Security Question disavantage

The Abuzer

Ascalonian Squire

Join Date: Dec 2009

N/

25 Dec 2009 at 09:06 - 1
In this week, Anet has brought us an update with a security question witch theoretical, it protect us from hacker's attacks.

All it's good to this point, but they made the mistake to include the remembering of the question included in the e-mail one.

Lemme tell you that about 3/4 players use this option, and now, they can't be protected by this, because they are too lazy to write their e-mail.

My suggestion will be to make separate buttons for these 2 options. It isn't a big programing thing, just 3-4 line codes.

Arduin

Arduin

Grotto Attendant

Join Date: May 2005

The Netherlands

Limburgse Jagers [LJ]

R/

25 Dec 2009 at 09:27 - 2
I am not getting your suggestion.

Someone has to be at your computer to view the answer to the security question (character name). From that point the security is your own responsibility.

The Abuzer

Ascalonian Squire

Join Date: Dec 2009

N/

25 Dec 2009 at 10:03 - 3
Quote:
Originally Posted by Arduin View Post
I am not getting your suggestion.

Someone has to be at your computer to view the answer to the security question (character name). From that point the security is your own responsibility.
Yea, but checking that box, you get a file in your computer with character name and e-mail, witch can be stolen (hard, but it can).

sunec

Ascalonian Squire

Join Date: Oct 2006

Denmark

R/

25 Dec 2009 at 10:58 - 4
Quote:
Originally Posted by The Abuzer View Post
Yea, but checking that box, you get a file in your computer with character name and e-mail, witch can be stolen (hard, but it can).
If someone is able to steal a file on your computer, then they have complete access to it most likely, and therefore, could just grab your account details in any way they wish to.

Arduin is right, if someone can access your computer it's your own responsibility, and no security measures from ANet would help preventing it.

The character name security question is supposed to fix the issue with hackers gaining access to NCSoft Master Accounts and resetting the password of account owners, gaining access without hacking the target's computer.

subarucar

subarucar

Desert Nomad

Join Date: Jul 2006

New Zealand

None

25 Dec 2009 at 11:52 - 5
Quote:
Originally Posted by sunec View Post
If someone is able to steal a file on your computer, then they have complete access to it most likely, and therefore, could just grab your account details in any way they wish to.
This. If they have access to your computer, there are things I would be far more scared of than my GW account's security.

magao

Academy Page

Join Date: Jul 2008

Australia

Order of Pussycat Mountain [OPCM]

N/

25 Dec 2009 at 11:54 - 6
However, there is the minor issue that many people on the forums have the name of their main character listed on (for example) their profile on this website. Or at least have had (since it seems to be gone from here now).

subarucar

subarucar

Desert Nomad

Join Date: Jul 2006

New Zealand

None

25 Dec 2009 at 12:00 - 7
Quote:
Originally Posted by magao View Post
However, there is the minor issue that many people on the forums have the name of their main character listed on (for example) their profile on this website. Or at least have had (since it seems to be gone from here now).
Inde removed it due to security concerns. I belive you may re-post it if you wish to.
The only time having my character name here on the forums would worry me is if my GW e-mail was also written on this account.

Bob Slydell

Forge Runner

Join Date: Jan 2007

25 Dec 2009 at 14:52 - 8
Quote:
Originally Posted by The Abuzer View Post
Yea, but checking that box, you get a file in your computer with character name and e-mail, witch can be stolen (hard, but it can).
The file you speak of is the GW.dat, which has had the option of holding yours truly, your email address since 2005. Welcome to guildwars.

Tal L

Frost Gate Guardian

Join Date: Jun 2008

25 Dec 2009 at 21:08 - 9
I think we should remove the name of the character because if someone hacks you he intentionaly hacks you because he knows your chracters already, there should be a weekly link to change your password as bellow:

Old password:
Old Password:
New password:
New password:

If you dont, it will say: anet recommand you change your password for your own safty otherwise anet doesnt take any responsiblty for your acount. This is done to promote your safty bla bla bla.

magao

Academy Page

Join Date: Jul 2008

Australia

Order of Pussycat Mountain [OPCM]

N/

25 Dec 2009 at 21:12 - 10
Quote:
Originally Posted by subarucar View Post
Inde removed it due to security concerns. I belive you may re-post it if you wish to.
The only time having my character name here on the forums would worry me is if my GW e-mail was also written on this account.
You supplied an email address to GW Guru when you signed up - that's stored. If that's the address you use as your login, and you have your character name listed here, and you use the same password for GW, bingo - there's a match. Or as another alternative, GW Wiki.

Alternatively, if you use the same login name here and somewhere else, and your email address is visible at that other site, and your character name is visible here, it can be matched up (harder, but definitely not impossible).

This is (or was) the situation for many people (not me - email address and passwords are different to my GW login).

Don't get me wrong - I think the additional security is good, and it was a good choice of "something you know" - but it's definitely possible to find it out.

subarucar

subarucar

Desert Nomad

Join Date: Jul 2006

New Zealand

None

25 Dec 2009 at 22:32 - 11
Quote:
Originally Posted by magao View Post
You supplied an email address to GW Guru when you signed up - that's stored. If that's the address you use as your login, and you have your character name listed here, and you use the same password for GW, bingo - there's a match. Or as another alternative, GW Wiki.
That's why many people (myself included) have a separate e-mail for GW and other important things.

The Abuzer

Ascalonian Squire

Join Date: Dec 2009

N/

27 Dec 2009 at 15:12 - 12
Quote:
Originally Posted by subarucar View Post
That's why many people (myself included) have a separate e-mail for GW and other important things.
Yep, but this "many" isn't all.

Many people use same e-mail for other things, and the nasty part is that you can't change it.

Div

Div

I like yumy food!

Join Date: Jan 2006

Where I can eat yumy food

Dead Alley [dR]

Mo/R

02 Jan 2010 at 22:41 - 13
The point of the security question is so that when a random person steals your account from the bugged ncsoft site, they only know the email and password, and wouldn't be able to access it, unless you're the target of a direct theft. Most of the leaks on their website is completely random, which is what the security question is protecting.

Turbo Ginsu

Turbo Ginsu

I despise facebook

Join Date: Feb 2008

Australia

Meeting of the Lost Minds

Me/

03 Jan 2010 at 05:05 - 14
IMO the security question is the best way yet of ensuring that the toon that is highlighted is the one you want to play. Fast login ftw! Better still, if u start favouring another toon, u just change the toon name in ure security question box to correspond to that toon..

Too bloody easy!