Please upgrade your browser for the best possible experience.

Chrome Firefox Internet Explorer
×

Display Name Only Log In - Coming April 2, 2013

STAR WARS: The Old Republic > English > General Discussion
Display Name Only Log In - Coming April 2, 2013
First BioWare Post First BioWare Post

dacentabaal's Avatar


dacentabaal
03.06.2013 , 07:04 PM | #311
Quite simply.. either way it wont bother me.. I'll only have to type in my username once.. just like I did with my email address that has been there since 13th Dec 2011 (thank god for the "Save login/Username")

And I have my security key and password like usual.. so nothing for me is changing other than to type somthing a LOT shorter into username than my email address which is time consuming to type out
Vi veri veniversum vivus vici
The Progenitor RP English Server
'Even in life you grind dailies, why should a game be different'
CE Owner

chuixupu's Avatar


chuixupu
03.06.2013 , 07:09 PM | #312
Quote: Originally Posted by Jacen_Starsolo View Post
Every time I try logging into the site using display name I get a login fail error. I use my e-mail and goes right in. So apparently it is not always as getting into the site doesn't work with display name for me.
It's always worked for me. I did it just now. So I really don't know what to say there. Might have something to do with how you signed up to the site originally.

I just want to say again that I think giving people the option to display a different name on the forums (like WoW...I can log in as any of my characters) would be a great idea. I know that Philip said that changing your initial username could cause all sorts of problems, but letting us just display something different may not be so problematic (though may have problems of it's own, I suppose).

Edit: OK, just finished reading that second loooooong response from Phillip.

Quote:
Based on the feedback you will be happy to hear that we are again discussing the perceived issue. I can't promise 'soon' - heck, I can't promise 'later' just yet. It is likely based on the underlying systems that we will not change the account Display Name, but rather look at adding a new Forum Name that can be different.
Very nice, just hearing that is a possibility makes me happy.

Thanks again for taking the time out of your day for the very detailed responses. Hopefully it will put some of the more skeptical folks at easy. Also, it's nice to hear that more "self-help" systems are going in to place as they are very much needed and will save CS people a lot of time as well. Hopefully some of these features will include restoring deleted items/characters, and self-removing of security key.
Wardens of Fate / Alea Iacta Est
The Tarkus Legacy ~ The Harbinger/Jedi Covenant

DAWUSS's Avatar


DAWUSS
03.06.2013 , 07:34 PM | #313
I know some people plan their AFD stuff weeks in advance, but this is ridiculous...

Sendai_S's Avatar


Sendai_S
03.06.2013 , 07:36 PM | #314
I will continue to maintain that this is a bad idea and that giving us a unique login name would be preferable over using display names.
---
Griefing doesn't make you cool. It doesn't make you better player. All it does is tell the rest of the world that you are not someone worth knowing.

Bomyne's Avatar


Bomyne
03.06.2013 , 07:53 PM | #315
Quote: Originally Posted by Phillip_BW View Post
I'm going to apologize in advance for the upcoming security lecture!
In a lot of systems (mainly corporate and military) the username is a given piece of information that the person using it has no control over specifying. It's usually a standard format that is commonly derived from the persons actual name or an internal identifier. My BioWare login internally is no different in that respect. This is one of the contributing factors on why username in of itself should never be a major concern around the security of an authentication system.
In the security field, when waffling on about authentication we talk of two-factor quite a bit, and it looks like that needs a bit more explanation. Two-factor (or dual-factor) is actually not 'the most secure' that we can be, as it really stands for 'two of three factors'. Those factors are:
  • Something I know (e.g. password)
  • Something I am (e.g. biometrics)
  • Something I have (e.g. security key)
I have often thought that putting all three factors in place would be awesome, but nobody liked my 'pint of blood in order to play' suggestion, so we haven't moved into biometrics as a requirement
As it is sure to come up, let us be clear that Security Questions and Answers (SQA's) are not truly two-factor. It's the first factor applied twice, so leaves us in a hybrid/grey area which counter-intuitively is actually very secure. Just not as secure as a true two-factor system.
The key implementation that we are currently missing as mandated for all players is 'Something I have'. The Security Key is available and doing well today, and while I would love to see more people using them, we are not pushing people to have a Security Key as a mandatory requirement. Truth be told we deliberately do not make a profit on the physical security key, and absorb all of the cost of the mobile security key.
Another potential 'Something I have' is something we could call an 'Email Security Code'. The key point here being it is something you have that is provided out of the same channel as the password. For example sending a code via email fulfills a time limited code that changes frequently. Very similar to a Security Key, but without the overhead of a smartphone or key-fob. Come to think of it, I have a duck around here somewhere called 'Email Security Code'...
So no, this is nothing like displaying a persons real name on the forums. Technically that would probably be easier in our system than implementing a 'forum display name', but rest assured we have learned from Blizzard's foray into that area and are not considering doing that at all.
One last thing that I should also point out, the Security Key is a time-limited code that changes frequently. If you think somebody can brute force their way through an account secured by a Security Key, then you should look into lottery tickets. It's far easier to win the jackpot in the lottery...
TL;DR: username should never be considered a security component - that's what passwords, SQA's and Security Keys (or ducks!) are for.
Usernames and account numbers should be kept secret in my opinion.

