With all the furor about hacks etc lately, I can't help wondering what was the point of removing users In Game Names from their profile notes Forum-wide, when basically any time one of 'em goes to make a bid in Ventari's, the first thing the seller says is "Please leave IGN". Don't get me wrong, I'm quite confident in the security level of the Guru Forums themselves, it's practices like these that have me worried.
Is it just me, or was removing IGN's from profiles absolutely pointless while that is going on? To me, the fact that anyone with a mind can go through the Ventari 's section and make a list of "Users who definitely have tha $$$", using all of the handily provided IGN's.
If anything, to me, Ventari's is a pov filter, because you can be sure you won't see any brokeasses in there, thus removing the issue of figuring who has $ and who doesn't.
IMO, if you're gonna sell and ask for IGN's, you get them to PM them, or you don't ask. Personally, I refuse to leave mine in an auction post, because it's just asking for trouble.
To me this is such a glaringly obvious user-fuelled security breach that I felt that something had to be said. Rest assured, I'm not pointing a finger at Guru, or the Ventari Mod's, but I think this practise needs to go the way of the Dodo.
Any thoughts people?
Is Ventari's a security hole?
Turbo Ginsu
aspi
Hmm you have a pretty good point there. It would be wise to use the PM system more than leaving your in game name there.
Karate Jesus
I don't think it's a problem unless the people posting their IGNs are also using the same email and password here as they do in Guild Wars....which would be mind-numbingly stupid.
EDIT: Oh, and the same could be said of character pages on sites like GWW, GWikia, and PvX.
EDIT: Oh, and the same could be said of character pages on sites like GWW, GWikia, and PvX.
Silverhand
It is a good point but its basically too late for anything to be done
Unless there is a mod who wants to go delete everyones ign from EVERY post in ventari's then nothing will change
The igns are and have already been out there for awhile
Unless there is a mod who wants to go delete everyones ign from EVERY post in ventari's then nothing will change
The igns are and have already been out there for awhile
afya
I feel the same too
I dunno exactly how the hacker hacks, but IGN on forum is no doubt helping them breaching one of the securities "thing".
To hack a acc, we need email, pw, and IGN
email: maybe googling forum name?
pw: same as email? bruteforce?
IGN: forum
seems so easily hacked when I really think on it.
I dunno exactly how the hacker hacks, but IGN on forum is no doubt helping them breaching one of the securities "thing".
To hack a acc, we need email, pw, and IGN
email: maybe googling forum name?
pw: same as email? bruteforce?
IGN: forum
seems so easily hacked when I really think on it.
Turbo Ginsu
Quote:
Originally Posted by Karate Jesus
To me it's definately an oversight, and whilst there are plenty of names already in Ventari's, that in itself is no reason whatsoever for a simple amendment being made to the Ventari's posting rules that says IGN's are to be PM'd only, any post displaying an IGN will be deleted." That simple step makes it impossible for users to ever point a finger at Guru and say something like "I posted my IGN there, and there only!" whilst they try to accuse Guru of being the source of their woes.
Yes it would be stupid for a person to do that, but when did common sense ever get in the way of the human condition?
jazilla
the sketchy part is how many ventari's mods have tons of money in GW. so the only thing they need to get is the passwords? i would imagine that the two go hand in hand. nevermind the ventari's mod thing. they do a good job.
Fay Vert
There is nothing precious about an IGN, just log on, go to LA or Kam and write down all the IGNs you would ever want. The risk is when you can link an IGN to a game account email.
lorenna
I saw something on yahoo news a few weeks ago and apparently yeh some people do make their passwords 12345 or 123456789 or even password. but I should hope the people putting their ign's in the trading forums would use something a little bit..more complex. and I know quite a few people who just make emails for their account name and is used for nothing else. my friend even uses an email for his account login that doesn't even exist. I don't see any problem with putting my ign on the trade forums as long as I don't use the same email for gw and gwguru and different passwords too.
lorenna
dunno could be but then isnt the contact email for their master account gonna be different? its just a login name pretty much it doesnt get anything sent to it. i dunno i think they said their log in info was an email address that doesnt exist their contact email was an email address that they use but isnt their actual one and their master account name is totally different altogether. i dunno anything about hacking tbh maybe they could use it maybe they couldnt he was just trying to explain to me how he tries to protect his account when 1 of our guildies was hacked..but he used the same email for guru and his account..silly boy..anyway i dont mind putting my ign on here unless i use the same email for guru as for guild wars like my silly guildie did..he still has half his characters naked xD
Kumu Honua
The "Security Question" of characters names was a minor update that while it adds an additional layer of security, it's not exactly Fort Knox.
