|
Also like some people said, accounts would get hacked even if these "different city->verify" measures are taken into account.
Unless you can prove NOBODY at all (like 0% of players) gets hacked, then I don't see the harm in implementing something to help those that were indeed hacked.
On the other hand, if most hacking issues are related to passwords being stolen (outside of the game), meh I kind of see why it seems like a "waste" to do all of this.
I mean, the Terms of Services surely tell you that if your pass gets stolen it's your own fault, so it's not responsibility from GGG to give you back items that were stolen this way.
Is there any service that "can't" get hacked? Maybe Google Account, or Paypal, or something?
Maybe instead of using regular email verification, GGG can use that service to verify everything (just in case someone hacked your email account as well).
|
Posted bygonzaw#3022on Feb 24, 2013, 8:24:17 PM
|
|
QUESTION TO DEVELOPERS:
Will you implement the restoration of DELETED characters (with all items inside the char at the moment of the delete) ?
Last edited by sirianstar#2747 on Feb 24, 2013, 9:24:43 PM
|
Posted bysirianstar#2747on Feb 24, 2013, 9:24:02 PM
|
"
aryosgr wrote:
A new, immediate, patch should enforce email verification to any user, upon their 1st attempt to login using this patch, before being able to login to their account. An inconvenience for most, but will save from lots of hacker attempts based on hacked user catalogs. It should also disable the ability of changing the email address, using the website login. Simple as that and I believe can be implemented fast enough, to secure the thousands of users who have not yet used the 0.10.1D patch. Could also introduce the ability to disable the city/IP check (make it optional), after the 1st email verification.
*Specifically about changing the password using the website, this should 100% be enhanced, by having to use email verification again, before changing the password.
*Same for changing the email address.
* In the future, a smartphone validating application could be introduced, for both.
+1
"
Magus_Coldfire wrote:
The game needs a new, additional and different security layer, which is not based on the keyboard, because phishing programs can easily find out what you typed in when entering the password.
The idea is a mouse-click based security feature (like some games already use). When you log in into your account, a windows appears with 10 numbers (9-0) on it. The number positions are randomized after every click, so a phishing tool can't know which number got clicked due to the mouse positioning. The password there will/must be a 4 digit number.
(snip)
For the case you forgot your 4 digit number, it would be useless to implement a "Forgot number? We sent an email so that you can change it"-feature. Because it is highly possible that the hacker would have your email password. The only way to reset your 4 digit number is the support.
+1 again.
Invited to Beta 2012-03-18 / Supporter since 2012-04-08 Last edited by VideoGeemer#0418 on Feb 24, 2013, 10:28:49 PM
|
Posted byVideoGeemer#0418on Feb 24, 2013, 10:17:05 PM
|
"
Jaknet wrote:
Cannot wait for this to be improved as I'm sick of having my account locked everyday due to my ISP using dynamic IPs.
Go to play... no password... type it in again... account locked... check email... enter code... unlock account... attempt to play.
Sorry just cannot be bothered to put up with this to play anything.
Will try playing again when this is sorted, but not till then, Goodbye.
Edit. My ISP changes me from city to city every day. Same county so far.
They could add a feature that would recognize the **COMPUTER** rather than the physical location. Or maybe even both, but with flexibility. Say it's the same computer, within 100 km or so from the last login, that should be good enough. I mean, who else is going to have almost the same exact system, and be within 100 km of you, and try to use PoE? Compared to how many in the same city but with any number of possible system configurations?
Hell, if system recognition was specific enough, that could be ticked as an option which would override the city thing altogether. If I had the option to select system and state, I'd be good. :)
Invited to Beta 2012-03-18 / Supporter since 2012-04-08
|
Posted byVideoGeemer#0418on Feb 24, 2013, 10:22:24 PM
|
"
VideoGeemer wrote:
"
Jaknet wrote:
Cannot wait for this to be improved as I'm sick of having my account locked everyday due to my ISP using dynamic IPs.
Go to play... no password... type it in again... account locked... check email... enter code... unlock account... attempt to play.
Sorry just cannot be bothered to put up with this to play anything.
Will try playing again when this is sorted, but not till then, Goodbye.
Edit. My ISP changes me from city to city every day. Same county so far.
They could add a feature that would recognize the **COMPUTER** rather than the physical location. Or maybe even both, but with flexibility. Say it's the same computer, within 100 km or so from the last login, that should be good enough. I mean, who else is going to have almost the same exact system, and be within 100 km of you, and try to use PoE? Compared to how many in the same city but with any number of possible system configurations?
Hell, if system recognition was specific enough, that could be ticked as an option which would override the city thing altogether. If I had the option to select system and state, I'd be good. :)
That is what an IP address is supposed to do :P
I guess you could use MAC addresses though, those are unique I think.
