Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Fuzzy Avatars Solved! Please re-upload your avatar if it was fuzzy!

@heypleasehackmyaccount What's the point of this?

adam_noxadam_nox hays, KSPosts: 2,036Member Uncommon

I mean, why does it let you name a character whatever you want, with spaces, etc, and keeps all names unique, and then tells everyone your account login name?

 

Part of security is keeping both login and password secret, or preventing a link between what people know about you, your character, hobbies, anything identifiable, and your account name.  This is why email based logins are horrible. 

 

Imagine my surprise at joining a guild (which you can join 5 lol), and all these people I don't know suddenly know each others logins.

 

Not only that, but your login often just lacks character.  It doesn't represent you, and sometimes it's going to be stupid (mine is not), but you keep it around just because you are used to using it.

 

Annoyed... again.

«13

Comments

  • TheLizardbonesTheLizardbones Arkham, VAPosts: 10,910Member

    Usernames are a security non-issue because it's not the 80s.  Unless people pick a really stupid password, in which case it's their own fault for picking a password that could be cracked in a hundredth of a second by a machine on the first try.

     

    That is, so long as there are additional systems in place, like lockouts, increasing timeouts on failed attempts, IP checks, etc.  If it's just a username/password thing, and the passwords chosen are poor, this could lead to some 80s kind of scenarios.

     

    It does lead to some poor choices in how people sound to each other.  Might have been cool to let people pick a family name, but then they might run into the same issue with people picking ridiculous stuff just so they could get past the name form.

     

    I can not remember winning or losing a single debate on the internet.

  • Lord.BachusLord.Bachus Den HelderPosts: 9,065Member Uncommon
    Originally posted by lizardbones

    Usernames are a security non-issue because it's not the 80s.  Unless people pick a really stupid password, in which case it's their own fault for picking a password that could be cracked in a hundredth of a second by a machine on the first try.

     

    That is, so long as there are additional systems in place, like lockouts, increasing timeouts on failed attempts, IP checks, etc.  If it's just a username/password thing, and the passwords chosen are poor, this could lead to some 80s kind of scenarios.

     

    It does lead to some poor choices in how people sound to each other.  Might have been cool to let people pick a family name, but then they might run into the same issue with people picking ridiculous stuff just so they could get past the name form.

     

    You are misinformed...

     

    your username is a very important part of your securrity... As the OP said, its about 50% of your protection, because if they dont know your username, they are not even going to try and hack your account...   Thats why systems that use email adresses as account names are bad..

     

    and this system is even worse...

    Best MMO experiences : EQ(PvE), DAoC(PvP), WoW(total package) LOTRO (worldfeel) GW2 (Artstyle and animations and worlddesign) SWTOR (Story immersion) TSW (story) ESO (character advancement)

  • KarteliKarteli Providence, PAPosts: 2,646Member
    Originally posted by Lord.Bachus
    Originally posted by lizardbones

    Usernames are a security non-issue because it's not the 80s.  Unless people pick a really stupid password, in which case it's their own fault for picking a password that could be cracked in a hundredth of a second by a machine on the first try.

     

    That is, so long as there are additional systems in place, like lockouts, increasing timeouts on failed attempts, IP checks, etc.  If it's just a username/password thing, and the passwords chosen are poor, this could lead to some 80s kind of scenarios.

     

    It does lead to some poor choices in how people sound to each other.  Might have been cool to let people pick a family name, but then they might run into the same issue with people picking ridiculous stuff just so they could get past the name form.

     

    You are misinformed...

     

    your username is a very important part of your securrity... As the OP said, its about 50% of your protection, because if they dont know your username, they are not even going to try and hack your account...   Thats why systems that use email adresses as account names are bad..

     

    and this system is even worse...

    Using emails as logins is standard because other MMO's do it .. Zzzzz...

     

    Requiring a credit card up ftont on a free 30 day period is OK because other MMO's do it... Zzz....

     

    Cash-shops in P2P games are OK because other MMO's do it.....

     

    Pay-to-Skip is OK because other MMO's do it...

