after thinking for sometime, I am thinking how is this security procedure any different or how would it make the account more secure.
for instant
Key logger , does it not also key log what you type in the character's name field?
in worse case scenario, if someone's computer were hacked, how is adding another thing to key in during login any different from what we have before?
edited.
Security Question
pumpkin pie
Anduin
Quote:
|
Originally Posted by Hyperventilate
Yeah, no. I'm not joking. They told me it was a one-time leniency because of people having mule accounts that are not accessed often, and the update being so abrupt.
The hackers would still need to know my password and my e-mails for the accounts, plus the character names. I don't feel strangely or oddly that they answered my request. The hackers would still need to know far more than just the e-mail or the character name. |
Riot Narita
Quote:
|
Originally Posted by pumpkin pie
after thinking for sometime, I am thinking how is this security procedure any different or how would it make the account more secure.
for instant Key logger , does it not also key log what you type in the character's name field? in worse case scenario, if someone's computer were hacked, how is adding another thing to key in during login any different from what we have before? edited. |
No, it's not going to stop keyloggers, or people who are able to remotely access/control your computer. However, that kind of security breach DOES fall into the "you were dumb, it's your own fault" category IMO. They are things we have some control over, we can do things ourselves to prevent them happening.
The NCsoft weakness was critical, because there was nothing we could do about it ourselves.
pumpkin pie
Quote:
|
Originally Posted by Riot Narita
It (pretty much) stops people who broke into your NCsoft master account, where they can see your GW login ID and can change your ingame password without knowing your old one. And NCsoft master account security is weak, as shown by Chthon and Martin and others. The NCsoft master account doesn't show them your ingame character names so they'd have to do a lot of work to figure it out, and may not be possible at all for most accounts.
No, it's not going to stop keyloggers, or people who are able to remotely access/control your computer. However, that kind of security breach DOES fall into the "you were dumb, it's your own fault" category IMO. They are things we have some control over, we can do things ourselves to prevent them happening. The NCsoft weakness was critical, because there was nothing we could do about it ourselves. |
i change my mind, not buying the costume pack
Miscreant_Moon
You know, I am quite amazed at how many people have bought into the ArenaNet PR. I see time and time again now mentions of how this security feature was implemented because of "fansite hackings". When it's been quite thoroughly blown out of the water that a simple fansite hacking couldn't have yielded these type of results for accounts who were hacked into them. Even reading through the wiki I continue to see mention of this and I feel like standing up and giving the PR machine at ArenaNet a round of applause for so thoroughly deflecting, accusing, pointing fingers, and fumbling around in the dark as they have been while grasping at straws and just randomly accusing everyone and everything but the one single thing we ALL had in common. That we play this game.
I'm hoping this is a lesson for them and their future games that while yes, a lot of us can be dumb with our account security, the players aren't so stupid as to miss obvious and blatant security flaws with the game they play either. Or that we'll just blindly believe whatever copy and paste their lawyers and marketing people will throw out there. All while they bat their innocent eyes and hide under the cover of their company that they know the majority of players will just naively assume must have a shred of knowledge about what they're doing.
I'm hoping in the next few weeks we'll see a job posting at ArenaNet for someone who can manage and deal with security, rather then the anet team just stumbling around in the dark, googling for possible answers, and throwing together code for solutions they can patch on to their broken system.
I'm hoping this is a lesson for them and their future games that while yes, a lot of us can be dumb with our account security, the players aren't so stupid as to miss obvious and blatant security flaws with the game they play either. Or that we'll just blindly believe whatever copy and paste their lawyers and marketing people will throw out there. All while they bat their innocent eyes and hide under the cover of their company that they know the majority of players will just naively assume must have a shred of knowledge about what they're doing.
I'm hoping in the next few weeks we'll see a job posting at ArenaNet for someone who can manage and deal with security, rather then the anet team just stumbling around in the dark, googling for possible answers, and throwing together code for solutions they can patch on to their broken system.
Tullzinski
Quote:
|
Originally Posted by pumpkin pie
so in another word, ArenaNet is admitting that linking account to NCSoft master account is the cause?
i change my mind, not buying the costume pack |
As you will have noted if you were playing within the last hour, we have instituted a new security measure for your account. And personally, I'm pretty darn happy about this! When you log into the game, you will be ask to supply the name of one of the characters on your account. "Why?" you may ask. Well, because nearly all of the accounts that have been stolen in recent months have been stolen by RMT (Real-Money Traders) who are getting access through external sources. And those RMTs will be very unlikely to know the names of characters on your account! Simple, eh? You give a name -- and remember to spell it exactly correctly, and to use proper capitalization -- and you will get access. If you have trouble or forget the names, support will be happy to assist you, of course.
