Lyshar Posted March 6, 2013 Share Posted March 6, 2013 What about the IP checks and secret answers they will need to log in to the account? And that can't be combined with a secret login name? It's still the removal of a layer of security, simple as that. No matter how you look at it, it's easier to hack accounts now as you no longer need to aquire a person's email account. People that throw their email account all over the place and at the same time advertise that they play won't be less safe, but those of us that made email accounts for the purpose to have the maximum possible security now have to face that was for nothing. Thing is they announce that they are planning to add more security, but right now they only removed some. At the very least they should have done those at the same time. Part of me hopes a lot of accounts get hacked now, so BW/EA can MAYBE see the error of their ways. Ofcourse I do not wish it upon (most) players, even the free ones with bad reputation (needing on everything and refusing to comment when confronted with that) that ruin it for other free players. Not to mention hacked accounts may revive credit scamming, it'll be easier for them now to steal accounts. Part of me wants to make 100 accounts with less than strong passwords and chalange people to try and gain access to them, but BW already did that for us. I hope their logs will show an increase in login attempts before it's too late. I fear for everyone without an authenticator! Link to comment Share on other sites More sharing options...
Missandei Posted March 6, 2013 Share Posted March 6, 2013 Please be aware that beginning on April 2, 2013, logging in to the game or website will require your Display Name. Email addresses will no longer be accepted; your Display Name will be the only accepted option. Read More So basically, now every retarded kiddie will be able to block any account just entering 10+ times the wrong password to the Display Name he can get from Forums? Great job BioWare! Link to comment Share on other sites More sharing options...
tanktest Posted March 6, 2013 Share Posted March 6, 2013 (edited) I would rather use my forum name then my email , my question is why did wow drop using the forum name display name whatever it gets called at the time I was playing wow to log on ,, to me displaying any name but a charater name might be worse . but wow did say there was a major issue with using display names account names etc to log in and went with using Email over this way because they said it wasn't safe and allowed more hackes etc ... one of the main reason they did the battle.net thing so it was safer with emails .. and easyer to keep track of accounts ... IF I remember right wow tried to make players display there RL name on the forums but dropped it for charater names .. and this might be as bad displaying a user name and not a name you only can find in a game once logged in .. sorry jwing . but yea id rather use my forum name, display name, account name, whatever you call it .. but is it really safer sense it seems to work much better with emails all the webb I have yet to have my email misused by some one else but have had to change some user names due to they got hacked .. Just asking don't shot me .. how and were is your setup that much diff then wow ? What happens if you all go for a battle.net type thing ? which IMO is much more hack prove .. I just don't want my account baned because of a display name . issue ..then I have to fight you all over it you can't tell it wont happen anything can happen at any time .. Edited March 6, 2013 by tanktest Link to comment Share on other sites More sharing options...
Missandei Posted March 6, 2013 Share Posted March 6, 2013 (edited) Quote: Originally Posted by WSS_Toxin I don't like this, if you are going to make us log in with our display names at least make it so we can change our display names at least one time. I have that on my list of things to look at already. That is a much harder challenge to change though as Display Name is also a unique reference, and changing the unique reference can create a ton of data inconsistencies. Technically possible, but not technically easy to accomplish. I wouldn't hold your breath on this one. So adding the one more field ("Forum Name") in SQL database user record and making it shown at the UserPost is very costly for you? That could be done by any school kid in a matter of 10 minutes worktime. Crap... This game is falling deeper and deeper to the point of beyond rescue... Edited March 6, 2013 by Missandei Link to comment Share on other sites More sharing options...
Missandei Posted March 6, 2013 Share Posted March 6, 2013 If this site detects you logging in from a different computer it will ask you one of the security questions you had to choose during account set-up and if you can't answer it you won't be allowed to log in to this site or the game Yes. And when your account is blocked due to the numerous failed hack attempts... guess what? You have to dial to the Bioware CS that already proved as a total bull..t.. Have you prepared to a 5hrs waiting on the line to just get reset your account to be allowed you to log in? Link to comment Share on other sites More sharing options...
tanktest Posted March 6, 2013 Share Posted March 6, 2013 (edited) So adding the one more field ("Forum Name") in SQL database user record and making it shown at the UserPost is very costly for you? That could be done by any school kid in a matter of 10 minutes worktime. Crap... This game is falling deeper and deeper to the point of beyond rescue... I really like how its all ways to hard to do ,to me is a excuse, learn it, do it, then move on, is how I look at it .. Edited March 6, 2013 by tanktest Link to comment Share on other sites More sharing options...
