Account Security and Theft Policy - READ THIS
Well, I rest my case, some people just don't understand. This should not be a thread attacking or defending GGG.
I'm a trained engineer in system, network & security and even though I never had an account compromised (to my knowledge !) I don't believe myself safe. Security and account recovery are important features, it is sad if they can't be discussed because some enthusiast early users just shift the blame entirely on victims calling them dumb and irresponsible. I'll just add that PoE being free to play is actually an additional reason to offer this features if you expect people to buy additional content. In fact, I'm not that concerned: I don't believe that GGG are fools, they probably already have plans for that. |
|
Suggestion: start tracking the items by giving them unique IDs and some sort of log?
I mean, it might take a lot of disk space and a lot of computing power, but it may be well worth it. It would allow you to restore stolen items (by removing them where-ever they are) and find and ban people who used a RMT-site... |
|
plz add google authenticator for security method
just like Guild wars 2 |
|
After reading this, I realize completely what you are saying. Something along the lines of, "We don't care, we don't have the time/money to spend on making everything more secure". I understand this mentality business-wise as it is cheaper to not do anything about it vs. actually having to spend time/money on methods to stop this sort of thing from happening. What I do not understand is the "We won't restore characters" stance. Say I am level 73 and I get hacked, all my stuff cleared and then deleted. I think it would be easier for me if you restore my character, and allow me to start a new one and funnel all currency back to my level 73 in order to attempt to regear. I think as a company moving into gaming in this day and age the absolute lack of any sort of authentication is very lax and lazy on your company's part and seems to encourage hacking. The hands off approach also means you really don't have to spend any time/resources on focusing who is doing the actual hacking. I'll give you a scenario: Say I am a hacker that uses several methods to hack accounts. I get probably 40 accounts per day with my methods and pull in loads of currency. Well all that means is that the hacker in question can simply sell the currency online (which does happen like any game) and make a killer profit on your game and on your customers. Sure I am not a supporter, but as I was going along my friend and I were talking about buying bank tabs as its a logical approach to our inventories being filled. I am just really disappointed that a game being developed/produced in this day and age doesn't approach an issue that can be better dealt with correctly. (GW2 has a great system in place, and although not 100% effective it is still very effective)
|
|
" No, please don't do this. Its a complete pita for people with dynamic IPs. Everytime you want to log in and play, you need to activate a verification code via email. What you should add is a numeric 4 digit pin number that is entered via a mouse click virtual keypad in the game like in Maplestory, along with a timed delay on deleted characters, or verifcation of deletion using the pin number. (b) Personal abuse, foul language, inappropriate subject matter, obscene, harassing, threatening, hateful, or discriminatory or defamatory remarks of any nature ... are not permitted.
- PoE TOS. |
|
I like both. The authentificator (same as Blizzard) and the 10 digits squares you click to enter your password (Same as my bank).
You also have the sms confirmation, but it must cost a little. Or there is an other way (same as Apple and Facebook) : a confirmation when you enter your password with a different computer. Or the password must/can works only with your computer (with a serial number or anything else). |
|
i got hacked recently because i was stupid enough to check out that maphack ( yes i know own damn fault ) well i learned my lesson, now i was wondering is ther anyway to check if the keylogger is still in my system, i already changed my pw twice so then cant use my old pw anymore, thx for all help upcoming.
|
|
" Why would email authentication be required if you are already using Google authenticator? These are two independent systems, albeit more secure if used together. Last edited by Expire#6754 on Feb 12, 2013, 1:48:35 PM
|
|
" I disagree also.. If you are stupid enough to have your account stolen its amlost 100% users fault.. the most common way they steal your password these days is you using the SAME password on other webforums and user sites (which gets hacked very easily) Always use a unique password.. |
|
" cheater...hope they ban you |
|