You know that 24h no-trading/dropping they put on new accounts? What if they would add it on accounts that recently changed passwords or had x number of failed attempts before successfully logging in?
Here's my suggestion:
With an *optional* settings in Guild Wars, accounts are automatically put in 24h lock mode once suspect behavior is detected, mainly password change, or 3+ failed login attempts before a successful login. An email is also dispatched to the owner's currently registered email. This email can't be changed during the 24h lockdown as well.
However, it would be possible to play the game normally, just with a few restrictions:
* No item dropping, no trading, no character deletion, no email/password change.
In case someone do get hacked, they have 24h to react (assuming their email address was correct and read), which is a good time to change your password.
NOTE: Please, no topics about "hacked account is your own fault", we've seen enough posts like that, it won't lead to anything productive.
Optional Security: 24h locked-but-playable restriction
Bristlebane
RedDog91
If such a system were put in place, more people would complain about it messing up their trading than would be protected by it.
Bristlebane
Since it's an optional lockdown feature, and since the time is relatively short (24h), I think many people would consider it a fair price to pay. It's not like people type their password wrong everyday.
jazilla
I think they should just add an in-game password system for the Xunlai Vault. Make it so it has to be different from your log-in password. That way you get extra protection for your in game valuables.
Bristlebane
Quote:
|
Originally Posted by jazilla
I think they should just add an in-game password system for the Xunlai Vault. Make it so it has to be different from your log-in password. That way you get extra protection for your in game valuables.
|
Another Felldspar
/signed
If this were an option I would use it. I would also include a 24hr lockout if my account were accessed from a Chinese IP address.
This isn't a bad OPTION at all.
If this were an option I would use it. I would also include a 24hr lockout if my account were accessed from a Chinese IP address.
This isn't a bad OPTION at all.
drkn
So let's say i use that option. I log in into my account normally, no mistakes inputing u/p.
Then a hacker tries to log into my account, knowing everything but password. He didn't succeed, despite a great amount of tries. Next day, i log onto my account and, if i understand you correctly, i can't trade my stuff, out of a sudden.
All in all, i pay the price of a hacker's failed attempts in getting onto my account.
Sounds a bit silly.
Then a hacker tries to log into my account, knowing everything but password. He didn't succeed, despite a great amount of tries. Next day, i log onto my account and, if i understand you correctly, i can't trade my stuff, out of a sudden.
All in all, i pay the price of a hacker's failed attempts in getting onto my account.
Sounds a bit silly.
Bristlebane
Quote:
|
Originally Posted by drkn
All in all, i pay the price of a hacker's failed attempts in getting onto my account.
|
But if you ask me, I rather get my account locked from trading and dropping items for 24 hours rather than losing all my gold, minipets, weapons, armors and characters.
jazilla
Quote:
|
Originally Posted by Bristlebane
While I'm all for anything that adds a bit extra security, I doubt this would help much. Many people use characters as storages and they wouldn't be protected by this. You also didn't mention how often you need to type your password. Once every usage? Once every login? Only after x failed login attempts?
|
Hooper287
/signed
I've been hacked before too, and my account was permanently banned because of it. It was a 4 year old account and there was absolutely no way of getting it back. There are some of my friends who claim they have been hacked too, and they have proven it to me, they haven't even given out their passwords or anything that would allow someone to access their account.
Most people just say "oh, stop QQing about your account being hacked (insert leet speak insult here) you couldn't have been hacked without giving out your pass". Me and apprx 500 other people beg to differ.
I've been hacked before too, and my account was permanently banned because of it. It was a 4 year old account and there was absolutely no way of getting it back. There are some of my friends who claim they have been hacked too, and they have proven it to me, they haven't even given out their passwords or anything that would allow someone to access their account.
Most people just say "oh, stop QQing about your account being hacked (insert leet speak insult here) you couldn't have been hacked without giving out your pass". Me and apprx 500 other people beg to differ.
Chrisworld
I like the idea. But add *no item deletion* and *no item salvaging* to the list as well.
