Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Fuzzy Avatars Solved! Please re-upload your avatar if it was fuzzy!

Force players to use authenticator/one time password

gessekai332gessekai332 New York City, NYPosts: 877Member Common

I honestly think the authenticator password should be mandatory. Theres a ton of bots in game and almost all of them are hacked accounts. mmorpgs should just force the use of authenticators so this doesnt happen. most people arent stupid enough to fall for phishing scams, have unique passwords, and they dont buy gold, but they still get hacked anyway. I find that a lot of 3rd party websites targetted to the mmorpg of choice, have lot of security flaws and are even displaying banner ads asking you to buy gold for that specific game. I'm pretty sure this is how a lot of people are getting infected and their passwords stolen, from visiting ffxiv wiki or something to just look up skills or an item and then having some malicious script install a keylogger or worm into their computer. honestly, when i visit one of those ffxiv wiki's i feel like they are being hosted by the same companies running illegal streaming sites, except now the people installing viruses know exactly what virus to send to my computer to get my information.

 

i hate bots and gold sellers, they along with people who buy from them should just die.

Most memorable games: AoC(Tryanny PvP), RIFT, GW, GW2, Ragnarok Online, Aion, FFXI, FFXIV, Secret World, League of Legends (Silver II rank)

Comments

  • DMKanoDMKano Gamercentral, AKPosts: 8,530Member Uncommon

    They can't force it - not everyone has a smartphone (believe it or not) and some folks are not willing to buy the physical fob.

    They should let players use Google authenticator as it supports multiple apps (each game would still generate a unique code, but they would all be listed under Google Authenticator).

    Currently I have a Rift app, Battle.net, Square Enix - I could have an entire screen on my phone with authenticator apps, its just dumb.

    But they'd have to pay Google, oh well.

     

  • GeezerGamerGeezerGamer ChairPosts: 5,590Member Uncommon

    I agree, but we are talking about the same people who probably have the one password does it all mentality. So they replicate their passwords on every online resource they ever use.

    I once had my WoW account hacked. They didn't actually hack my WoW account. they hacked my email account and changed my WoW password through battlenet. Since then, I use a spreadsheet. All my passwords are on it. and are NEVER EVER keyed. Even the original paste are cut n pasted from other sources. Once it's on the sheet, I'll never key it in anywhere.

    Well, for FF14, I don't care since I use the OTP.

    Beyond that, I have a speparate password for everything I do, no password is duplicated anywhere. I use NoScript in Firefox, along with Antivirus and SpyBot. I keep regular updates and active scans. I probably don't need OTP but I won't take any chances.

    And frankly, if you are going to pay a monthly sub, not getting the authenticator is a bit ridiculous. Frankly, they should have charged $40 for the game and mailed them out to everyone.

  • LugorsLugors EarthPosts: 180Member Uncommon

    I looked at this option, but there are fair amount of comments on the SE mobile authenticator regarding problems.  Specifically, the mobile app bugs out, and will lock you out of your account when it does so. That coupled with the lack of responsive and competent customer service make this a non starter.

  • RidelynnRidelynn Fresno, CAPosts: 4,177Member Uncommon

    Mandatory - no.

    But for FFXI they did offer incentives, like extra bag space, if you linked an authenticator to your account. I can see them doing something similar here.

    They do ship the authenticator with the physical CE edition. And they make the mobile app available for free...

    Authenticators don't fix everything, and I find them to be a royal pain in the ass to have to use -- especially since you can't even log into the Lodestone without it (and I'd like to check from work, but damn, left my fob at home) but they go a very long way to helping.

  • svannsvann san jose, CAPosts: 1,639Member Uncommon
    They are a pain, and I was thinking of unlinking mine, but with the amount of stolen accounts we are seeing no way.  Imagine getting your account stolen, spending hours getting through to customer support, and then when you get back in game half the server has you on blacklist because of gil seller spamming.
  • rojoArcueidrojoArcueid hell, NJPosts: 6,778Member Uncommon

    is not the companies fault that careless people get hacked.

     

    Fortunately i have never been hacked, but it is not a coincidence that i happen to use long passwords mixed with numbers, symbols, capital and lower case letters, making words not found in dictionaries. And i am not lazy about my accounts security so i do that with every account i have.

     

    I also have a physical paper full of passwords in case i forget them (which i tend to do, a lot of times), nobody enters my room so it is safe here.

