Please upgrade your browser for the best possible experience.

Chrome Firefox Internet Explorer
×

Display Name Only Log In - Coming April 2, 2013

STAR WARS: The Old Republic > English > General Discussion
Display Name Only Log In - Coming April 2, 2013
First BioWare Post First BioWare Post

Lyshar's Avatar


Lyshar
03.05.2013 , 04:20 PM | #131
So allowing everyone to read my login name is security? I have an e-mail address I use EXCLUSIVELY for SWTOR, this because that is the safest way, people needing to aquire both in some way to gain access. It also tells me when BW/EA pull the same crap another company did with account information (Still getting bogus and possibly real spam from that company that sold my account after 1 year when I cancelled the entire account).

So no, this does not make things more secure. Not buying any claims of steps being taken to make it more secure again, you're showing people who we are, half the player chosen login information. I also use a security key, so that gives me some security, but telling the whole world my login name does not provide more security as they now need less to gain access. Don't have 100% faith in the security key as it is, but now I NEED it in case someone makes a really lucky password guess. Used to be they needed a really lucky e-mail guess as well, they can already skip those now.

There should at least be a login name and a display name as 2 fields, allowed to be the same, but not advised to. Using that login name over the display name and then not allowing e-mail address is the only way to give some security in the way you appearantly intend it.

Used to say E-mail or Display name for free players and just E-mail for subscribers I think. Not sure what the reason behind that was, but I feel that was way better.

Blackavaar's Avatar


Blackavaar
03.05.2013 , 04:24 PM | #132
Quote: Originally Posted by LarryRow View Post
Okay, but you said he avoided it. You are free to not be satisfied with the explanation, but he did address it.

Also, he said not using a unique login name would cut costs and be less confusing. Let's be fair.
Oh yeah, like it's so confusing having a unique login name. Really, the only people this would be confusing for are morons, so I don't think that is a factor at all. No, this is about cutting costs, nothing more.

Only the meek get pinched. The bold survive.(███████████████████████████████████║║█[Θ]█]◙◙◙◙◙◙◙◙[█]

discbox's Avatar


discbox
03.05.2013 , 04:27 PM | #133
I hope there is no Phillip_BW in any other company taking care of my security.

Someone like that responsible for security - this makes me sick...

Blackavaar's Avatar


Blackavaar
03.05.2013 , 04:27 PM | #134
Quote: Originally Posted by Andryah View Post
There are simply easier prey out on the internet then for them to chip teeth on SWTOR, which to the best of my knowledge as been free from mass hacker scandles (unlike some other popular MMOs).
Yes, to my knowledge not one single account has been hacked on SWTOR, so why bother making this change at all?

Only the meek get pinched. The bold survive.(███████████████████████████████████║║█[Θ]█]◙◙◙◙◙◙◙◙[█]

Arlon_Nabarlly's Avatar


Arlon_Nabarlly
03.05.2013 , 04:31 PM | #135
Quote: Originally Posted by chuixupu View Post
Thanks Phillip, for responding.

So many paranoid, conspiratorial people on the interwebz.
Apparently Phillip is one of them or we wouldn't be making this asinine change.

Nealzeypoo's Avatar


Nealzeypoo
03.05.2013 , 04:35 PM | #136
Can we fix the android authenicator. The number text for mine is black. I have to use it in landscape to be able to see the numbers

RyaSan-sal's Avatar


RyaSan-sal
03.05.2013 , 04:39 PM | #137
Whoever told you guys this is safer should leave a large opening where his/her job used to be. How old and out of touch do you need to get, EA? You've proven you haven't got a clue what gamers want. So stop already. Change for the sake of change is a futile exercise for you and annoying as heck for your paying customers.

Andryah's Avatar


Andryah
03.05.2013 , 04:41 PM | #138
Quote: Originally Posted by Bomyne View Post
It's not paranoia. It's fact. Gold sellers exist on the internet. These people hack accounts and steal gold, credits, etc from MMO accounts then turn around and sell them to other players. Previously they had to rely on keyloggers and clever methods to get login details. Now they only need to skim the forums.

