plaync website takes a step backward in security

Remember the hackings during the winter holidays? Remember how they added a feature that you have to know your in game password to change it from the website? Well, it's been removed...

Account hackings through plaync website gogo!

Why would they do that?

Wow, I swear NCSoft is the worst company...

If only ANet didn't need them for funding.

Well, I'll be. I just checked and this isn't a joke...

Go Red Engine, indeed.

Does this have something to do with the recent rash of "I wanted to get back into GW after XX years of not playing, and don't remember my character names or password QQ" posts that Guru's been seeing lately, I wonder?

http://www.guildwarsguru.com/forum/a...tml?t=10419779

^It's this problem all over again.

To be specific:

..i guess the requirement for your password was a stopgap till the security hole was closed? or someone funked up hard...?

I really, really hate NCSoft.

Sorry ArenaNet - I can't in good faith invest any more of my money, whether through your microtransactions or your sequels, until you smack Daddy across the face and tell him to GTFO. If only your parent company wasn't so ridiculous...

I will, however, gladly play the game for now until I lose all my stuff from hacks.

NCSoft are dumb, nothing more to say.

Even if they wanted to leave I'm pretty sure that NC Soft owns them and they legally couldn't just leave. They'd have to "buy their freedom" so to speak, or buy themselves from NC Soft in other words, which probably won't happen unless GW2 becomes a huge success.

What the flying RED ENGINE GORED ENGINE GORED ENGINE GORED ENGINE GO?
Unbelievable.

Sadly, this is true. ANet is part of NCSoft afaik.

Wouldn't be a problem if ANet took a page out of the Blizzard playbook and had mods willing/able to roll back characters and accounts.

Grrr. Is there any way to UNlink your game accounts from your Master Account?

We've already asked, and the short and long answers are both, "No."

I go for option 2. One of my allies was just hacked. Apparently no characters were deleted and he didn't mention any armors/runes/weapons lost. Just cash and unded minis gone, a character working on LDoA moved to post to get at his Charr kits, and new friends in the friends list. Ally got the account back by changing the PW via the website.

I don't understand. Even if they can change your password, don't you still need to input a character name to log in?

Eh if this is true, i hope Anet does something about it, because it seams like NCsoft is becoming more and more like Blizzard oh and they also are retared for doing it unless they have a damn good reason!(there is that better?)

It is possible that it has been temporarily removed for one reason or another, and it is also possible it has been removed and other security measures (which are not obvious) have been implemented. Like, maybe they actually sucked up their pride and recognized the previous problem and fixed it, making this security measure unnecessary.

I feel having the ability to change your password from your Play NC is very important to quickly solve the issue of your GW account getting hacked. Without this feature having an account linked to Play NC is essentially useless, as contacting support requires a seperate login and you can already make purchases through the in game store.

I remember seeing a thread here a few weeks ago where it was mentioned that Anet had actually uped their security by hiring a 3rd party to manage their site, and I feel it is a positive message Anet is sending us by letting us know they feel confident enough about their security now to reimplement this feature.

So what they wanna stress test their new security by removing all the other security features?

Even if they did fix it...it is STILL IDIOTIC to remove ANY security feature for ANY reason...unless the feature is inadvertently causing a security hole...

I thought it was NCsoft that hired the 3rd party; the only reason I could fathom for them making removing security features because they are getting cocky when believing that this 3rd party will stop all the hacking problems.

Can't wait until the "I just got hacked thread" comes back.

probably this one kount as reported here

I thought it was like that all along. At least thats how I saw it. Once the hacker gets into your NC account, he has control over your GW passwords since you never needed to know those passwords. I can't log onto it at the moment, gotta dig out my NC password... wtf is going on here?

EDIT - I found my written-down password and logged in. Nothing I see looks any different than before. Same method, don't need to know the password to change it, been like that for a while now. Can someone fill me in? I'm confused, why is this new news?

Just got a scam mail today.....I thought I had escaped all this and now this has me worried again...

I don't goto questionable sites and no one but me uses this computer. And I wont go into other ways I secure what I do.

U N B E L I E V A B L E

Whichever clown at NCsoft is responsible for that... needs to be thrown into the deepest, darkest, dampest Siberian salt mine - hard labour, until they drop dead.

Unless they fixed the NCsoft master account security hole, then once again our ONLY protection against random account theft is our character names. And luck.