     

    Also keep the computer clean. People shouldnt point fingers other than to themselves when they arent doing their homework then get hacked because of it. The authenticator is a nice little helper but i only use it in WoW. Relying too much on authenticators would deter (IMO) my habit of securing long and dificult passwords.

    image
  • spankybusspankybus Orlando, FLPosts: 1,154Member Uncommon
    Originally posted by rojo6934

    is not the companies fault that careless people get hacked.

     

    Fortunately i have never been hacked, but it is not a coincidence that i happen to use long passwords mixed with numbers, symbols, capital and lower case letters, making words not found in dictionaries. And i am not lazy about my accounts security so i do that with every account i have.

     

    I also have a physical paper full of passwords in case i forget them (which i tend to do, a lot of times), nobody enters my room so it is safe here.

     

    Also keep the computer clean. People shouldnt point fingers other than to themselves when they arent doing their homework then get hacked because of it. The authenticator is a nice little helper but i only use it in WoW. Relying too much on authenticators would deter (IMO) my habit of securing long and dificult passwords.

    For a lot of people, I think they get key logger software loaded onto their machine by going to FFXIV information websites that are created by RTM houses. If I remember, Alla Kazham was suspected of doing this to people...they host a ton of helpful info on the game, quests, etc...and while yer there, you get a key logger and bam, your acct is hacked.

     

    shady, shady people out there.

    Frank 'Spankybus' Mignone
    www.spankybus.com
    -3d Artist & Compositor
    -Writer
    -Professional Amature

  • Swedish_ChefSwedish_Chef of heroes, MSPosts: 213Member

    Not mandatory. Not everybody has a smart phone (I personally hate the blasted things), and there's really no practical way to get authenticators to people who buy digital copies without making them wait a few days (or longer) after they register their game code to play. I suppose a 'grace period' could be offered, but that presents its own set of problems.

    I do feel that there's absolutely no reason why any P2P or B2P MMO shouldn't have both a software based and physical one as an available security option, and a physical one should be included in the contents of any boxed copies of an online game sold.

    Much like vehicle security systems, they won't stop a determined professional but they'll certainly ruin an average thief's day.

  • DMKanoDMKano Gamercentral, AKPosts: 8,530Member Uncommon

    I actually don't know any of my game passwords - I don't need to - just need to know the password to get into my password program keeper (I use LastPass and KeePass) and that's it. What's nice about these apps is that they don't keep the pwd in your clipboard, it auto-flushes them from memory after 10seconds. 

    I don't even know my email passwords at this point.

    They are all a complete mishmash of characters and always the max length.

    stuff like this (example - not an actual pswd lol) 

    S+Nyz8ZIk,BW.1H

    No way in hell I could remember that even if I wanted to... let alone remember multiple ones like that.. forget it.

     

    The other *must* is using authenticator apps for email AND games!

     

  • DMKanoDMKano Gamercentral, AKPosts: 8,530Member Uncommon
    Originally posted by spankybus
    Originally posted by rojo6934

    is not the companies fault that careless people get hacked.

     

    Fortunately i have never been hacked, but it is not a coincidence that i happen to use long passwords mixed with numbers, symbols, capital and lower case letters, making words not found in dictionaries. And i am not lazy about my accounts security so i do that with every account i have.

     

    I also have a physical paper full of passwords in case i forget them (which i tend to do, a lot of times), nobody enters my room so it is safe here.

     

    Also keep the computer clean. People shouldnt point fingers other than to themselves when they arent doing their homework then get hacked because of it. The authenticator is a nice little helper but i only use it in WoW. Relying too much on authenticators would deter (IMO) my habit of securing long and dificult passwords.

    For a lot of people, I think they get key logger software loaded onto their machine by going to FFXIV information websites that are created by RTM houses. If I remember, Alla Kazham was suspected of doing this to people...they host a ton of helpful info on the game, quests, etc...and while yer there, you get a key logger and bam, your acct is hacked.

     

    shady, shady people out there.

     

    Keyloggers are extremely rare these days(almost extinct), by far most account hacks are done via using database info from game companies that were breached.

    Email phishing would be the 2nd most popular.

     

  • SpottyGekkoSpottyGekko RotterdamPosts: 3,845Member Uncommon
    Originally posted by DMKano
    Originally posted by spankybus
    Originally posted by rojo6934

    is not the companies fault that careless people get hacked.

     

    Fortunately i have never been hacked, but it is not a coincidence that i happen to use long passwords mixed with numbers, symbols, capital and lower case letters, making words not found in dictionaries. And i am not lazy about my accounts security so i do that with every account i have.