     

    I guess SOE's pay to get better customer service might be cream of the crop.  That is just win right there.

     

    when does it end?

     

    OK just generalizations .. I frowned when Blizzard went with emails instead of unique logon names.  WHY???  But now logon names are public info in ESO  .. that's a serious issue.  A.REALLY.BIG.ISSUE.ZENIMAX.  give half the password away too while your at it.

     

     

    Want a nice understanding of life? Try Spirit Science: "The Human History"
    http://www.youtube.com/watch?v=U8NNHmV3QPw&feature=plcp
    Recognize the voice? Yep sounds like Penny Arcade's Extra Credits.

  • g0m0rrahg0m0rrah indianapolis, INPosts: 269Member
    Originally posted by lizardbones

    Usernames are a security non-issue because it's not the 80s.  Unless people pick a really stupid password, in which case it's their own fault for picking a password that could be cracked in a hundredth of a second by a machine on the first try.

     

    That is, so long as there are additional systems in place, like lockouts, increasing timeouts on failed attempts, IP checks, etc.  If it's just a username/password thing, and the passwords chosen are poor, this could lead to some 80s kind of scenarios.

     

    It does lead to some poor choices in how people sound to each other.  Might have been cool to let people pick a family name, but then they might run into the same issue with people picking ridiculous stuff just so they could get past the name form.

     

     

       The only important mitigating factor in security is time.  If you freely give out logins you are reducing the time it takes to hack.  I had a talk with my neighbor the other day because his WiFi was set to wep.  I brought him to my house and showed him how easy it is to hack, 3 minutes to break from start to finish and that is only because I am a bit slow and linux is still a bit foreign to me.  I spoofed the mac address of his xbox , which is giving me basically a login ID equivalent.  Now yes wep is weak encryption but like I said originally the only real mitigation to hacking is time.  Anything can be hacked given enough time.  So for security you attempt to put as much time between the hacker and his goal as possible hoping they will go for an easier Target (pun intended).

  • ManasongManasong CuritibaPosts: 208Member
    Is the ESO account handle any different than GW2 account handle security wise? In GW2 you can easily see acount names of anyone you put on your friends list, group party (I think) and guild, just by hovering their names.
  • KarteliKarteli Providence, PAPosts: 2,646Member
    Originally posted by g0m0rrah
    Originally posted by lizardbones

    Usernames are a security non-issue because it's not the 80s.  Unless people pick a really stupid password, in which case it's their own fault for picking a password that could be cracked in a hundredth of a second by a machine on the first try.

     

    That is, so long as there are additional systems in place, like lockouts, increasing timeouts on failed attempts, IP checks, etc.  If it's just a username/password thing, and the passwords chosen are poor, this could lead to some 80s kind of scenarios.

     

    It does lead to some poor choices in how people sound to each other.  Might have been cool to let people pick a family name, but then they might run into the same issue with people picking ridiculous stuff just so they could get past the name form.

     

     

       The only important mitigating factor in security is time.  If you freely give out logins you are reducing the time it takes to hack.  I had a talk with my neighbor the other day because his WiFi was set to wep.  I brought him to my house and showed him how easy it is to hack, 3 minutes to break from start to finish and that is only because I am a bit slow and linux is still a bit foreign to me.  I spoofed the mac address of his xbox , which is giving me basically a login ID equivalent.  Now yes wep is weak encryption but like I said originally the only real mitigation to hacking is time.  Anything can be hacked given enough time.  So for security you attempt to put as much time between the hacker and his goal as possible hoping they will go for an easier Target (pun intended).

    Poor WEP :/

     

    RIP

    Want a nice understanding of life? Try Spirit Science: "The Human History"
    http://www.youtube.com/watch?v=U8NNHmV3QPw&feature=plcp
    Recognize the voice? Yep sounds like Penny Arcade's Extra Credits.