Please head to the FAQ for more info. And if you have feedback, you're welcome to share it here. -- Gaile 03:01, 22 December 2009 (UTC)
They are still stating that it is external sources being used to get access. Once the RMTs got into the NCsoft account they would have a party since they could change passwords to all games that were linked. Now with the additional character name requirement the RMTs are screwed unless they also have your character names. It does them no good to concentrate on the NCsoft site to access Guild Wars.
Aion may be a different story. I was going through those forums the other day and the main concern for them has been the RMTs stealing accounts and botting with them. There have been massive amounts of bans going on over there.
Quote:
|
Originally Posted by Miscreant_Moon
Even reading through the wiki I continue to see mention of this and I feel like standing up and giving the PR machine at ArenaNet a round of applause for so thoroughly deflecting, accusing, pointing fingers, and fumbling around in the dark as they have been while grasping at straws and just randomly accusing everyone and everything but the one single thing we ALL had in common. That we play this game.
|
Miscreant_Moon
Quote:
|
Originally Posted by Tullzinski
I think while you were "reading through the wiki" you missed the above comments from Gaile. The fact is that the RMTs were responsible. (and I thought I was over the top)
|
Tullzinski
Quote:
|
Originally Posted by Miscreant_Moon
Yes, I guess if you believe the final excuse they settled on than that would be the case. I mean, screw the previous 3 months and their attempts to blame first off the players, than a trading site, than all other websites in general and THAN the RMT's.
|
V what he said below V
Chthon
Quote:
|
Originally Posted by pumpkin pie
so in another word, ArenaNet is admitting that linking account to NCSoft master account is the cause?
|
Why can't they publicly say what everyone who's been paying attention already knows? Because NCSoft owns a-net, and NCSoft, for whatever misguided reason, has decided that the answer to this problem is stonewalling its games' communities. I'm sure that a-net implementing a fix against account theft via the NCMA, even while maintaining the official cover story, got a lot of undies in a knot over at NCSoft. Publicly stating that their parent company is to blame would be going too far.
As for their cover story,
Quote:
|
As you will have noted if you were playing within the last hour, we have instituted a new security measure for your account. And personally, I'm pretty darn happy about this! When you log into the game, you will be ask to supply the name of one of the characters on your account. "Why?" you may ask. Well, because nearly all of the accounts that have been stolen in recent months have been stolen by RMT (Real-Money Traders) who are getting access through external sources. And those RMTs will be very unlikely to know the names of characters on your account! Simple, eh? You give a name -- and remember to spell it exactly correctly, and to use proper capitalization -- and you will get access. If you have trouble or forget the names, support will be happy to assist you, of course. Please head to the FAQ for more info. And if you have feedback, you're welcome to share it here. -- Gaile 03:01, 22 December 2009 (UTC) |
pumpkin pie
Quote:
|
Originally Posted by Tullzinski
This is what Gaile posted yesterday:
As you will have noted if you were playing within the last hour, we have instituted a new security measure for your account. And personally, I'm pretty darn happy about this! When you log into the game, you will be ask to supply the name of one of the characters on your account. "Why?" you may ask. Well, because nearly all of the accounts that have been stolen in recent months have been stolen by RMT (Real-Money Traders) who are getting access through external sources. And those RMTs will be very unlikely to know the names of characters on your account! Simple, eh? You give a name -- and remember to spell it exactly correctly, and to use proper capitalization -- and you will get access. If you have trouble or forget the names, support will be happy to assist you, of course. Please head to the FAQ for more info. And if you have feedback, you're welcome to share it here. -- Gaile 03:01, 22 December 2009 (UTC) They are still stating that it is external sources being used to get access. Once the RMTs got into the NCsoft account they would have a party since they could change passwords to all games that were linked. Now with the additional character name requirement the RMTs are screwed unless they also have your character names. It does them no good to concentrate on the NCsoft site to access Guild Wars. Aion may be a different story. I was going through those forums the other day and the main concern for them has been the RMTs stealing accounts and botting with them. There have been massive amounts of bans going on over there. I think while you were "reading through the wiki" you missed the above comments from Gaile. The fact is that the RMTs were responsible. (and I thought I was over the top) |
scenario: What I remember reading is that RMT thief said give me your login and passwords so they can transfer the in game gold, (assuming thats correct)
now the scenario : RMT thief: give me your login, password and character name so I can transfer the in game gold
see its stupid if this feature is use to prevent RMT thief from stealing more accounts. they just use the same technic
I take half my thanks back for this security feature, remaining half thank is for trying, because it does not protect players that actually needed to be protected. instead you are trying to protect those players who violated the game rules of not engaging in RMT.
