Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Quick Links
@heypleasehackmyaccount What's the point of this?
adam_nox
Member UncommonPosts: 2,148
I mean, why does it let you name a character whatever you want, with spaces, etc, and keeps all names unique, and then tells everyone your account login name?
Part of security is keeping both login and password secret, or preventing a link between what people know about you, your character, hobbies, anything identifiable, and your account name. This is why email based logins are horrible.
Imagine my surprise at joining a guild (which you can join 5 lol), and all these people I don't know suddenly know each others logins.
Not only that, but your login often just lacks character. It doesn't represent you, and sometimes it's going to be stupid (mine is not), but you keep it around just because you are used to using it.
Annoyed... again.
Comments
Usernames are a security non-issue because it's not the 80s. Unless people pick a really stupid password, in which case it's their own fault for picking a password that could be cracked in a hundredth of a second by a machine on the first try.
That is, so long as there are additional systems in place, like lockouts, increasing timeouts on failed attempts, IP checks, etc. If it's just a username/password thing, and the passwords chosen are poor, this could lead to some 80s kind of scenarios.
It does lead to some poor choices in how people sound to each other. Might have been cool to let people pick a family name, but then they might run into the same issue with people picking ridiculous stuff just so they could get past the name form.
I can not remember winning or losing a single debate on the internet.
You are misinformed...
your username is a very important part of your securrity... As the OP said, its about 50% of your protection, because if they dont know your username, they are not even going to try and hack your account... Thats why systems that use email adresses as account names are bad..
and this system is even worse...
Best MMO experiences : EQ(PvE), DAoC(PvP), WoW(total package) LOTRO (worldfeel) GW2 (Artstyle and animations and worlddesign) SWTOR (Story immersion) TSW (story) ESO (character advancement)
Using emails as logins is standard because other MMO's do it .. Zzzzz...
Requiring a credit card up ftont on a free 30 day period is OK because other MMO's do it... Zzz....
Cash-shops in P2P games are OK because other MMO's do it.....
Pay-to-Skip is OK because other MMO's do it...
I guess SOE's pay to get better customer service might be cream of the crop. That is just win right there.
when does it end?
OK just generalizations .. I frowned when Blizzard went with emails instead of unique logon names. WHY??? But now logon names are public info in ESO .. that's a serious issue. A.REALLY.BIG.ISSUE.ZENIMAX. give half the password away too while your at it.
Want a nice understanding of life? Try Spirit Science: "The Human History"
http://www.youtube.com/watch?v=U8NNHmV3QPw&feature=plcp
Recognize the voice? Yep sounds like Penny Arcade's Extra Credits.
The only important mitigating factor in security is time. If you freely give out logins you are reducing the time it takes to hack. I had a talk with my neighbor the other day because his WiFi was set to wep. I brought him to my house and showed him how easy it is to hack, 3 minutes to break from start to finish and that is only because I am a bit slow and linux is still a bit foreign to me. I spoofed the mac address of his xbox , which is giving me basically a login ID equivalent. Now yes wep is weak encryption but like I said originally the only real mitigation to hacking is time. Anything can be hacked given enough time. So for security you attempt to put as much time between the hacker and his goal as possible hoping they will go for an easier Target (pun intended).
Poor WEP
RIP
Want a nice understanding of life? Try Spirit Science: "The Human History"
http://www.youtube.com/watch?v=U8NNHmV3QPw&feature=plcp
Recognize the voice? Yep sounds like Penny Arcade's Extra Credits.
Non stop emails everyday saying someone has tried to login my account from a different IP address. NEVER had this issue with any other game ever because nobody ever knew my user name, now people spend all day trying to crack my password.
No matter how complex I make my password it is just a matter of time before they manage to brute force my password thanks to this retarded user name issue.
free 7 day sub and unlocks for swtor new accounts and 90+ day inactive subs click here to get it!
Click here for trove referral, bonuses to both!
This isn't ESO specific obviously, look at all the other games that do this very thing (or the equivalent).
Yes, because I'm sure it'd be really easy for someone who could obtain your password to spoof your IP or obtain your email address, right?