Niaymh Posted March 6, 2013 Share Posted March 6, 2013 (edited) All for this change tbh. Do I use my email address in a million other places? Yup. Are the vast majority of internet users even more insecure than me? You bet they are. Some of you are extremely secure and use a different email address and password for every MMO and website you sign up to. This change is not for you. This is for the vast majority of internet users who use the same email address for everything and change the password they use for everything once every 5 years. Edited March 6, 2013 by Niaymh Link to comment Share on other sites More sharing options...
Scorpiooooo Posted March 6, 2013 Share Posted March 6, 2013 So in case you haven't come across me before (most haven't!), I'm Phillip Holmes, the Senior Manager of Security here at Star Wars: The Old Republic. I have that on my list of things to look at already. That is a much harder challenge to change though as Display Name is also a unique reference, and changing the unique reference can create a ton of data inconsistencies. Technically possible, but not technically easy to accomplish. I wouldn't hold your breath on this one. Hi Phillip, If, when we had purchased the game and set up our display names, we had known you were going to do this, there is no way, in hell, I would have called myself Scorpiooooo with five o's. Please, for the love of god, let us change our display names so we can log in like normal people. I understand it's not the end of the world but it would be a damn lot easier for us if you would. Thank you. Scorpio ... oooo Link to comment Share on other sites More sharing options...
chuuuuucky Posted March 6, 2013 Share Posted March 6, 2013 So did anyone recognice that this is possible since the beginning? I mean you all scream how this will lower securiy but in fact there is no change in security at all. It is even a rise of security because now the most vulnareble part of the login your mail adresse which lot of people use in more then one game or on more than one website is out of the login process. All people here should get their facts straight before the scream and moan. Link to comment Share on other sites More sharing options...
Mallorik Posted March 6, 2013 Share Posted March 6, 2013 Ok, and how is your forum name any different? My forum name is not my email that can be hacked and used to retreive my password. Link to comment Share on other sites More sharing options...
WahineKoa Posted March 6, 2013 Share Posted March 6, 2013 AWESOME AWESOME AWESOME CHANGE! I love companies who think of theyre customer`s security and well being! Keep up the good work =) Link to comment Share on other sites More sharing options...
Sambril Posted March 6, 2013 Share Posted March 6, 2013 This is a really stupid change. Using e-mail as login was a bad idea - but this is worse. There should be a separate login ID that is different from display name. NO PART OF MY LOGIN SHOULD BE PUBLICLY VISIBLE And the response from BW makes me /facepalm Link to comment Share on other sites More sharing options...
SeriouslyMike Posted March 6, 2013 Share Posted March 6, 2013 (edited) My forum name is not my email that can be hacked and used to retreive my password.Oh, sure, how about people who still use such antiquated technology as e-mail clients that download and then delete your e-mails from the server? So even if someone hacks your e-mail account on one of 28 days of the month when Bioware doesn't send notifications that your account was billed or something, he still won't have anything. That and is it so hard to google your very public display name and connect it to an e-mail? Also, if your e-mail gets hacked, BioWare helpfully refers to you by display name in all personal messages like Cartel Coin purchase confirmations. So, if anything, it only makes it easier to target specific players. This is a really stupid change. Using e-mail as login was a bad idea - but this is worse. There should be a separate login ID that is different from display name. NO PART OF MY LOGIN SHOULD BE PUBLICLY VISIBLE And the response from BW makes me /facepalmYeah, pretty much that. Other games do have that, so what's the problem here? Edited March 6, 2013 by SeriouslyMike Quoted one more important post. Link to comment Share on other sites More sharing options...
JPryde Posted March 6, 2013 Share Posted March 6, 2013 (edited) So did anyone recognice that this is possible since the beginning? To be honest, I would have never thought, that a publically known value would be allowed as a login, and I am using my e-mail since day one. I admit, that the upcoming change does indeed not decrease but increase the security (as the forum name is currently already known and also already allowed to use as login). Still I would prefer to have a login name, which is NOT visible to the public (like my mail addy would be now, if there were not the second login, which just bypasses that secret). Edited March 6, 2013 by JPryde Link to comment Share on other sites More sharing options...
Prester-John Posted March 6, 2013 Share Posted March 6, 2013 While I agree that using an e-mail as login has issues, using a name visible in the forums is just plain stupid. Why can't I have an account name which is not visible to the rest of the world? Link to comment Share on other sites More sharing options...