It will stop "Easy" account theft. It requires additional information for phishing attempts which may cause people to stop and think (Who am I kidding...). It might require a little research in order to steal an account.
All in all, it's a minor part of security as a whole. So minor that just like that commercial:
My Real In Game Name Is: Kumu Honua
Real security comes in the form of secure and strong user name/password.
It will stop "Easy" account theft. It requires additional information for phishing attempts which may cause people to stop and think (Who am I kidding...). It might require a little research in order to steal an account.
All in all, it's a minor part of security as a whole. So minor that just like that commercial:
My Real In Game Name Is: Kumu Honua
Real security comes in the form of secure and strong user name/password.
Jenn
Turbo,
I understand what you're saying about the removal of IGNs. This is my take on it: A lot of people, when registering for the forums, might've popped their IGN in the field without a second thought that it would, from then on, accompany every post they made. Essentially, by removing it from profiles, those willing to share it were making a conscious, informed decision. Now, whenever someone posts, they are forced to decide whether or not their IGN is something they want to disclose.
Also, please don't misunderstand me. I'm not saying anyone who posts an IGN is going to get hacked. As a couple others have already posted, it simply just doesn't work like that. Most account 'hacks' are actually not hacking. Hacking implies a serious breach in security measures put in place. What actually usually happens is people being careless - yes, I said it. Careless. You might not like to hear it, but a lot of 'hacked' accounts belong to people who gave their password to a few too many "trusted" friends or visited a few too many sketchy sites, or downloaded a file they shouldn't have. Hacking is a very serious issue and the word is used too lightly. Unless you are personally doing something to compromise your own account security, it is highly unlikely your GW gaming account will fall victim to unauthorized access, and even more unlikely it will be hacked.
I don't foresee us implementing policy to forbid IGN posting in Ventari's. If you would rather PM your IGN to a seller or buyer instead of posting it, feel free. Many already do... if people are truly against sharing such information, they won't. However, I don't think we will prohibit people from consciously deciding to share a small piece of information.
Regardless of what actually happens, I'm grateful to you for bringing your concerns forward. We appreciate people taking their account security seriously.
-Jenn
I understand what you're saying about the removal of IGNs. This is my take on it: A lot of people, when registering for the forums, might've popped their IGN in the field without a second thought that it would, from then on, accompany every post they made. Essentially, by removing it from profiles, those willing to share it were making a conscious, informed decision. Now, whenever someone posts, they are forced to decide whether or not their IGN is something they want to disclose.
Also, please don't misunderstand me. I'm not saying anyone who posts an IGN is going to get hacked. As a couple others have already posted, it simply just doesn't work like that. Most account 'hacks' are actually not hacking. Hacking implies a serious breach in security measures put in place. What actually usually happens is people being careless - yes, I said it. Careless. You might not like to hear it, but a lot of 'hacked' accounts belong to people who gave their password to a few too many "trusted" friends or visited a few too many sketchy sites, or downloaded a file they shouldn't have. Hacking is a very serious issue and the word is used too lightly. Unless you are personally doing something to compromise your own account security, it is highly unlikely your GW gaming account will fall victim to unauthorized access, and even more unlikely it will be hacked.
I don't foresee us implementing policy to forbid IGN posting in Ventari's. If you would rather PM your IGN to a seller or buyer instead of posting it, feel free. Many already do... if people are truly against sharing such information, they won't. However, I don't think we will prohibit people from consciously deciding to share a small piece of information.
Regardless of what actually happens, I'm grateful to you for bringing your concerns forward. We appreciate people taking their account security seriously.
-Jenn
Yang Whirlwind
We are here to provide a platform for discussions and trading centered around GW,- not to dictate how people protect their information. I don't see us implementing any rules disallowing IGN's.
The profile listing of IGN's were removed to ensure that it is a conscious act on the individual user's part to display this information on the open boards - or not as they choose.
There is nothing to prevent people from keeping this information on a need-to-know basis; only sharing it with those they need to complete trades with.
The profile listing of IGN's were removed to ensure that it is a conscious act on the individual user's part to display this information on the open boards - or not as they choose.
There is nothing to prevent people from keeping this information on a need-to-know basis; only sharing it with those they need to complete trades with.