Well just don't do these:

1) Your email slip in game
2) Your Character Name Slip out in forums (like Guru)
3) Usage of super weak passwords that a hacker could guess in 5mins by surveying your likes and dislikes.

It isn't hard to play it safe, but so many people fail.

This new is scary.
I can only hope the guys at NCSoft fixed their previous security holes. Even then, I don't see a valid reason for a step back like this one.

Tell this stuff to those who got hacked some time ago, when the NCSoft support was giving out people's usernames and passwords to random users.
Just few months ago.

Doing that won't change anything if the NCSoft Master Account will give out your login credentials by mistake to someone else.
Something like that is what happened some time ago.

The TL;DR version from that link, here for you: LOGGING INTO YOUR OWN PLAYNC MASTER ACCOUNT CAN RANDOMLY LOG YOU INTO ANOTHER PLAYER'S ACCOUNT. YOU HAVE FULL CONTROL OVER THEIR ACCOUNT FROM THIS POINT. YOU CAN CHANGE THEIR PASSWORDS, AND EVERYTHING ELSE THAT ONE CAN EDIT FROM THE PLAYNC MASTER ACCOUNT CONTROLS.

After this happened, NCSoft decided that in order to change your previous password, you had to use the old one.
Now it seems they reverted back to "no password required" to change your pass.

With just those two episodes in mind, I would refrain for acting as the know-better-than-you "isn't hard to play safe" kid.



Cheers.

But the people using strong passwords still manage to stay non hacked.....hmm. Stop overreacting.

Did you bother to read the links at all?

It didn't matter how strong was your password, if NCSoft support gave it to someone else by mistake or if the NCSoft website allowed someone else into your master account without needing "the strong password".

Strong passwords are no protection.

We saw before: it didn't matter how strong your password was, because once in your master account, the thieves didn't need to know your old password, to set a new one. Lots of people with good security habits reported their accounts being robbed.

NCsoft plugged that hole, but it now seems they have undone the fix. Which is insane.

Thank God A-Net put in the character name check... and the ability to change IGN's, for those of us that had ever posted them on forums (sucks that we have to pay for that though). I hope support isn't STILL giving out character names to anybody that asks though.

Did Aion players ever get anything like the character name check? Or are they basically back in the sh*tter?

Good god, I hope they aren't taking a backward step. I'm hoping that the 3rd party NCSoft hired for security have immediately had an impact and resolved the hole that was temporarily plugged.

But again, this is where they (NCSoft) should be at least providing information to explain (in the broadest terms) what has been done and why. Or, at the very least, inform ANet so the likes of Regina and co. can pass this information onto the community. At least therefore some confidence can be gained by us.

Regardless of what the 3rd party has or has not done... why would anyone REMOVE a security feature?

Even if they closed the "random" access to other people's master accounts... if any new exploit is ever discovered, they've just put The Keys To The Kingdom back into our master accounts. That's a tasty incentive for account thieves to actively TRY to find a new exploit.

I agree 100% I was dumbfounded when the change password feature was changed to requiring your CURRENT password. I almost lost my account because of that. I routinely change my password via NCSoft PlayNC master account, I stopped playing for a bit, changed my password JUST prior to taking a break, so I couldnt remember it, no problem, go to plyNC Master and it was requiring my current pass, which I could not remember, had to go through support and I had very little of the required information, fortunately they did reset my password for me, but they did mention "next time you will need to provide all the additional information" which I DO NOT HAVE ANY MORE.

Thing is, this is my first MMO and the thought never crossed my mind to save all my keys, boxes, ADDITIONALLY I dont even remember how I filled in the "personal information" section when I created the account, I was treating it like any other video game and I dont really care that they have my personal info, so I just put some random stuff in, yeah I know its dumb now, but at the time I was treating this game like any other Super Mario Bros. or something, its a game.

Once you get into needing an account and credentials to log in, it gets a little cumbersome and I garauntee you that the casual players (the silent Majority) are screwed worse needing to know the current pass to log in, than the vocal Minority, that are actually worried about their items, gold, etc.. those casual players such as myself only have to worry about our accounts being hacked, for EULA violations and banned, without our knowledge. No real investment of time or emotion is tied to our accounts, we just want to be able to play a damn game that we purchased.

So I agree with the change back, and I hope the new security company takes care of the rest.