I find it hard to believe anyone would complain about this being a problem. If they change their password so often that it becomes a problem then they have the problem. Same goes for putting in the wrong password several times.
This is a great idea.
I find it hard to believe anyone would complain about this being a problem. If they change their password so often that it becomes a problem then they have the problem. Same goes for putting in the wrong password several times.
This is a great idea.
Master Ketsu
/signed for including it as an option the players could enable for themselves.
/unsigned for forcing it.
I would definitely enable it for myself. IMO this is the most brilliant suggestion I've seen here for a long time.
/unsigned for forcing it.
I would definitely enable it for myself. IMO this is the most brilliant suggestion I've seen here for a long time.
Ximvotn
A optional lock feature with a code different than your password. You can choose what to lock... for example: storage, armor, gold, weapons, characters, etc. that way nobody can move anything you change. If you lock character X then anyone who logs onto that character can not move items from his bags, or a complete storage lockout so nothing can be moved from that either. A more complex and selective lockout feature would hold my interest I suppose.
/signed
/signed
shadowfell
I mean, this sounds crazy and all, but the authorized location for ncsoft should be applicable to the in-game login too. Say, if someone tried to log into my account from anywhere other than my authorized location, red flag goes up and the account is locked or they get a =sorry, this location is not authorized= and are denied access. I would even still be ok with still getting booted out of game with the warning that goes something like, "Someone has attempted to access your account while you were logged in", disconnection error.
Then, I not only know someone tried to log into my account and that I have to go into panic mode, but that I have time to adjust whatever is needed to make sure it doesn't become a problem.
The downside is, if they're bruteforcing and just plugging in random emails to try and access a real account, that would pretty much notify them that they had a live one.
Also, Rift's Coin-Lock system, We need that here. It's better than Wow's authenticator, imo.
I had many other brilliant ideas, but it pretty much included banning china from accessing the internet at all and I don't think that will go over well.
Then, I not only know someone tried to log into my account and that I have to go into panic mode, but that I have time to adjust whatever is needed to make sure it doesn't become a problem.
The downside is, if they're bruteforcing and just plugging in random emails to try and access a real account, that would pretty much notify them that they had a live one.
Also, Rift's Coin-Lock system, We need that here. It's better than Wow's authenticator, imo.
I had many other brilliant ideas, but it pretty much included banning china from accessing the internet at all and I don't think that will go over well.
Bristlebane
Biggest concern is just how to avoid people grieving others on purpose. For example:
Say someone doesn't like you, manage to get your login email and enters a few bogus passwords every 24 hours putting account in a permanent lockdown mode.
Solutions to that would be that you could break the lockdown with a secondary password, and that you receive the exact time/date/ip address of whoever tried to access your account. That way you have a chance to track down who is grieving you.
Say someone doesn't like you, manage to get your login email and enters a few bogus passwords every 24 hours putting account in a permanent lockdown mode.
Solutions to that would be that you could break the lockdown with a secondary password, and that you receive the exact time/date/ip address of whoever tried to access your account. That way you have a chance to track down who is grieving you.
gremlin
Quote:
|
Originally Posted by Hooper287
/signed
I've been hacked before too, and my account was permanently banned because of it. It was a 4 year old account and there was absolutely no way of getting it back. There are some of my friends who claim they have been hacked too, and they have proven it to me, they haven't even given out their passwords or anything that would allow someone to access their account. Most people just say "oh, stop QQing about your account being hacked (insert leet speak insult here) you couldn't have been hacked without giving out your pass". Me and apprx 500 other people beg to differ. |
Friend gets hacked and proves it !!! really and you know for a fact they didn't give out their password.
The reality is we never know what people do, If my brother lost stuff from his account there is no way he could prove to me he didn't engineer it himself or post his password on the net.
I trust him, I believe him but he couldn't prove it, and that is the real problem in GW.
Absolutely no one knows the truth about hacking even those who are hacked only know their own situation.
