Account Security Suggestion - Guild Wars Guru archive powered by Guild Wars Legacy

scrinner

Wilds Pathfinder

Join Date: Jan 2006

28 Sep 2006 at 20:44 - 1

After Reading Various peoples claims and how Brute force is effective. Ive Come with this thought.

Log in Security: A Max attempts of login for a day. Say The Person enters the wrong password five times. A flag will be sent to the support staff and a possible e-mail to the owner of the account. Also No more log in attempts can be made in that day, Without following the link in the automated e-mail, Or After confirmation from support. This will help in many ways against Brute force hackers.

Another way to counter this, Would be a random image generator with numbers and letters that the person would have to enter. This would be sort of annoying however.

Password Security: Require one number in the password. Also have more checking. As in make sure the password doesnt match one of the character names or Any of the personal info given when registering. This can be simply checked when making a character. And Creating characters would be much harder to brute force then simply brute forcing the passwords.

I know i had one more idea in my head, But ive simply forgotten it. I believe these will definately help in the long run.

Tyggen

Krytan Explorer

Join Date: Jul 2006

Mo/Me

28 Sep 2006 at 21:06 - 2

Quote:

Originally Posted by scrinner

Log in Security: A Max attempts of login for a day. Say The Person enters the wrong password five times. A flag will be sent to the support staff and a possible e-mail to the owner of the account. Also No more log in attempts can be made in that day, Without following the link in the automated e-mail, Or After confirmation from support. This will help in many ways against Brute force hackers.

So basically if someone is annoyed at me they try to log in five times every day, effectively shutting me out of the game?

Random images should be used for password changes and email changes, for logging in it would just annoy people. Maybe a feature like gmail has would work better, if you fail three times (I think) you have to fill in your password and type in the random image.

I think the only thing Anet should do to improve security is to allow people who used the store to change their emails and passwords, that has to be the weakest link in the security chain. The rest is up to the players, the ones that don't know about basic security should read Gailes thread in Riverside or talk to someone who knows a bit about the 'net before they use it.

Losing your account will always somehow be the players fault unless someone hacks their way into the servers and steals account information.

scrinner

Wilds Pathfinder

Join Date: Jan 2006

29 Sep 2006 at 00:01 - 3

"Without following the link in the automated e-mail" Youd have an e-mail sitting in your inbox for you. Yeah i know that its usually the persons fault, But This would help lower the number of incidents.

Scavenger Rage

Lion's Arch Merchant

Join Date: Apr 2006

Brazil

dTe - Do The Evolution

N/Mo

29 Sep 2006 at 04:57 - 4

Search ftw?!

http://www.guildwarsguru.com/forum/s...0050978&page=3

Go for post number #50 OK?!

Latter.