Please upgrade your browser for the best possible experience.

Chrome Firefox Internet Explorer
×

Display Name Only Log In - Coming April 2, 2013

STAR WARS: The Old Republic > English > General Discussion
Display Name Only Log In - Coming April 2, 2013
First BioWare Post First BioWare Post

Altheran's Avatar


Altheran
03.05.2013 , 11:01 AM | #31
Quote: Originally Posted by JPryde View Post
Is the login process acepting unlimited false entries ?

Option B: it does not allow unlimited false entries...
Result: After X false attempts, the account is automatically suspended for security reasons.
Further result: Everyone who dislikes a posting I did can take my screen name and try to login on my account... do this 20x false and my account is automatically suspended... Of course, my security is not compromised in this scenario, but I got the hassle with getting my account back to working properly.
This one. It will therefore asks for one of your "personnal questions" as an additional requirement, without saying if the entries you previously filled (ID & Password) are right or wrong.

If you have a security key, personnal questions won't be asked.

JPryde's Avatar


JPryde
03.05.2013 , 11:01 AM | #32
Quote: Originally Posted by Rankore View Post
Okay everybody, you all know that Bioware does an April Fool's joke every year right? This is all this is. It take in effect April 2. The day before they will say it's a joke. Everybody please stop getting so worked up over this. Like many have said, if they did do this change then any one would already have half your login info. Again this is nothing but a joke.
You do not joke about security issues. Never !
~~~ Macht Wächter ~~~
Vanjervalis Chain
Jhoira, Skarjis, Trântor, Ric-Xano, Sabri-torina, Tir-za, Shaina ...
We do not brake for Wookiees !

AbsolutGrndZero's Avatar


AbsolutGrndZero
03.05.2013 , 11:02 AM | #33
Ok, my friend replied back... here is what he said...

It is much easier for people to compile lists of possible usernames this way, which is a decrease in security. All ou have to do is bot the forums and have it collect usernames. That being said, brute force attackss on the server at this time are useless. so huge lists of usernames be they emails or forum name are not as useful as you think. The most successful attacks will be with bots that gather both Usernames and keywords from multiple sites. Such as on site A you use your username to login but on site "B" you still use than username but login with an email. It gives you multiple sites of attack, especially since site "b" might be a guild forum and less secure.
The Babylon Legacy
Harbinger
Racquel, Stancerry, Jennica, Porcelain

discbox's Avatar


discbox
03.05.2013 , 11:04 AM | #34
STOP THIS!

I*D*I*O*T*S!

Everybody knows my login after 2. April. The E-Maili use for login is not known to everbody.

How stupid can a company be!?

More security? No, i*d*i*o*t*s, its less security!

I have absoluetly no hope for BioWare and its developers. They can't do even the simlest things right.

Jenovan's Avatar


Jenovan
03.05.2013 , 11:05 AM | #35
Quote: Originally Posted by Altheran View Post
Like i said, you can already log in by using forum names, so what you're describing can already be done.
Interesting -- was that true before today? The blog entry says "available now" or whatever, but the notice is that email login will -stop- as of April 2nd.

If it's always been available, then it isn't a decrease in security (because the option people are objecting to has been there). /ponder
Ebon Hawk * The Thirteenth Legion * RP/Social/Casual
Kjara | Avidior | Mizret | Ysmena
Forging Fortune * Aviditas

Rankore's Avatar


Rankore
03.05.2013 , 11:05 AM | #36
Quote: Originally Posted by JPryde View Post
You do not joke about security issues. Never !
Well I hope you bunch resistant panties because this is a joke just wait till next month. If this was such a big thing to do they could just put it in effect tomorrow. There is no need to wait a month

reiimura's Avatar


reiimura
03.05.2013 , 11:07 AM | #37
does that mean that if i sign in with that name, i play that specific character? if so what happens to all my other characters, do i have to sign them in by name too? seems like an aweful lot of remembering for people like me who have 12 characters.

AbsolutGrndZero's Avatar


AbsolutGrndZero
03.05.2013 , 11:09 AM | #38
Quote: Originally Posted by Rankore View Post
Well I hope you bunch resistant panties because this is a joke just wait till next month. If this was such a big thing to do they could just put it in effect tomorrow. There is no need to wait a month
The reason to wait a month is for those that don't go to the website often. Just like when Blizzard did the WoW and Battle-net merge, it was OPTIONAL for a month before it became mandatory.

If it is just a joke, then it's in very bad form because security issues are not a joking matter, and it's not April 1st. I've never seen an MMO website post their jokes a month ahead of time.
The Babylon Legacy
Harbinger
Racquel, Stancerry, Jennica, Porcelain

Laurreth's Avatar


Laurreth
03.05.2013 , 11:10 AM | #39
It has probably already been said, but it bears repeating:

Security-wise that's fairly stupid!

Everyone can see my display name; far fewer people can see my email address, so that change takes one element of uncertainty out of the equation for brute-force attacks.

Effectively, after this change, it's become even more vital that people use the authenticator, since the password is otherwise the only thing that an attacker would have to guess! That password is then the only thing standing between them and credit card fraud!

Please reconsider this move, and please please PLEASE consider splitting everything related to actual payments into a separate account with different credentials, kind of like Mythic did it in WAR.

(edit) Yes, security questions blah blah blah, but if you answered those honestly, they're so ridiculously weak that they might as well not be there.
“I like how the whining about "censored" butts started instantly but it took 2 days for someone to notice the legs are also ****ed up” — rantboi

discbox's Avatar


discbox
03.05.2013 , 11:10 AM | #40
Please, send your developers to a

corrective training

they know nothing about security!