  • Dr_ShivinskiDr_Shivinski Seattle, WAPosts: 259Member Uncommon
    It blows my mind that ZoS thinks this ok, or really that anyone could think this is ok.

    image

  • psiicpsiic Tampa, FLPosts: 943Member Uncommon
    Originally posted by Lord.Bachus
    Originally posted by lizardbones

    Usernames are a security non-issue because it's not the 80s.  Unless people pick a really stupid password, in which case it's their own fault for picking a password that could be cracked in a hundredth of a second by a machine on the first try.

     

    That is, so long as there are additional systems in place, like lockouts, increasing timeouts on failed attempts, IP checks, etc.  If it's just a username/password thing, and the passwords chosen are poor, this could lead to some 80s kind of scenarios.

     

    It does lead to some poor choices in how people sound to each other.  Might have been cool to let people pick a family name, but then they might run into the same issue with people picking ridiculous stuff just so they could get past the name form.

     

    You are misinformed...

     

    your username is a very important part of your securrity... As the OP said, its about 50% of your protection, because if they dont know your username, they are not even going to try and hack your account...   Thats why systems that use email adresses as account names are bad..

     

    and this system is even worse...

    Non stop emails everyday saying someone has tried to login my account from a different IP address. NEVER had this issue with any other game ever because nobody ever knew my user name, now people spend all day trying to crack my password. 

    No matter how complex I make my password it is just a matter of time before they manage to brute force my password thanks to this retarded user name issue.

  • jircrisjircris bakersfield, CAPosts: 410Member Uncommon
    and YET another post about this, Even IF they managed to get your username and password some how. they would need acess to your e-mail to allow them to log in from a different IP. so unless you are dumb enough to buy from a gold sight with key loggers then you will be fine. Hell runescape uses your log in name as your character name, and as crappy as that game is no one has hacked me. Best thing to do is play it smart and don't go giving info to people or websights.

    free 7 day sub and unlocks for swtor new accounts and 90+ day inactive subs click here to get it!

    Click here for trove referral, bonuses to both!

  • AcidonAcidon Salem, ORPosts: 797Member

    This isn't ESO specific obviously, look at all the other games that do this very thing (or the equivalent).

     

    • Use Complex Passwords - Google it if you don't know how.
    • Use a *Different* password for everything - This is so important.
    • Use an Offline, Safe piece of Software to help REMEMBER all of your Logins / Passwords (Link to such a program in my Sig)
     
     

    Playing: H1Z1, The Crew, Defiance, APB:Reloaded
    Mourning: World of Darkness, Vanguard, City of Heroes


    image


    My Humble MMO Blog:
    http://mmogasm.blogspot.com


    Free, Clean & Safe Quality of Life Software:
    http://www.acidonsolutions.com

  • Solar_ProphetSolar_Prophet Columbus, OHPosts: 878Member Uncommon
    Originally posted by jircris
    and YET another post about this, Even IF they managed to get your username and password some how. they would need acess to your e-mail to allow them to log in from a different IP. so unless you are dumb enough to buy from a gold sight with key loggers then you will be fine. Hell runescape uses your log in name as your character name, and as crappy as that game is no one has hacked me. Best thing to do is play it smart and don't go giving info to people or websights.

    Yes, because I'm sure it'd be really easy for someone who could obtain your password to spoof your IP or obtain your email address, right?

    The gentleman who posted about time is right. That's all any security measure will buy you from someone who is determined and / or experienced enough. Make your car take too long to steal, your house too long to break into, your account too troublesome to hack. Any sort of theft non-professional theft is all about opportunity.

    Now, a professional who's targeting you? Kiss your car, personal belongings, or account(s) goodbye.

    AN' DERE AIN'T NO SUCH FING AS ENUFF DAKKA, YA GROT! Enuff'z more than ya got an' less than too much an' there ain't no such fing as too much dakka. Say dere is, and me Squiggoff'z eatin' tonight!

  • DihoruDihoru ConstantaPosts: 2,731Member
    Originally posted by Acidon

    This isn't ESO specific obviously, look at all the other games that do this very thing (or the equivalent).