The gentleman who posted about time is right. That's all any security measure will buy you from someone who is determined and / or experienced enough. Make your car take too long to steal, your house too long to break into, your account too troublesome to hack. Any sort of theft non-professional theft is all about opportunity.
Now, a professional who's targeting you? Kiss your car, personal belongings, or account(s) goodbye.
AN' DERE AIN'T NO SUCH FING AS ENUFF DAKKA, YA GROT! Enuff'z more than ya got an' less than too much an' there ain't no such fing as too much dakka. Say dere is, and me Squiggoff'z eatin' tonight!
We are born of the blood. Made men by the blood. Undone by the blood. Our eyes are yet to open. FEAR THE OLD BLOOD.
#IStandWithVic
Which does not make shitty practices less shitty.
Incognito
www.incognito-gaming.us
"You're either with us or against us"
I can't believe this has not been addressed yet.
Despite the claims of a few short sighted posters on this forum, the account name thing IS a huge security issue. As others have said, instead of providing protection for your account, all ZOS have provided is extra time before you do get hacked.
This is one of the reasons I am refusing to pick up this game, as much as I want to give it a try....
ZOS if you are reading any of this, chalk up one additional customer that will never buy your game unless you sort this issue among others!!
My concern is how deep does this system go in terms of the code base, could they change the account name system now the game has launched? Or would this be a huge undertaking in terms of development?
Welcome to SMMMO's, Social Media MMO's, where the design principles of Social Media are more important than the principles of game design. GW2, FF, they are all doing it now, get used to the future.
It is crap but its new in MMOland and they are all doing it, so it must be wonderful.
"They" aren't going to try and hack your password because "they" don't know or care who you are. "They" are going to send "you" a phishing email, or "they" are going to wait for "you" to visit a website where "you" have allowed javascript and load a keylogger on "your" machine. "They", if "they" were determined to target you wouldn't bother with guessing your password at all. "They" would tap into the traffic coming to and from your house, taking less time to break the encryption on your data stream than it takes to guess a password and just knowing all the information "they" needed to know. It would bypass all the account lockouts and the IP address scans too.
Hiding a username is a false sense of security, because that isn't a useful attack vector. Guessing a password is a waste of time. Hence all the other, far more useful methods utilized to hack accounts.
Again, that assumes there are other protections in place. If there's nothing else in place then yes, this is a bad system, but it's a bad system because there are no other systems in place, not because the username is known.
I can not remember winning or losing a single debate on the internet.
Brute Force hacking rarely happens, unless your password is so simple that a monkey could type it.
Social Engineering will always be the top dog in account compromises.
While I don't like the account thing for other reasons.. I do understand people concerns, especially if you used the same name repeatedly as your account name on other things.
Now that is annoying. Depending on your password though, you probably have until well after you are done playing the game before a human guesses your password. If they have IP lockouts, any bots trying to guess your password will be locked out for a near infinite amount of time too.
Man, that sounds really annoying though. Your, sir or ma'am, have a legitimate complaint.
I can not remember winning or losing a single debate on the internet.
Your username on this website is adam_nox... lulz am r gunna hax0r u now!
Yes, you can easily see people account name, but that wont help you hack em. even if you know their password, the log in locks you out even if you use correct information if you log in from different IP address, it locks me out quite often since i play from 2 different places and my other IP address chances each time i connect (stupid ISP) and then i need to go to my email account to get the unlock code so i can play again..
EDIT: its like this in GW2, not sure for ESO
This. Somehow, while playing from the same pc at the same desk in the same house since the game started, I got a login error telling me that I was attempting to log in from a new IP. I had to use the new code sent via email in order to log in. Great security system, if a little wonky.
Not likely, gold spammers are mostly interested in MMO user names so they can sell your stuff, steal your cheese, and then sell the gold for real cash, forums account is completely pointless to hack in that scenario.
While I agree that posting the account name in chat is not ideal... at least they do filter connections based on the computer and IP you use.
So even if someone figured your password out - they would also need to know your email password to access the account from a new connection. (Please don't have your password for your email the same as your game account - or any other password/account for that matter...)
Personally - I like the keypass secure dongle... was hoping ESO would offer it. I have one for most major MMO's that offered the choice. (Or even a secure pin access like Rift uses for your smart phone)
"Youre in our world now!"