For all those who got hacked, take a look at this suggestion.

Hey guys,

Since some days many people get hacked and I think it's a serious issue for everyone, even for people who didn't get hacked (yet). There, the game needs a new, additional and different security layer, which is not based on the keyboard, because phishing programs can easily find out what you typed in when entering the password.

The idea is a mouse-click based security feature. When you log in into your account, a windows appears with 10 numbers (9-0) on it. The number positions are randomized after every click, so a phishing tool can't know which number got clicked due to the mouse positioning. The password there will/must be a 4 digit number. This will take like 10 seconds for you to type in (guess even less), but it will provide a much tighter security level. So even if the hacker knows your normal password, he can't figure out your number so easily. After 5 failed tries, your account get locked for 1 hour and you get an email and a private message in the forum, that someone tried to log in 5 times and failed. With this information, you can change your main password and after 1 hour of waiting, you can play again.

For the case you forgot your 4 digit number, it would be useless to implement a "Forgot number? We sent an email so that you can change it"-feature. Because it is highly possible that the hacker would have your. The only way to reset your 4 digit number is the support. You have to identify yourself in a way, so that GGG can see that that is your account. Then they can reset your digit password and you can choose a new one. Another option would be, that you have to type in your handy number when creating an account and in case you forgot the number, you can receive a SMS with a number/password which lets you reset the digit password. So it's highly recommended that you don't forget it.


I know that this isn't the suggestion area, but it is such a big deal right now that I feel this is really important. OF COURSE if you have a better suggestion or would like to add something to this idea, feel free to post it here! But I think we should fix this issue asap, because this hacking wave can ruin many players hard work and on top of it it can ruin the economy sooner or later...
"
Magus_Coldfire wrote:
Hey guys,

Since some days many people get hacked and I think it's a serious issue for everyone, even for people who didn't get hacked (yet). There, the game needs a new, additional and different security layer, which is not based on the keyboard, because phishing programs can easily find out what you typed in when entering the password.

The idea is a mouse-click based security feature. When you log in into your account, a windows appears with 10 numbers (9-0) on it. The number positions are randomized after every click, so a phishing tool can't know which number got clicked due to the mouse positioning. The password there will/must be a 4 digit number. This will take like 10 seconds for you to type in (guess even less), but it will provide a much tighter security level. So even if the hacker knows your normal password, he can't figure out your number so easily. After 5 failed tries, your account get locked for 1 hour and you get an email and a private message in the forum, that someone tried to log in 5 times and failed. With this information, you can change your main password and after 1 hour of waiting, you can play again.

For the case you forgot your 4 digit number, it would be useless to implement a "Forgot number? We sent an email so that you can change it"-feature. Because it is highly possible that the hacker would have your. The only way to reset your 4 digit number is the support. You have to identify yourself in a way, so that GGG can see that that is your account. Then they can reset your digit password and you can choose a new one. Another option would be, that you have to type in your handy number when creating an account and in case you forgot the number, you can receive a SMS with a number/password which lets you reset the digit password. So it's highly recommended that you don't forget it.


I know that this isn't the suggestion area, but it is such a big deal right now that I feel this is really important. OF COURSE if you have a better suggestion or would like to add something to this idea, feel free to post it here! But I think we should fix this issue asap, because this hacking wave can ruin many players hard work and on top of it it can ruin the economy sooner or later...


This is basically what an authenticator is, but by being on the host machine it would be far less secure. Hacking should pretty much be solved for anyone but the most inept computer users with Ggg's email security feature they just added.
"
Lask001 wrote:
This is basically what an authenticator is, but by being on the host machine it would be far less secure. Hacking should pretty much be solved for anyone but the most inept computer users with Ggg's email security feature they just added.


You underestimate the ineptitude of computer users.
The new email system won't really work. Hackers who have your PoE password will have your email password with a high chance too... This way they can log in from a different location and receive the password with the code to unlock the account for the new pc.

Most people get hacked due to phishing tools on the pc. So we need a security layer, which a phishing tool can't read so easily. The randomized number buttons + mouse clicks will help alot to improve the security. Ofc, if someone hacks the server, he can easily grab the 4 digit number AND your password. But that's something that happens rarely and if, they can do a rollback to a point where nothing happened.
"
ionface wrote:
You underestimate the ineptitude of computer users.


LOL... thanks, I needed a good chuckle :)
Anyone who thinks “the customer is always right” never worked in tech support.
^^ Oh ION :P
"
ionface wrote:
"
Lask001 wrote:
This is basically what an authenticator is, but by being on the host machine it would be far less secure. Hacking should pretty much be solved for anyone but the most inept computer users with Ggg's email security feature they just added.


You underestimate the ineptitude of computer users.


Oh, I know hacking won't be rare.
AION uses this system I believe and its a 6 digital code. (mouse click only) Every character has its own unique code

/signed
I smell blood, something is calling me..
Devs should read this. :P
good idea

could also add a PIN for your stash maybe?

once you log in and unlock your stash it will stay unlocked until you log out again
Last edited by xAdApt#5804 on Feb 24, 2013, 6:00:46 PM

Report Forum Post

Report Account:

Report Type

Additional Info