No one not even anet can be sure about the level or not of genuinely hacked accounts.
Bristlebane
I had my account hacked once and I went a frekkin communication security class. A place where we hacked everything from WEP, Windows Server, DHCP etc. I do use a strong password (except ncsoft, they don't allow such a thing), I never ever shared account, never used my login email in any forum. And I'm certain I didn't have any keylogger, malware or virus on my computer as well. My point is, people who say "it's your fault" don't really know anything, they just repeat what others said on forums thinking they're now security experts.
Arghore
I like this idea, maybe not in it's current form (like changing passwords regulary tends to be a good thing, so why put a penalty on it), but the lock out of trading if a login has occured after X-times trying would be a good idea, and the password change would also be good if only it were accompanied by the X-times failed login. In those situations i would actually prefer a longer time (like a week perhaps even) given that the player can lift this restriction in some way, f/e contact with support and supplying them with the box codes for the account.
Bristlebane
Or unlocking it with a master password, or by typing in one of your product keys again.
It's good if it's somewhat automatic so we don't have to bug support too much about it.
It's good if it's somewhat automatic so we don't have to bug support too much about it.
CorDa616
I /sign this, but there are some complications to this idea.
Firstly, no dropping of items would cause a vast majority of new bugs to arise and is absolutely pointless as the drops they get really doesn't matter. For all you know the crafty bastard farms a VS and then realizes he can't sell it - that part you can consider payback and reward.
The restrictions put on the account, the 24-hour thing, won't exactly work properly as some, if not most, people don't log in every 24 hours. A better approach to this would be to revert the said account to a trial version account, at least schematics wise. Trail accounts can't trade and thus he won't be able to trade anything.
To end this a reasonable approach would be to have the person verify the changed password in their email address and have the account reset to normal functioning. This will severely limit the amount of hackings that occur from third-party apps and such.
However, the human stupidity factor still remains, which is the biggest part of why accounts get hacked.
Another way to approach this is to set up a 'master' password like you suggested, but not the keys as some people don't possess those anymore. What could be done is a 'secret question' type of thing. Not an automated one as a hacker can just string you through those questions. I would suggest you get to pick it, but when you need to type it in again the box does not reveal the original question.
IF you have a NCsoft account the question could be linked to that like the CD-keys, but not physically show when you try to access the account; or an alternative email can be set up where the question is sent if requested.
I applaud the idea but since GW2 is coming out soon it might just be useless. The con-men aren't going to stick around to fry small fish when a bigger one swims around. I think this would've been great if implemented from the start.
That's it from me and excuse any typo's, been awake a solid 30 hours.
Firstly, no dropping of items would cause a vast majority of new bugs to arise and is absolutely pointless as the drops they get really doesn't matter. For all you know the crafty bastard farms a VS and then realizes he can't sell it - that part you can consider payback and reward.
The restrictions put on the account, the 24-hour thing, won't exactly work properly as some, if not most, people don't log in every 24 hours. A better approach to this would be to revert the said account to a trial version account, at least schematics wise. Trail accounts can't trade and thus he won't be able to trade anything.
To end this a reasonable approach would be to have the person verify the changed password in their email address and have the account reset to normal functioning. This will severely limit the amount of hackings that occur from third-party apps and such.
However, the human stupidity factor still remains, which is the biggest part of why accounts get hacked.
Another way to approach this is to set up a 'master' password like you suggested, but not the keys as some people don't possess those anymore. What could be done is a 'secret question' type of thing. Not an automated one as a hacker can just string you through those questions. I would suggest you get to pick it, but when you need to type it in again the box does not reveal the original question.
IF you have a NCsoft account the question could be linked to that like the CD-keys, but not physically show when you try to access the account; or an alternative email can be set up where the question is sent if requested.
I applaud the idea but since GW2 is coming out soon it might just be useless. The con-men aren't going to stick around to fry small fish when a bigger one swims around. I think this would've been great if implemented from the start.