I have an authenticator on my account but I don't 100% trust apple or google not to accidently include a bug or exploit in their OS software, so I don't rely on it's for security. Passwords are easy to overcome. Most people use easy to guess passwords. I'm willing to bet that Password1 is a VERY common SWTOR password.
You do understand that there is security in depth on logins for SWTOR right? That is how the best security works, by depth of layers, not relying on any single layer for protection.

Personally, I think you are being paranoid to the point of silliness.... but giving you the benefit of the doubt....Let's walk down that paranoid pathway..... through the layers (the ones we know of, because I'm positive there are others behind SWTOR that we know nothing about.

1) Let's give a hacker your forum handle as his starting point. Yep, you heard me... hand it to him.
2) dang...he does not have your password and he does not have your email address to associate with it, so he can't go try to phish your password from you via email (I'm not saying you are that gullible, but that is what he would have to do).
3) I'm sure you have a secure password right? Let's give you the benefit of the doubt and say you have a strong password that is unique to this login target. because if you don't well that's on you. How exactly would the hacker who has your handle get a valid password for your login????? Especially since Phillip has clearly stated that SWTOR has anti-brute force hack protocols in place so he can't brute force to get it.

4) Just for the sake of paranoia progression.... lets say he somehow gets it. Whooops.... he tries to log in and gets a prompt asking for your security key. I know I know... he already put two 10 digit random numbers together and came up with an answer of "4" and knew to first to get your security key from god knows where....SINCE HE DID NOT KNOW IN ADVANCE YOU HAD ONE, NOR WHAT TYPE (HARDWARE OR SMARTPHONE).

5) Just for the sake of parnoia progression, lets pretend he got by phishing you for it ('cause that is the only way he gets one that he can firmly identify as yours) Whooops! he did not log in from your known IP address so the login authenticator demands an answer to one of 5 secrect questions. Unless you posted them up on your Facebook, how exactly is the hacker going to get the answers??????

My point? The hurdles that must be successfully traversed for some hacker (ie: a stranger that knows nothing about you) to successfully log in to your account are such that it's at best a billion to one chance he succeeds before flags trigger at Bioware and your account is frozen until you unlock it via an authorized unlock notification.

There are simply easier targets on the internet for hackfesting by the professional hackers then an SWTOR account with a strong password, an active authenticator, and secret questions to overcome the wrong IP address. There are tens of thousands of silly people that practically give their login info away to curious hackers such that they can't be bothered to try to hack the bascially unhackable. They would do much better to try to hack SWTOR.com directly to get your precious login validation data.... and there are no signs that that would be doable, nor would a hacker want to bring that kind of corporate attention to themselves (they like to work quietly, under the radar)

PS: And if you don't trust apple (I don't either by the way, as they are probably less secure then SWTOR.com And are a bigger target), then get yourself a hardware authenticator for $5 and remove all doubt. But even if they hacked Apple and got your authenticator token....how exactly would they tie it back to your forum handle and password to be able to actually make use of it?
Forum disputatio ------> est completum ineptias.

Brewski's Avatar


Brewski
03.05.2013 , 04:41 PM | #139
Read between the lines people. They are implementing some form of mobile two factor authentication wherein your email address will be used to confirm your login when connecting from a new computer. Therefore your email address can't be your login, or hacking your email will circumvent the security here.

Add on the fact, which has been pointed out over a dozen times, that you can already attempt to login to someones account with their display name and the paranoia is truly out of proportion. (How long before we see petition threads labeled "Post here if you are unsubbing because of the login changes" ?)

Rassuro's Avatar


Rassuro
03.05.2013 , 04:41 PM | #140
Is there really no one in this entire company who can stop themselves from making foolish decisions?
Toor, 50 Operative healer | Odaen, 50 Assassin tank | Tiyr, 50 Vanguard tank | Zerofour, 50 Mercenary DPS | The Red Eclipse