue what it is in STO.

Security winner = STO

When you lose anything good to STO, you suck. No ways around that because Cryptic is amateur hour over there and they have more security.

BTW, thanks EA/Bioware, for disclosing what YOUR login ID's are, too, from employees to customer support techs to community reps. You want to see what the Internets can do with just a bit of information, google that WoW forum thread where a Blizzard employee posted just his RL name, and see what happened within 15 minutes.

I'm sure both Bioware and Greg Street are shaking in their boots at this very moment.

This user is right. I know him from STO because he did a helpful post on STO that got stickied. He doesn't know who I am there because I don't use the same display name (lucky me). I picked one more "Star Warsy" for this site.

 

Now let's look at the "security" between STO and TOR now. I know his username to log in to the game in TOR. I have NO clue what it is in STO.

 

Security winner = STO

 

When you lose anything good to STO, you suck. No ways around that because Cryptic is amateur hour over there and they have more security.

And as soon as you log into TOR with his successful credentials, but are coming from an IP different than the last series he used, you're automatically going to be given the extra mile and you'll now have to start answering security questions.

I played STO for more than a year and I don't ever recall their system going to an extra series of questions just because it realized you're coming from a completely different IP address. TOR had that at launch, if I'm not mistaken.

Secondly, I much prefer TOR's naming system to STO's. STO chat looks like a spam fest.

Wow, aren't you just a ray of sunshine? Thanks for all the helpful details and explanation. /sarcasm

 

You know, since I'm so stupid that I can't even read, perhaps you could try to explain to me what Phillip meant by the underlined portion of his quote, rather than just berate me. Be sure to use small words though, since I'm too stupid to understand regular vocabulary.

 

But you'd rather just insult and move on, instead of actually *contributing* to the conversation.

 

But before you actually contemplate being helpful, you needn't bother, because DaRoamer did a great job of it already.

 

Thank you, DaRoamer, for helping to explain what might have been meant by that comment. I sincerely hope you're right about that. And thank you for contributing a positive environment to the normally negative forums.

Please stop all the drama. Nobody called you anything. We were having a forum conversation. I asked how you arrived at the conclusion that bioware would require your email password from what Phillip said.... to which you promptly restated that you read it and that I need to reread what you underlined.

will require the attacker to also know your email account password

And you know what.. I did reread what you underlined (requoted above, verbatim)... and concluded that you failed at reading what was written and suggested you go back and re-read what Phillip actually wrote, and do so in context.

PLEASE NOTE: the word "attacker" in what you underlined.....how you equated "attacker" = Bioware... I have absolutely no clue.

And as soon as you log into TOR with his successful credentials, but are coming from an IP different than the last series he used, you're automatically going to be given the extra mile and you'll now have to start answering security questions.

 

I played STO for more than a year and I don't ever recall their system going to an extra series of questions just because it realized you're coming from a completely different IP address. TOR had that at launch, if I'm not mistaken.

 

Secondly, I much prefer TOR's naming system to STO's. STO chat looks like a spam fest.

/Agree

^Quote the wrong post ?

Yeah... thanks for the keen eye.... I fixed.... not sure how it happened but.. fixed is fixed.

Aplogiees to Kubernetic on the earlier misquot.

And as soon as you log into TOR with his successful credentials, but are coming from an IP different than the last series he used, you're automatically going to be given the extra mile and you'll now have to start answering security questions.

 

I played STO for more than a year and I don't ever recall their system going to an extra series of questions just because it realized you're coming from a completely different IP address. TOR had that at launch, if I'm not mistaken.

 

Secondly, I much prefer TOR's naming system to STO's. STO chat looks like a spam fest.

Last line is off-topic. We can take that to another thread if you want to start one. And FYI, I'll probably agree with you on that but it's off topic here.

Strange though, I've changed IP's many times and never had to answer security questions because of it. Changing IPs is as easy as logging in to your router and cloning the MAC address. You get a different IP each time. And the lease for each is 7 days or less. More than one computer, I can have a new IP in minutes. Then BW will have to track it down through the ISP.

My changing IPs by MAC clone was to be sure it wasn't a gateway issue when I had connection problems. Not to hack. Clearing that up.

The game of internet cat and mouse is far from hard.

Last line is off-topic. We can take that to another thread if you want to start one. And FYI, I'll probably agree with you on that but it's off topic here.

 

Strange though, I've changed IP's many times and never had to answer security questions because of it. Changing IPs is as easy as logging in to your router and cloning the MAC address. You get a different IP each time. And the lease for each is 7 days or less. More than one computer, I can have a new IP in minutes. Then BW will have to track it down through the ISP.

 

My changing IPs by MAC clone was to be sure it wasn't a gateway issue when I had connection problems. Not to hack. Clearing that up.

 

The game of internet cat and mouse is far from hard.

You don't have to answer Security Questions after changing IP if you have an Authenticator/Security Key.