This is exactly like Blizzard's real ID thing in that it's giving out a piece of information that any Tom Joe or Harry should not have. One third of the login information.

Working in security, I'm sure you know that no password, no matter how complex is 100% secure and there fore no password is 100% trustworthy. No piece of software is ever 100% secure and bug free. No piece of software is ever 100% trustworthy. That's why i combine all three: Secrecy of login information (account name/number/ID), Password and security key.

Quote:
Actually our system doesn't really work that way. I'm not going into details, but entering in the serial and challenge/response some time later (I can't say how long) will not result in a working Security Key code.
To ward off all the questions that statement could create, yes, I have another duck called 'I lost my Security Key and don't like calling an international phone number'. Its a tricky little duck and there will be more news on that subject in the next few weeks.
Securing your home PC and personal email account isn't something we have any control over though, so 'if anyone gets that backup' who isn't supposed to be getting that backup, then you have other issues you also need to consider.

I'll go on to say 'please secure your personal email account' again - so many of today's authentication systems totally depend on the security of your personal email account, and that is something you can control.
This is going to be blunt but you are wrong. I'm sorry. How do i know? Last week i upgraded from my iPhone 4 to an iPhone 5. Upon restoring my backup via iTunes, I found the app was crashing. Security feature, maybe? Anyway, i grabbed the details i saved and removed and restored the app from the app store. I input the saved information and I now have a working security app for my account. Been using it ever since i got the iPhone5.

And no, i'm not going to phone in to the US or UK if I ever lose my key.

Unrelated note but both blizzard and Sony have a way for me to remove an authenticator my self incase of upgrading the device/changing the keyfob. Any chance of that here?

chuixupu's Avatar


chuixupu
03.06.2013 , 07:59 PM | #316
Quote: Originally Posted by Bomyne View Post

Unrelated note but both blizzard and Sony have a way for me to remove an authenticator my self incase of upgrading the device/changing the keyfob. Any chance of that here?
I'm guessing, or at least hoping that the "self-help" features that he mentioned were in the works are going to include that.
Wardens of Fate / Alea Iacta Est
The Tarkus Legacy ~ The Harbinger/Jedi Covenant

RodoggJedi's Avatar


RodoggJedi
03.06.2013 , 08:20 PM | #317
Dumb, dumb, dumb, (censored) DUMB! That's what this is, everyone sees our usernames on the forums, unless you allow us to have seperate names on the forum people will know us and will try to hack us. The email addresses are more secure cause they are HIDDEN! BioWare/EA if you do this I am pretty sure many people will ditch you and go to other MMO's cause if we don't feel secure then we won't play your games.