Sambril Posted March 6, 2013 Share Posted March 6, 2013 Only people that post on the Forums have their Display Name visible to others currently. Even then we took that into account when designing the updated system and I wouldn't recommend trying to attack known Display Names... So two things here. Not everybody knows your Display Name, and an attacker will need to figure out your email account in order to attempt to take over your SWTOR account. We are implementing a few other measures (more news on that in the few weeks!) to ensure that account take over risk is mitigated. We did look at using a secondary 'login only' display name, but sadly this would create more confusion and increase costs associated with support of the new system rather than decrease existing support costs. And again, I stress that knowledge of the Display Name in of itself is not a security measure - we have many other controls in place to mitigate that knowledge. So apparently people willing to post on the forums to give feedback are not considered important enough to protect properly because it would cost too much. I STRONGLY urge you to look again at a secondary login name. Link to comment Share on other sites More sharing options...
Terin Posted March 6, 2013 Share Posted March 6, 2013 Just curious, could this change have any impact on the game itself? For example, will my Display Name perhaps also eventually migrate into SWTOR itself? Or is this purely a change for the site? Link to comment Share on other sites More sharing options...
danielearley Posted March 6, 2013 Share Posted March 6, 2013 While I understand that some are concerned by this change, at present there is nothing stopping you using a forum user name and trying to login into a posters account, right now! This is not a change to what is currently already available, we have not had wholesale hacking attempts for the past year that this has been available to hackers, I do not foresee this being an issue in the future. Hackers work by duping you into giving them your Password via you being stupid or via Malware Key loggers, so by avoiding being stupid and having good internet security you have nothing to fear! Unless BW are hacked and the passwords are stolen! Link to comment Share on other sites More sharing options...
Leafy_Bug Posted March 6, 2013 Share Posted March 6, 2013 (edited) They probably want me to call customer service again after my 5h and 45 minute ordeal. They checked the tape and they want to keep me 6 hours this time. Somehone 5h and 45 minutes is not a nice round figure. Everyone can see my new username now so they can have fun blocking my account username: leafy_bug Enjoy with random passwords and random security codes from the security key. Edited March 6, 2013 by Leafy_Bug Link to comment Share on other sites More sharing options...
Sambril Posted March 6, 2013 Share Posted March 6, 2013 While I understand that some are concerned by this change, at present there is nothing stopping you using a forum user name and trying to login into a posters account, right now! While this is true, it is not a strong argument in favor of this system. IT SHOULD NEVER HAVE BEEN THIS WAY IN THE FIRST PLACE. If they are serious about wanting to improve security, removing the e-mail login is only a very small first step - changing to a separate login is what they should do. Yes any would-be hacker would also have to get past password, security questions and possibly an authenticator, that still does not mean you should hand them the username. Link to comment Share on other sites More sharing options...
tanktest Posted March 6, 2013 Share Posted March 6, 2013 (edited) Go figure. It makes little sense. Actually, it makes no sense at all. All this is, is another attempt to copy WoW. Probably this is another attempt to sell us something for account protection. Don't doubt it. you used to log into wow this way but wow said it was to unsafe if remember right that's why they went with emails and battle,net and like another poster said this is not a copy of wow , It more like going back wards if they were making it a copy of wow weres there version of battle.net ? I think they are trying to be more them which to me is better, but this might be bad well see Edited March 6, 2013 by tanktest Link to comment Share on other sites More sharing options...
LaynaTan Posted March 6, 2013 Share Posted March 6, 2013 By the way, for all who hope for an April Fools... I SERIOUSLY hope not for one simple reason: you do NOT make jokes about the security of private Data these days... Layna Link to comment Share on other sites More sharing options...
Asacledhae Posted March 6, 2013 Share Posted March 6, 2013 ANOTHER mashup BioWare? Isn't the massacre you apply to all classes/commendations enough already? Seriously, who's responsible for all these changes? Link to comment Share on other sites More sharing options...
discbox Posted March 6, 2013 Share Posted March 6, 2013 This is not April Fool, this BioWare! Link to comment Share on other sites More sharing options...
Sameria Posted March 6, 2013 Share Posted March 6, 2013 removing email address from login - no issue with it and understand the changeforcing my display name as my login - major issue with it Any wannabe script kiddie can get a list of usernames now, just simply by browsing the forums. You are now giving 1/3 the information to any person browsing the forums. This is NOT more secure. It doesn't matter either that you have the security controls to mitigate the attacks, when you broadcast(via forum display names) a list of usernames to the public, it is WRONG, and I challenge you to find a security book that would even suggest such a ludicrous idea. Instead make it a separate login name, completely. In fact, add a policy so that it cannot be your display name or email address. I know this suggestion has already been mentioned, I find it hard to believe that a college grad with a job as a security professional would actually suggest this and BW/EA upper management might want to reconsider the person running security. Link to comment Share on other sites More sharing options...
Recommended Posts