     

    • Use Complex Passwords - Google it if you don't know how.
    • Use a *Different* password for everything - This is so important.
    • Use an Offline, Safe piece of Software to help REMEMBER all of your Logins / Passwords (Link to such a program in my Sig)
     
     

    Which does not make shitty practices less shitty.

    image
  • MerklynnMerklynn FLUSHING, NYPosts: 87Member Uncommon
    So far the only thing I received were a few in game mails trying to get me to buy gold. I reported both to support and received an email thanking me for keeping the community safe. I haven't gotten any emails about possible hackers but I see your concern. Perhaps we'll see an ESO phone app or a security keycode device being sold on their website in the near future.
  • VannorVannor YorkshirePosts: 2,970Member Uncommon
    Yep, since character names are unique there is no need to provide our usernames. GW2 has the same problem (might have been changed, haven't played in awhile). There's no argument about it and I don't care if some people aren't bothered.. some are bothered and it serves no purpose. So, better to remove it.. then everyone is happy.
  • SirBalinSirBalin Joppa, MDPosts: 1,150Member Uncommon
    The reason the op is posting about this is because it's a major flaw.  This really does need to be fixed..I love the game...becoming quite the fanboy...but this needs to be fixed.

    Incognito
    www.incognito-gaming.us
    "You're either with us or against us"

  • Emmer4Emmer4 HerefordPosts: 29Member

    I can't believe this has not been addressed yet.

     

    Despite the claims of a few short sighted posters on this forum, the account name thing IS a huge security issue. As others have said, instead of providing protection for your account, all ZOS have provided is extra time before you do get hacked.

     

    This is one of the reasons I am refusing to pick up this game, as much as I want to give it a try....

     

    ZOS if you are reading any of this, chalk up one additional customer that will never buy your game unless you sort this issue among others!!

     

    My concern is how deep does this system go in terms of the code base, could they change the account name system now the game has launched? Or would this be a huge undertaking in terms of development?

  • ScotScot UKPosts: 5,762Member Uncommon

    Welcome to SMMMO's, Social Media MMO's, where the design principles of Social Media are more important than the principles of game design. GW2, FF, they are all doing it now, get used to the future.

    It is crap but its new in MMOland and they are all doing it, so it must be wonderful. :)

  • TheLizardbonesTheLizardbones Arkham, VAPosts: 10,910Member
    Originally posted by Lord.Bachus
    Originally posted by lizardbones

    Usernames are a security non-issue because it's not the 80s.  Unless people pick a really stupid password, in which case it's their own fault for picking a password that could be cracked in a hundredth of a second by a machine on the first try.

     

    That is, so long as there are additional systems in place, like lockouts, increasing timeouts on failed attempts, IP checks, etc.  If it's just a username/password thing, and the passwords chosen are poor, this could lead to some 80s kind of scenarios.

     

    It does lead to some poor choices in how people sound to each other.  Might have been cool to let people pick a family name, but then they might run into the same issue with people picking ridiculous stuff just so they could get past the name form.

     

    You are misinformed...

     

    your username is a very important part of your securrity... As the OP said, its about 50% of your protection, because if they dont know your username, they are not even going to try and hack your account...   Thats why systems that use email adresses as account names are bad..

     

    and this system is even worse...

     

    "They" aren't going to try and hack your password because "they" don't know or care who you are.  "They" are going to send "you" a phishing email, or "they" are going to wait for "you" to visit a website where "you" have allowed javascript and load a keylogger on "your" machine.  "They", if "they" were determined to target you wouldn't bother with guessing your password at all.  "They" would tap into the traffic coming to and from your house, taking less time to break the encryption on your data stream than it takes to guess a password and just knowing all the information "they" needed to know.  It would bypass all the account lockouts and the IP address scans too.

     

    Hiding a username is a false sense of security, because that isn't a useful attack vector.  Guessing a password is a waste of time.  Hence all the other, far more useful methods utilized to hack accounts.

     

    Again, that assumes there are other protections in place.  If there's nothing else in place then yes, this is a bad system, but it's a bad system because there are no other systems in place, not because the username is known.

     

    I can not remember winning or losing a single debate on the internet.