Quote:
|
Originally Posted by Chthon
That depends what you mean by "admitting." If you're looking for a public statement acknowledging that security flaws in the NCSoft Master Account are responsible for the increase in account thefts, it will never happen. However, actions speak louder than words, and a-net did implement a security feature aimed directly at solving the problem posed by NCSoft's crummy security.
Why can't they publicly say what everyone who's been paying attention already knows? Because NCSoft owns a-net, and NCSoft, for whatever misguided reason, has decided that the answer to this problem is stonewalling its games' communities. I'm sure that a-net implementing a fix against account theft via the NCMA, even while maintaining the official cover story, got a lot of undies in a knot over at NCSoft. Publicly stating that their parent company is to blame would be going too far. As for their cover story, It's a beautiful equivocation. From a-net's point of view, the NCMA counts as an "external source"... |
Riot Narita
Quote:
|
Originally Posted by pumpkin pie
this new feature still pretty stupid you know, it encourages players to buy in-game-gold
|
Quote:
|
Originally Posted by pumpkin pie
see its stupid if this feature is use to prevent RMT thief from stealing more accounts. they just use the same technic
|
There's nothing A-Net can do about players who are dumb enough to hand over their account/pw/character details to a RMT.
Axeman002
also if u browse through 'High End'...people willingly leave there ign to a seller..so this update has done 0 to help there prevention....so hopefully there guru email dosnt match there guildwars email or then they have one last hope...they dont figure out there password.
Riot Narita
Quote:
|
Originally Posted by Axeman002
they have one last hope...they dont figure out there password.
|
However it is extremely difficult for them to find out a character name for an account, even if someone posted it on the forums... there's no clue for them unless the same name was used for both the NCsoft account and the forum.
I suppose they could download the guru Members List and use that as their dictionary for a brute force attack.
So I guess:
1. Don't use any of your character names for your forum account
2. Don't use any of your character names, or your forum name, for your NCsoft master account.
Warvic
wow good work, i rly like this idea. so long you keep ur names secret (not posting screens and trying to be leet) u be very safe i think.
HuntMaster Avatar
About time this was implemented. Thanks.
Hyperventilate
Quote:
|
Originally Posted by Warvic
wow good work, i rly like this idea. so long you keep ur names secret (not posting screens and trying to be leet) u be very safe i think.
|
"I want a CoF Run, but I can't tell you who I am. Sorry."
... what.
enmyria
Not to mention guild recruitment too.
"To find out more or to join, you may contact one of our officers, but we can't tell you their names!"
"To find out more or to join, you may contact one of our officers, but we can't tell you their names!"
pumpkin pie
that's because this is more for saving their (ncsoft) own asses they ours.
if NCSoft master accounts weren't being hack left and right you think they do anything at all.
if they had listen to me and admitted that NCSoft master accounts were being hacked, like half a year ago (timeline is a bit blurry, was right after claiming the storage pane), probably less people would have gotten their account name and password stolen. just my two cents.
if NCSoft master accounts weren't being hack left and right you think they do anything at all.
if they had listen to me and admitted that NCSoft master accounts were being hacked, like half a year ago (timeline is a bit blurry, was right after claiming the storage pane), probably less people would have gotten their account name and password stolen.
just my two cents.
Axeman002
Quote:
|
Originally Posted by Hyperventilate
How are people supposed to request in-game services via guru?
"I want a CoF Run, but I can't tell you who I am. Sorry." ... what. |
ever heard of a Private Message?...great thing thats implemented on a forum and guess what...its private too!
pumpkin pie
This thread reminds me of something, that maybe should be looked into by ArenaNet.
NCSoft support Webpage. anyone ever send a support ticket to NCSoft Support and has key in their Character's Name will have they Character's nane and account tie together
NCSoft support Webpage. anyone ever send a support ticket to NCSoft Support and has key in their Character's Name will have they Character's nane and account tie together
Axeman002
my mates just had his NCsoft account hacked...bye bye aion account and GW account...he is not pleased.....
Mercesa
Yep.. Just got hacked on Guildwars, Great..
BuD
Quote:
|
Originally Posted by pumpkin pie
This thread reminds me of something, that maybe should be looked into by ArenaNet.
NCSoft support Webpage. anyone ever send a support ticket to NCSoft Support and has key in their Character's Name will have they Character's nane and account tie together |
ThunderStruck
Well this is too late for me... I already got hacked, and now they keep resetting lots of my passwords to OTHER accounts (Steam and WoW are the notable ones).
Arduin
Quote:
|
Originally Posted by ThunderStruck
Well this is too late for me... I already got hacked, and now they keep resetting lots of my passwords to OTHER accounts (Steam and WoW are the notable ones).
|
If not, you probably have a keylogger, which is a sure way of getting all your gaming accountnames and passwords.