     

    I also have a physical paper full of passwords in case i forget them (which i tend to do, a lot of times), nobody enters my room so it is safe here.

     

    Also keep the computer clean. People shouldnt point fingers other than to themselves when they arent doing their homework then get hacked because of it. The authenticator is a nice little helper but i only use it in WoW. Relying too much on authenticators would deter (IMO) my habit of securing long and dificult passwords.

    For a lot of people, I think they get key logger software loaded onto their machine by going to FFXIV information websites that are created by RTM houses. If I remember, Alla Kazham was suspected of doing this to people...they host a ton of helpful info on the game, quests, etc...and while yer there, you get a key logger and bam, your acct is hacked.

     

    shady, shady people out there.

     

    Keyloggers are extremely rare these days(almost extinct), by far most account hacks are done via using database info from game companies that were breached.

    Email phishing would be the 2nd most popular.

     

    Indeed.

    It's far less effort on the part of the "account hacker" to just create a fake website and then send out 500K (fully automated) phishing emails. The recipients of the emails will do the rest, the hacker simply sits back and harvests the incoming passwords.

    3rd party fansites for games are really useful, but I doubt they spend much money on security and/or database encryption. They almost all have user registration databases (those details can be monetized), but I'd not be in the least surprised if they are regularly hacked and have all their registration details stolen. They probably don't really care, anyway. People that use the same password for everything are at major risk there.

     

    I use different and reasonably complex passwords for every single website or game that requires one. I'm paranoid about emails and I will NEVER click on a link in a mail if there is any other way of logging into the website and getting the action performed. There usually is, the email links are almost always for convenience only. I have never had a game account hacked in 13 years of online gaming. Maybe I'm just lucky.

  • JeroKaneJeroKane OsloPosts: 5,353Member Uncommon
    Originally posted by DMKano
    Originally posted by spankybus
    Originally posted by rojo6934

    is not the companies fault that careless people get hacked.

     

    Fortunately i have never been hacked, but it is not a coincidence that i happen to use long passwords mixed with numbers, symbols, capital and lower case letters, making words not found in dictionaries. And i am not lazy about my accounts security so i do that with every account i have.

     

    I also have a physical paper full of passwords in case i forget them (which i tend to do, a lot of times), nobody enters my room so it is safe here.

     

    Also keep the computer clean. People shouldnt point fingers other than to themselves when they arent doing their homework then get hacked because of it. The authenticator is a nice little helper but i only use it in WoW. Relying too much on authenticators would deter (IMO) my habit of securing long and dificult passwords.

    For a lot of people, I think they get key logger software loaded onto their machine by going to FFXIV information websites that are created by RTM houses. If I remember, Alla Kazham was suspected of doing this to people...they host a ton of helpful info on the game, quests, etc...and while yer there, you get a key logger and bam, your acct is hacked.

     

    shady, shady people out there.

     

    Keyloggers are extremely rare these days(almost extinct), by far most account hacks are done via using database info from game companies that were breached.

    Email phishing would be the 2nd most popular.

     

    This, especially With up to date Security (anti mallware and anti virus) it´s almost impossible to get keyloggers installed anymore.

    Except for Internet Cafes tho! There People can install mallware and sit behind you on another computer and Fish Your account info away via the network.

    Most People get hacked who use the same password everywhere else, like public sites, forums, guild sites, etc that have very low Security and are easily hacked.

  • JustsomenoobJustsomenoob lexington, KYPosts: 871Member

    Not that there's anything wrong with doing so, but going out of your way to use these complicated 15 character passwords that use a bunch of symbols does next to nothing to make these online accounts more secure.

     

    The accounts being compromised aren't being "guessed".   They aren't being brute forced and gotten into because the password wasn't strong enough.   They're one shot, first login attempts because they got the password in full from another source.  

     

     

  • ReizlaReizla AlkmaarPosts: 3,300Member Uncommon
    Originally posted by DMKano

    They can't force it - not everyone has a smartphone (believe it or not) and some folks are not willing to buy the physical fob.

    They should let players use Google authenticator as it supports multiple apps (each game would still generate a unique code, but they would all be listed under Google Authenticator).

    Currently I have a Rift app, Battle.net, Square Enix - I could have an entire screen on my phone with authenticator apps, its just dumb.

    But they'd have to pay Google, oh well.