Or maybe...maybe make it higher in the layer level? Maybe make each PoE client, when installed, create a single unique key, which is used for authentication (along account password when login in).
The whole "send activation code to email" would happen if the server gets a different "key" for said account, thus it means it's from a new client, which either means the guy re-installed it (in which case the guy needs to do that whole thing just once), or he's logging in from another PC (in which case he needs to do that email thing, maybe just once for that new PC), or...he was hacked.
|
Posted bygonzaw#3022on Feb 24, 2013, 10:40:31 PM
|
"
sirianstar wrote:
QUESTION TO DEVELOPERS:
Will you implement the restoration of DELETED characters (with all items inside the char at the moment of the delete) ?
Good question.
IGN JimansNotSummoner
|
Posted byJiman#2422on Feb 24, 2013, 11:45:40 PM
|
"
sirianstar wrote:
QUESTION TO DEVELOPERS:
Will you implement the restoration of DELETED characters (with all items inside the char at the moment of the delete) ?
Here they state they will not restore items for any reason (but maybe chars?):
http://webcdn.pathofexile.com/forum/view-thread/172532/page/1
People have asked us why we don't restore accounts when they are hacked. The reason is that the outcome of this would be far, far worse for the game. I understand it's hard to see that perspective when you're staring at an empty stash where your items were, but please consider what would happen to the economy if players could request their items to be restored due to theft. It would be very easy to fake an account theft - just ask a friend from elsewhere to log in and take your items before contacting support and asking for a restoration.
Last edited by Imaginaerum#5568 on Feb 24, 2013, 11:56:55 PM
|
Posted byImaginaerum#5568on Feb 24, 2013, 11:52:58 PM
|
"
Imaginaerum wrote:
"
sirianstar wrote:
QUESTION TO DEVELOPERS:
Will you implement the restoration of DELETED characters (with all items inside the char at the moment of the delete) ?
Here they state they will not restore items for any reason (but maybe chars?):
http://webcdn.pathofexile.com/forum/view-thread/172532/page/1
People have asked us why we don't restore accounts when they are hacked. The reason is that the outcome of this would be far, far worse for the game. I understand it's hard to see that perspective when you're staring at an empty stash where your items were, but please consider what would happen to the economy if players could request their items to be restored due to theft. It would be very easy to fake an account theft - just ask a friend from elsewhere to log in and take your items before contacting support and asking for a restoration.
I kind of want more feedback on my "idea".
It may convince GGG to restore chars and items later :P
...or at least change their justification for not doing that :P
|
Posted bygonzaw#3022on Feb 25, 2013, 12:36:03 AM
|
"
Imaginaerum wrote:
"
sirianstar wrote:
QUESTION TO DEVELOPERS:
Will you implement the restoration of DELETED characters (with all items inside the char at the moment of the delete) ?
Here they state they will not restore items for any reason (but maybe chars?):
http://webcdn.pathofexile.com/forum/view-thread/172532/page/1
People have asked us why we don't restore accounts when they are hacked. The reason is that the outcome of this would be far, far worse for the game. I understand it's hard to see that perspective when you're staring at an empty stash where your items were, but please consider what would happen to the economy if players could request their items to be restored due to theft. It would be very easy to fake an account theft - just ask a friend from elsewhere to log in and take your items before contacting support and asking for a restoration.
That is not the same. They don't restore items because it would double the items on the market then. But restoring deleted character at the moment it got deleted shouldn't be a problem, because it does not mess up the economy or number of items.
I didn't get hacked, but that would be a little bit satisfying for all those who got hacked and lost their characters.
|
Posted byAceNightfire#0980on Feb 25, 2013, 2:00:44 AM
|
"
exploder wrote:
Just an example:
Password: pathofexile
Password with replacement: p4th0f3x1l3
Password with Replacement and Transposition: 3x1l3f0p4th
Password with Replacement, Transposition and Signs: 3x1l3*f0!p4th
Password with Replacement, Transposition, Signs and Caps: 3X1l3*F0!p4Th
Password that is harder to hack than any of those: pathofexileismyauntsfavoritegamebecausesheistotallyeliteandawesomeeventhoughshedold
.. because size matters!
In regards to security of password on complexity vs size: Size will win hands down everytime. - I won't even make argumentation for that - just google it.
If you can teach only one thing to people about password security it should be 'size matters', then you can go on with all the complexity crap that usually just tend to make the forgotten password service busy. :)
Last edited by srnkrkgrd#2614 on Feb 25, 2013, 8:31:01 AM
|
Posted bysrnkrkgrd#2614on Feb 25, 2013, 8:26:48 AM
|