Tullzinski
Quote:
|
Originally Posted by Axeman002
my mates just had his NCsoft account hacked...bye bye aion account and GW account...he is not pleased.....
|
Axeman002
Quote:
|
Originally Posted by Tullzinski
I am curious on this one. Was this after the new character name requirement? Has the GW account been cleaned out or is it just an assumption? Any more information on it?
|
he went to go on aion yesterday but couldnt...eventually when he got on all his chars were stripped and deleted...tried GW and it was the same.
Chthon
Quote:
|
Originally Posted by Axeman002
he has been living on aion for the past 3 weeks..so it may have been before this update.
he went to go on aion yesterday but couldnt...eventually when he got on all his chars were stripped and deleted...tried GW and it was the same. |
I'm really hoping that his NCSoft account was compromised before the GW security question was added... or that your friend's an idiot who did something to contribute to getting hacked, one of the two. Otherwise, we may not be out of the woods yet....
Axeman002
it was his NCsoft account he hasnt been online since (he raging) so i dunno much more to tell really.
it maybe they fleeced his GW account a while ago (he hasnt been on gw for about 2-3 months)...then tried again and seen Aion and thought...$$$ and pulled that apart...but he said it was deffo his NCsoft account that was hacked.
(there was 3 people in his Aion guild got hacked via NCsoft)
it maybe they fleeced his GW account a while ago (he hasnt been on gw for about 2-3 months)...then tried again and seen Aion and thought...$$$ and pulled that apart...but he said it was deffo his NCsoft account that was hacked.
(there was 3 people in his Aion guild got hacked via NCsoft)
pumpkin pie
Quote:
|
Originally Posted by BuD
Theres no asterisk next to that box...meaning its not required & is optional.
|
The point of my post is for ArenaNet and NCSoft to clear out all the previous support tickets that is accompanied by a character's name and not leaving it on the webpage waiting for them to get hacked. Not to argue with random people on the forum. If they WOULD JUST LISTEN AND STOP DENYING EVERYTHING, things would probably not be this bad at this point.
Quote:
|
Originally Posted by Chthon
I'm curious about the same thing. What was the date on his hey-your-NCSoft-password-got-reset e-mail?
I'm really hoping that his NCSoft account was compromised before the GW security question was added... or that your friend's an idiot who did something to contribute to getting hacked, one of the two. Otherwise, we may not be out of the woods yet.... |
Enon
Quote:
|
Originally Posted by pumpkin pie
The point of my post is for ArenaNet and NCSoft to clear out all the previous support tickets that is accompanied by a character's name and not leaving it on the webpage waiting for them to get hacked.
|
pumpkin pie
Its not publicly available, but i could login to the NCSoft support webpage to view them. Don't you think in the case when their webpage got hacked that all those information will be seen by hackers ?
why not just in case of the unforseen, delete them!
why not just in case of the unforseen, delete them!
Riot Narita
Quote:
|
Originally Posted by pumpkin pie
Its not publicly available, but i could login to the NCSoft support webpage to view them. Don't you think in the case when their webpage got hacked that all those information will be seen by hackers ?
why not just in case of the unforseen, delete them! |
If the NCsoft master account is compromised, and that lets them see your support tickets - including character names - then the new security question won't stop them robbing you.
Unless you change the names of those characters, or delete them.
I've never filled in a support ticket... can you see them using NCsoft master account? This is critical!
If so, can you edit out the character names? Because otherwise...
...there will STILL be a lot of people at risk from the NCsoft master account
Although I have no support tickets to worry about, I actually bought character renames for all IGN's I'd posted on forums in the past. Just as a precaution O_o
Axeman002
Quote:
|
Originally Posted by Chthon
I'm curious about the same thing. What was the date on his hey-your-NCSoft-password-got-reset e-mail?
|
June Bug
I've changed my password for both the NCsoft account and my GW account. God, I hope I don't get hacked, these last few months I've accumulated some things precious to me, and I'd be very sad if they were lost.
By the way, in a fit of panic, the first time I wanted to change my password, I used the "reset password" function instead of logging in and changing it there (which I did later). I never recieved the e-mail with the new password, tho. I hope the password doesn't reset itself out of the blue now.
By the way, in a fit of panic, the first time I wanted to change my password, I used the "reset password" function instead of logging in and changing it there (which I did later). I never recieved the e-mail with the new password, tho. I hope the password doesn't reset itself out of the blue now.
Chthon
Quote:
|
Originally Posted by pumpkin pie
If that account was compromised before the GW security question being added, then what is the use of the security question?
|