Post your opinions and have fun in GW and keep your email safe
Guild wars security
Turk The Legendary
Well as you all know many people lately have been complaining about getting hacked and losing all their stuff. But whats new people are dumb and give away their information and some are just unlucky. But I believe that a good idea for a guild wars update would be to install a pin for your bank such as the bank pins in Runescape or and pins required to log into Maplestory and other games like that. I am not comparing these games to guild wars IMO guild wars is much much better. This pin would of course be optional and can be set up by talking to the Xunlai Agent of the outpost you are in. The pin could be 4 numbers and would be touch sensitive so that if you had a keylogger it could not record your bank pin and alas all your items in your bank would still be safe and sound. Now i know what your thinking "If someone was dumb enough to give away their email address they could still get the pin sent to their email and the hacker could get it via that users email". This would be another original thing that could be edited by sending the pin to a seperate ncsoft email or another email all together which if you were smart would have another password. A simple change to keep all your items safe and keep hackers off of guild wars. Sorry for the long read just thought id post my opinion since i havent seen anything of this sort posted yet.
Post your opinions and have fun in GW and keep your email safe
Post your opinions and have fun in GW and keep your email safe
mathiastemplar
Sounds like a good idea to me, so I would def. /sign (not sure if I'd use it tho)
In general, ppl who get hacked/ are mostly fools who gave away their info tho... Either in "Anet-mails"(lol) or to "friends"..
Cheers=)
In general, ppl who get hacked/ are mostly fools who gave away their info tho... Either in "Anet-mails"(lol) or to "friends"..
Cheers=)
Little O B S I
The most valuable things on my characters are their armours and weapons which I wouldn't keep in my storage.
Nevertheless, this idea is still pretty legitimate. /signed
Nevertheless, this idea is still pretty legitimate. /signed
gremlin
I would go for the entering of all passwords by mouse not keyboard and would also have a separate password for deleting characters.
If you have let anyone know your account details then change them right now.
If you have let anyone know your account details then change them right now.
Silmar Alech
Additional ingame passwords (such like a pin) are weak workarounds for the general security problem. Another password that can get lost: additional load on the support.
The worst design flaw in the Guild Wars authentication scheme is that the username is an email address. Email addresses are made for the public. You are known by your email address. You use it all over the internet. But if your email address is known, already half of the login information to your game account is exposed. If you connected your game account to an Ncsoft account, it became impossible to change your game login name. One simple mistake from my side (using the same password for some shady forum login as my ingame login) and I am screwed. Being able to change the game login name and being forced to not use an email address would be a bigger security improvement, in my opinion.
A touchpad that must be clicked on (i know them from pda/smartphones) is an interesting idea, but be aware that keyloggers also can intercept mouseclicks and would be able to record mouse click positions. If you know "the next 4 clicks are on a 9-dot pad that is 300x300 pixels", you can easily guess the clicked dots. And if you shuffle the numbers, many people will not be able to enter their pin any more. I, for example, don't really remember my pin numbers for my bank's automated teller machine. I remember the positions on the numpad instead. If my pin were "1234", I would not remember "1234" but something like "top left, next, right, first down".
The worst design flaw in the Guild Wars authentication scheme is that the username is an email address. Email addresses are made for the public. You are known by your email address. You use it all over the internet. But if your email address is known, already half of the login information to your game account is exposed. If you connected your game account to an Ncsoft account, it became impossible to change your game login name. One simple mistake from my side (using the same password for some shady forum login as my ingame login) and I am screwed. Being able to change the game login name and being forced to not use an email address would be a bigger security improvement, in my opinion.
A touchpad that must be clicked on (i know them from pda/smartphones) is an interesting idea, but be aware that keyloggers also can intercept mouseclicks and would be able to record mouse click positions. If you know "the next 4 clicks are on a 9-dot pad that is 300x300 pixels", you can easily guess the clicked dots. And if you shuffle the numbers, many people will not be able to enter their pin any more. I, for example, don't really remember my pin numbers for my bank's automated teller machine. I remember the positions on the numpad instead. If my pin were "1234", I would not remember "1234" but something like "top left, next, right, first down".
4thVariety
It would suffice if your customized belongings would be as easy to restore as the festival hats and characters would not get deleted off the server, but able to be retrieved later. Favorite loot safe, title safe, money can be replaced the easiest. People carry around 1000h of achievements, they rarely still own 1000h of loot in transferable objects.
Beyond that anything that is just between the user and the server can be broken (layers of passwords, secret mouse gestures, encrypted authentication files) or limits the user's ability to play GW from multiple machines at best (even a MAC address can be forged).
Even if you start handing out Anet created one use PGP encrypted passwords to the user, once the player side is compromised, security is gone. Best thing is to prevent the hooliganism of destroying and dismantling accounts and make stealing and inefficient method for accelerating the unlocking of rewarding mechanism in the game. I bet you would be able to charge more for that feature than for any army of hairdressers.
$5 for making a character impossible to delete and giving him a festival hat maker for all his customized loot and armor? Type /age and you know you wouldn't mind having that.
Beyond that anything that is just between the user and the server can be broken (layers of passwords, secret mouse gestures, encrypted authentication files) or limits the user's ability to play GW from multiple machines at best (even a MAC address can be forged).
Even if you start handing out Anet created one use PGP encrypted passwords to the user, once the player side is compromised, security is gone. Best thing is to prevent the hooliganism of destroying and dismantling accounts and make stealing and inefficient method for accelerating the unlocking of rewarding mechanism in the game. I bet you would be able to charge more for that feature than for any army of hairdressers.
$5 for making a character impossible to delete and giving him a festival hat maker for all his customized loot and armor? Type /age and you know you wouldn't mind having that.
Bristlebane
Clicking on a rune character from 4x4 shuffled runes aftr your login would also work. since runes are shuffled, you can't record it with a key/mouselogger. 16 runes itself doesn't give much security, but in combination with your regular login, it's still way safer than now.
A keylogger now and you're screwed. with the runes the hacker only have 1/16 chance after breaking your original login, and a failed rune would lock your account for at least an hour and send you an email someone is attempting to access your account. Any failed attempts would then "encourage" you to change your password immediately.
A keylogger now and you're screwed. with the runes the hacker only have 1/16 chance after breaking your original login, and a failed rune would lock your account for at least an hour and send you an email someone is attempting to access your account. Any failed attempts would then "encourage" you to change your password immediately.
Riot Narita
Quote:
|
Originally Posted by 4thVariety
$5 for making a character impossible to delete and giving him a festival hat maker for all his customized loot and armor
|
Everything else is gravy... not that bothered about items or equipment, I don't have anything valuable. But it'd still be a nuisance if I had to re-equip my characters, so I'd still welcome any security crumbs that fell off a-net's table.
/signed
Zodiac Meteor
This has been said:
here.
here.
Bob Slydell
No need for this, we need people to take better care of their accounts, thats what we need.
Kattar