You can also interpret the signal as utter incompetence on the part of the people that NCSoft hired. Given the quality of their previous security and the clear focus on the bottom line, it is entirely possible that they have hired outside consultants in an effort to make the system appear to be fixed and then have someone to blame if and when things go wrong again.

Past history makes me skeptical, and the fact that adding the fix we had been screaming about for years => end to the hack reports suggests that the feature was legitimately helping.

In the meantime, we're back to Tramp's solution of a dedicated storage account that isn't linked if we want to be secure.

I do not agree with having crap security, just because some people have bad habits and/or can't remember their own passwords.

Requiring your old password before setting a new one, is a standard (good) practice that pervades just about everywhere. Except NCsoft, who must be using an aging chimp as their security consultant. You're living in a cave if you don't expect to need your old password before setting a new one, anywhere.

It's really not hard to keep keys. If I buy some electrical goods, I keep the receipt in case it goes wrong and I need to go back to the shop. Simple common-sense habit, and it carries over into game keys. It's even easier these days with GW keys coming on a plastic card in the box, or emailed to you after online purchase.

Just keep the email, or paste the keys into a file (encrypted if you want). Cards don't take up a lot of space, you can throw the box away if you want. (I note that a lot of people complain about online transactions because they LIKE to keep boxes)

Passwords - write them down if you have to and keep them somewhere safe (if you're worried about friends/family seeing them by your computer). You should already have somewhere safe to keep important things like passports etc.

Simple habits, they're so easy. They're part of modern life. If you can't do those things, then frankly - you fail at life.

You have figures to back your claim? That you represent a "silent majority" who find passwords a needless inconvenience, and who are "screwed" if they can't remember them? And that people who want their accounts to be safe from thieves are a "vocal minority"?

Oh really. And how do you "just play the damn game" when you can't even remember your passwords? or when thieves have changed your password? Or when thieves have deleted your characters, or used them for bots/RMT and got them perma-banned? Because of weak security?

Totally disagree with dumbing down security.

Your suggestion is that EVERYBODY should accept poor security, because YOU can't remember your passwords/info, and YOU didn't keep your game keys. Why should people who look after their affairs properly, be punished because of people who don't?

Better to go to support because you can't remember your password, than go to support because you've been locked out by thieves, your account emptied, characters deleted/turned into bots etc.

I hope you all realize that NCsoft is going to be using Kount (see post #23) for handling the -payment- end of things. You're still going to get "hacked", and forever lose your junk, but your CC info is probably going to be safer.

I didnt make it clear in my post,

But I said "its my first MMO experience" I have learned a lot, and I will ALWAYS keep my keys for every game I purchase here on out, it was new to me, so I didnt put much importance in that whole aspect of "credentials" for a video game.

I understand passwords in the real world, applying such security measures to a game was, again, new to me. It makes sense having experienced first hand the time investment in an MMO type of game.

For me, the PlayNC master account was the failsafe for forgetting a password, it was working one way for the entire life of the game, then out of the blue it changed to needing your current password, this did hinder my ability to log into my own account.

Its not that hard to forget a password if you take a break from the game AND routinely change the password, I dont make a habbit of writing passwords down, because the PlayNC Reset was always available. So it is not hard to imagine that when I did in fact forget my password, I was pretty close to locked out of my own account, by the game company. While I am in the minority of cases like this, it still sucked to have put in the time and money, only to get locked out, GRANTED by my own mistakes, nevertheless I was very used to forgetting my pass, and being able to retrieve it through the NCSoft website.

If they would stick to one method, it would save a lot of confusion and as long as we know it is one way, or the other I have no problem. I prefer it the old way, for reasons that I stated, and I would assume that the majority of players would like it that way as well, the majority of GWGuru posters would probably like the extra security.

its been 5 years for some of us...the receipts (if you have them---mine are now BLANK --yes the ink has disappeared, I have a blank sheet of paper now) for something you got 5 years ago may not be around any longer. Yes I still have the boxes et al, but I hope I never need them.
Internet security to me is an oxymoron, there is no such thing, you can try and try but you will never succeed....however, to take a step BACKWARDS!! that is just mind-numbingly stupid.
I am truly glad I have no inclination to buy gw2 with ncsoft holding the account holders personal information for ransom---nope wont do it.

Axe, how come you were always able to remember your NCsoft/PlayNC password, but not your game password?