That's it from me and excuse any typo's, been awake a solid 30 hours.
gremlin
Quote:
|
Originally Posted by Bristlebane
I had my account hacked once and I went a frekkin communication security class. A place where we hacked everything from WEP, Windows Server, DHCP etc. I do use a strong password (except ncsoft, they don't allow such a thing), I never ever shared account, never used my login email in any forum. And I'm certain I didn't have any keylogger, malware or virus on my computer as well. My point is, people who say "it's your fault" don't really know anything, they just repeat what others said on forums thinking they're now security experts.
|
There is comfort in this if its their fault then our systems are safe we have no need to hassle support and press for changes.
I could come on here and say I had 30 years experience with windows was well versed in internet security.
I could add that I had a computer that only had one function and that was to play guild wars.
No surfing emails dodgy software etc and that I was hacked, it proves absolutely nothing.
Could be true could be complete rubbish, I might use "password" as my login pass have no antivirus share the computer with a dozen other people and have my login details on a post it note on the monitor.
We do not know how many are hacked whose fault it is and whether or not the current security is good enough.
And no posts on the forum about being hacked are going to advance that knowledge one iota.
Del
I'd say they should track what IP you usually log in from, and multiple failures from different IP should lock the account out, and during periods when the account is locked out, the owner of the account can still trade etc from their usual IP. Unless of course they have one of those ISPs that gives different IPs after every renewal period, rather than just re-assigning the same address.
Amy Awien
Quote:
|
Originally Posted by Bristlebane
You know that 24h no-trading/dropping they put on new accounts? What if they would add it on accounts that recently changed passwords or had x number of failed attempts before successfully logging in?
|
/notsigned
Quote:
|
Originally Posted by gremlin
I could come on here and say I had 30 years experience with windows ...
|
Del
Quote:
|
Originally Posted by Amy Awien
No thanks, I just tried to log in with caps-lock on, with your suggestion I might as well not play for the next 24 hours.
/notsigned |
Quote:
|
Originally Posted by Amy Awien
Mhh, dunno, I open and close windows every day but I don't see what fresh air has to do with passwords and computer-security.
|
Amy Awien
Quote:
|
Originally Posted by Del
... you've got bigger problems than not being able to play GW for a day.
|
Quote:
| Because clearly, he meant windows, and not windows OS. |
Del
Quote:
|
Originally Posted by Amy Awien
I am not the one having problems with account security.
|
Quote:
|
Originally Posted by Amy Awien
Riiiight. The OS Windows goes with a capital c. Had I written a comment around there not being a Windows OS 30 years ago I am sure you'd have pointed out the difference between Windows and windows.
|
Amy Awien
Quote:
|
Originally Posted by Del
I like how you cut out half of what I said and take that bit out of context because you can't even argue it. Knobhead.
|
Troll
Quote:
| ... whatever ... |
Goodbye.
Del
Quote:
|
Originally Posted by Amy Awien
What was that sig-advice again, yeah, something like, "don't argue with morons, they'll bring the discussion down to their level and beat you with experience".
Goodbye. |
Amy Awien
Don't bother replying, I won't read it, Goodbye means you're in ignore, which is where all the trolls go.
cosyfiep
/signed....any extra security is a good idea--makes it harder for the hackers, then I'm for it
Swingline
As I have said before I would like them use some security features that Perfect World has like...
A password for storage.
A lockout feature that you can set to any time frame.
A force login that is great to boot hackers off your account after you change the password.
A password for storage.
A lockout feature that you can set to any time frame.
A force login that is great to boot hackers off your account after you change the password.
gremlin
Good point I should have said computers and not windows.
People who use glass computers shouldn't throw stones, I think that's the saying.
Lot of redundant info posted about GW security and how many innocents are hacked etc and it never gets us anywhere because there are usually far more replies saying its your own fault compared to the few who ask for more security.
People who use glass computers shouldn't throw stones, I think that's the saying.
Lot of redundant info posted about GW security and how many innocents are hacked etc and it never gets us anywhere because there are usually far more replies saying its your own fault compared to the few who ask for more security.