Gezebelle's Avatar


Gezebelle
03.06.2013 , 08:25 PM | #318
I can't wait, to drop retail for a Private Server. Their job is to decrease security risk, not increase. First, they require you to use a certain type of password with 1 Cap and 1 number, which is already a huge security risk, most people dont use this type of password as it is, which forces most people to write it down, and of course I store it in my email, which due to SWTOR TOS (Terms of Service) if you ever read them. I created a fake email, which I normally do for anything that has a seriously messed up TOS which allows legal rights for computer confiscation, tracking, and the other usual illegal methods they make legal by forcing the acceptance of the TOS in order to play. Now they are changing the username to force the name at which is displayed to the public on a regular basis. Sure I have to mask my IP and route it through roughly 230 different IP masking servers and VPNs to hide my real IP in order to play a silly game due to their poor judgement on what they call security enhancements as it is, but now this.... Wow, I will pay $30 a month to play on a PRIVATE SERVER whenever one is available. Thank goodness SWG EMU is almost up and running. I can drop this illegal crap and not worry about my computer being hacked by a corporation. (updated to add more info) As for proof of their lack of security.... Search for a program called PeerBlock, install it, this program blocks people from connecting to you. Install the program and run it, go to SWTOR.com and login, now watch all the connections trying to hook up to you through just EA alone. I am currently getting 6 attempts per second from EA alone, they are scanning every port. I wonder why? Granted again every website and corporation does this, which is sad to say the least. At Least PeerBlock will block their attempt. (in order to play the game you do need to click the "allow HTTP" if you want to leave peerblock running while playing. Also you can have fun with this, it is shocking to see, just go to google.com, yahoo.com, FBI.gov, all these every day supposed sites that are "for your convience and benefit" and watch the connection attempts rise and try to connect to your computer..... (note: SWTOR will most likely delete this post very quickly, so if you get the chance to read it, and try it. It will be an eye opener.

Darslk's Avatar


Darslk
03.06.2013 , 08:34 PM | #319
Much respect to Mr. Holmes for stepping up and answering everyone's questions. And that was a lot of questions answered. This is what we like to see! Direct responses!

Thank you, and I'm eager to hear all the related information that will be released soon
Prophecy of the Five, <Ghost Panther>

Andryah's Avatar


Andryah
03.06.2013 , 08:43 PM | #320
Quote: Originally Posted by Gezebelle View Post
I can't wait, to drop retail for a Private Server. Their job is to decrease security risk, not increase. First, they require you to use a certain type of password with 1 Cap and 1 number, which is already a huge security risk, most people dont use this type of password as it is, which forces most people to write it down, and of course I store it in my email, which due to SWTOR TOS (Terms of Service) if you ever read them. I created a fake email, which I normally do for anything that has a seriously messed up TOS which allows legal rights for computer confiscation, tracking, and the other usual illegal methods they make legal by forcing the acceptance of the TOS in order to play. Now they are changing the username to force the name at which is displayed to the public on a regular basis. Sure I have to mask my IP and route it through roughly 230 different IP masking servers and VPNs to hide my real IP in order to play a silly game due to their poor judgement on what they call security enhancements as it is, but now this.... Wow, I will pay $30 a month to play on a PRIVATE SERVER whenever one is available. Thank goodness SWG EMU is almost up and running. I can drop this illegal crap and not worry about my computer being hacked by a corporation. (updated to add more info) As for proof of their lack of security.... Search for a program called PeerBlock, install it, this program blocks people from connecting to you. Install the program and run it, go to SWTOR.com and login, now watch all the connections trying to hook up to you through just EA alone. I am currently getting 6 attempts per second from EA alone, they are scanning every port. I wonder why? Granted again every website and corporation does this, which is sad to say the least. At Least PeerBlock will block their attempt. (in order to play the game you do need to click the "allow HTTP" if you want to leave peerblock running while playing. Also you can have fun with this, it is shocking to see, just go to google.com, yahoo.com, FBI.gov, all these every day supposed sites that are "for your convience and benefit" and watch the connection attempts rise and try to connect to your computer..... (note: SWTOR will most likely delete this post very quickly, so if you get the chance to read it, and try it. It will be an eye opener.
Here you go. http://dgc.imageg.net/graphics/produ...603935v380.jpg
Forum disputatio ------> est completum ineptias.