    Or not eveyone has a iPhone/Android smartphone. My smartphone is of an older generation (Nokia C6 running Symbian) and I'm not gonna exchange it for an iPhone or Android monstrosity ;-)

    About the Google app... I hate it that it's 'locked' behind the Google Play store. I do have an Android MP3-player, but that one (like most native MP3-players) is no Google Play supported device. I'd love to use the Android app on that thing, but too bad I can't download it :-(

    With all those hacked accounts and the need of more security I decided to buy the physical authenticator today. Also because I'm planning on playing FFXIV:ARR for the coming months (year?). Sadly though, the SOE & Blizzard authenticators can't be used for FFXIV:ARR, where I can use the 2 of them for each other's service...

    AsRock 990FX Extreme3
    AMD Phenom II 1090T ~3.2Ghz
    GEiL 16Gb DDR3 1600Mhz
    ASUS GTX970 3x HD monitor 1920x1080

  • timeraidertimeraider BredaPosts: 568Member Uncommon
    Hate bots and goldsellers to, but disagree with your idea anyway.
    Main games: Heroes of the Storm, Starcraft 2, Brawlhalla
    Waiting for: Overwatch

  • Kayo45Kayo45 Neverland, AKPosts: 293Member

    No ... not everyone has smartphones nor should everyone be forced to buy the keychain thing. They couldve just included it with every purchase of the game but that ship has sailed now.

  • VoqarVoqar Phoenix, AZPosts: 498Member

    I don't think authenticator or one-time password stuff is necessary.

     

    They could force a password reset and force strong passwords.  This is a bit less of a pain for users.  ANet did it early on with GW2 if memory servers due to the number of morons getting hacked.

     

    People *should* start learning (years ago) to use basic common sense when it comes to security and the web.

     

    If you use the same usernames and passwords across sites and games or use anything but strong passwords, you are pretty much asking to be hacked.

     

    I'm getting pretty tired of seeing threads about people getting hacked and blaming everyone but themselves.  It's not SE's fault if your computer is a cesspool, you lack basic common sense, and you're too stupid and lazy to do very simple things to protect your data.

     

    I'm also tired of gil spammers.  Yeah, SE could do *ANYTHING/SOMETHING* to filter the spam, or since it's P2P they could actually have GMs that keep chat clear.  But SE has so far proven to be pretty much all around inept.  Most of the gil spammers I've seen are most likely from hacked accounts.  So, hey players, wake the hell up and protect your accounts!

     

    You can use Microsoft Security Essentials for FREE (and it's decently regarded) virus protection.  Since it's by MS it is completely seamless with windows and you'll never know it's there, unlike a lot of other virus protection software that is bloated, generally annoying, AND costs yearly fees.  Keeping your machine free of keyloggers, Trojans, and viruses is very basic security.  Install once and never think about it again.  MS SE works with windows going back to XP and has been around for years now.  There's no excuse for not having virus protection when you can get quality protection for free.

     

    You can use a program like KeePass to generate unique and highly complex passwords for all the forums and games you use.  KeePass is an encrypted password database - all you'll ever need with this type of program is to remember the password for IT.  This is a very simple way to add a huge amount of protection to your logins.  YOU won't even know your passwords (you can look at them but it's not exactly easy to remember 12-20 digit mixes of random characters, numbers, and symbols).  KeePass lets you create passwords of different lenths or customize your own creation schemes for those amazingly lame entities that don't let you have long passwords (really, really annoying in this day and age of hacking and security).

     

    Unfortunately a lot of games use your email address for a login.  Unless you create a bunch of different accounts or a new account for each game you play, you are very likely already at risk due to this.  Email addresses get passed around like sorority chicks.  If a potential hacker has your username, you're already half way cracked.  It is imperative that you use a very strong unique password for any game where you're using an email address that you use anywhere else.

     

    It's hard to teach common sense but treat the web with caution.  Be a "defensive user."  No game company will ever ask you for the password to your account.  Anybody asking for that is trying to scam you.  Ie, do not ever give your password to anybody.  Learn to differentiate between quality online resources and crappy ones that are likely going to be littered with e-garbage (like Trojans and stuff).  If you buy gill from RMT and/or use any other TOS breaking junk, you not only risk losing your account if SE catches and punishes you, but obviously dealing with scumbags is a great way to compromise your account and data since they're not exactly giving a crap about anything except easy money.

     

    Premium MMORPGs do not feature built-in cheating via cash for gold pay 2 win. PLAY to win or don't play.

Sign In or Register to comment.