Bristlebane
Anyway I think most what needed to be said has been said, except some flamings and what not. Maybe time to close this topic.
Thanks for the insights and comments guys/girls
Thanks for the insights and comments guys/girls
chris12xu
I like this idea.
maybe when they send you an email notifying you that your account is locked you can unlock it by providing info or in your master ncsoft account
overall this is probably the one idea to prevent hacking that I actually like
maybe when they send you an email notifying you that your account is locked you can unlock it by providing info or in your master ncsoft account
overall this is probably the one idea to prevent hacking that I actually like
drkn
Lemme put more emphasis on it - some jerk tries to log onto my account, fails five times, moves on to another email, and then i have to take the punishment of his actions. The not-so-lucky hacker just leaves me be, for the time being, and moves on. As the outcome, it's me who has to suffer the '24h trading lock'.
While it's an awesome idea directed to people that actually get hacked, i believe the successful hacks are only a tiny percentage of all the attempts. This means that everyone whose account ain't broken into suffers from this system rather than benefit.
There would have to be some way to unlock trades the minute i log into the game, without bugging support. If not, this idea is one of the worst regarding the account security, seen from perspective wider than one poor hacked guy out of hundreds who were 'lucky' enough to thwart hacker's attempts.
Also, +1 for Gremlin in this thread.
While it's an awesome idea directed to people that actually get hacked, i believe the successful hacks are only a tiny percentage of all the attempts. This means that everyone whose account ain't broken into suffers from this system rather than benefit.
There would have to be some way to unlock trades the minute i log into the game, without bugging support. If not, this idea is one of the worst regarding the account security, seen from perspective wider than one poor hacked guy out of hundreds who were 'lucky' enough to thwart hacker's attempts.
Also, +1 for Gremlin in this thread.
cosyfiep
actually I have a RL example of this kind of thing...my cc likes to make sure there is no fraud on my account...so when I went on a trip and even though made both the hotel and flight purchases with the card, when I got to my destination, my card was blocked! Was it a hassle to prove to the merchant that yes, I am really the card holder and there must be some explanation for this? yeah....so after a call to said cc, and informing them that, yeah I am REALLY on vacation..they did unblock the card.
Am I glad my cc cares? oh yeah. so
yeah, I would rather have a day of not trading then having NOTHING left on my account.
(a 2ndary password to unlock the trading lock could solve this--kinda like the phone call I made to my cc to prove I was really who I am).
Am I glad my cc cares? oh yeah. so
yeah, I would rather have a day of not trading then having NOTHING left on my account.
(a 2ndary password to unlock the trading lock could solve this--kinda like the phone call I made to my cc to prove I was really who I am).
Bristlebane
Quote:
|
Originally Posted by cosyfiep
(a 2ndary password to unlock the trading lock could solve this--kinda like the phone call I made to my cc to prove I was really who I am).
|
prism2525
Or else one could implement a feature to allow the account log in only from an IP address in your home country. This can be disabled after logging in in the settings menu o/c.
I don't think that a Maltese guy like me is going to log in from China any day soon, and my e-mail/password combination was never shared, so any attempt to log in from China could alert me to possible security leaks and I could take action and change my e-mail and password.
I don't think that a Maltese guy like me is going to log in from China any day soon, and my e-mail/password combination was never shared, so any attempt to log in from China could alert me to possible security leaks and I could take action and change my e-mail and password.
Del
Quote:
|
Originally Posted by prism2525
Or else one could implement a feature to allow the account log in only from an IP address in your home country. This can be disabled after logging in in the settings menu o/c.
I don't think that a Maltese guy like me is going to log in from China any day soon, and my e-mail/password combination was never shared, so any attempt to log in from China could alert me to possible security leaks and I could take action and change my e-mail and password. |
cosyfiep
well...it would at least prevent some of the hacking/whatever its called now...from going on....certainly a red flag should go up if the ip changes radically!