  • fs23otmfs23otm Winter Haven, FLPosts: 293Member Uncommon

    Brute Force hacking rarely happens, unless your password is so simple that a monkey could type it. 

    Social Engineering will always be the top dog in account compromises. 

    While I don't like the account thing for other reasons.. I do understand people concerns, especially if you used the same name repeatedly as your account name on other things.

  • TheLizardbonesTheLizardbones Arkham, VAPosts: 10,910Member
    Originally posted by psiic
    Originally posted by Lord.Bachus
    Originally posted by lizardbones

    Usernames are a security non-issue because it's not the 80s.  Unless people pick a really stupid password, in which case it's their own fault for picking a password that could be cracked in a hundredth of a second by a machine on the first try.

     

    That is, so long as there are additional systems in place, like lockouts, increasing timeouts on failed attempts, IP checks, etc.  If it's just a username/password thing, and the passwords chosen are poor, this could lead to some 80s kind of scenarios.

     

    It does lead to some poor choices in how people sound to each other.  Might have been cool to let people pick a family name, but then they might run into the same issue with people picking ridiculous stuff just so they could get past the name form.

     

    You are misinformed...

     

    your username is a very important part of your securrity... As the OP said, its about 50% of your protection, because if they dont know your username, they are not even going to try and hack your account...   Thats why systems that use email adresses as account names are bad..

     

    and this system is even worse...

    Non stop emails everyday saying someone has tried to login my account from a different IP address. NEVER had this issue with any other game ever because nobody ever knew my user name, now people spend all day trying to crack my password. 

    No matter how complex I make my password it is just a matter of time before they manage to brute force my password thanks to this retarded user name issue.

     

    Now that is annoying.  Depending on your password though, you probably have until well after you are done playing the game before a human guesses your password.  If they have IP lockouts, any bots trying to guess your password will be locked out for a near infinite amount of time too.

     

    Man, that sounds really annoying though.  Your, sir or ma'am, have a legitimate complaint.

     

    I can not remember winning or losing a single debate on the internet.

  • duiLucidduiLucid marietta, GAPosts: 46Member

    Your username on this website is adam_nox... lulz am r gunna hax0r u now!

     

  • koira1koira1 Posts: 229Member Uncommon
    Originally posted by Manasong
    Is the ESO account handle any different than GW2 account handle security wise? In GW2 you can easily see acount names of anyone you put on your friends list, group party (I think) and guild, just by hovering their names.

    Yes, you can easily see people account name, but that wont help you hack em. even if you know their password, the log in locks you out even if you use correct information if you log in from different IP address, it locks me out quite often since i play from 2 different places and my other IP address chances each time i connect (stupid ISP) and then i need to go to my email account to get the unlock code so i can play again..

    EDIT: its like this in GW2, not sure for ESO

  • jdlamson75jdlamson75 Jacksonville, FLPosts: 984Member Uncommon
    Originally posted by jircris
     they would need acess to your e-mail to allow them to log in from a different IP.

    This.  Somehow, while playing from the same pc at the same desk in the same house since the game started, I got a login error telling me that I was attempting to log in from a new IP.  I had to use the new code sent via email in order to log in.  Great security system, if a little wonky.

  • KuinnKuinn MestaPosts: 2,093Member
    Originally posted by duiLucid

    Your username on this website is adam_nox... lulz am r gunna hax0r u now!

     

    Not likely, gold spammers are mostly interested in MMO user names so they can sell your stuff, steal your cheese, and then sell the gold for real cash, forums account is completely pointless to hack in that scenario.

  • kruluxkrulux Atlanta - South, GAPosts: 229Member

    While I agree that posting the account name in chat is not ideal... at least they do filter connections based on the computer and IP you use. 

    So even if someone figured your password out - they would also need to know your email password to access the account from a new connection.  (Please don't have your password for your email the same as your game account - or any other password/account for that matter...)

    Personally - I like the keypass secure dongle... was hoping ESO would offer it.  I have one for most major MMO's that offered the choice.  (Or even a secure pin access like Rift uses for your smart phone)

«13
Sign In or Register to comment.