Usernames are a security non-issue because it's not the 80s. Unless people pick a really stupid password, in which case it's their own fault for picking a password that could be cracked in a hundredth of a second by a machine on the first try.
That is, so long as there are additional systems in place, like lockouts, increasing timeouts on failed attempts, IP checks, etc. If it's just a username/password thing, and the passwords chosen are poor, this could lead to some 80s kind of scenarios.
It does lead to some poor choices in how people sound to each other. Might have been cool to let people pick a family name, but then they might run into the same issue with people picking ridiculous stuff just so they could get past the name form.
You are misinformed...
your username is a very important part of your securrity... As the OP said, its about 50% of your protection, because if they dont know your username, they are not even going to try and hack your account... Thats why systems that use email adresses as account names are bad..
and this system is even worse...
"They" aren't going to try and hack your password because "they" don't know or care who you are. "They" are going to send "you" a phishing email, or "they" are going to wait for "you" to visit a website where "you" have allowed javascript and load a keylogger on "your" machine. "They", if "they" were determined to target you wouldn't bother with guessing your password at all. "They" would tap into the traffic coming to and from your house, taking less time to break the encryption on your data stream than it takes to guess a password and just knowing all the information "they" needed to know. It would bypass all the account lockouts and the IP address scans too.
Hiding a username is a false sense of security, because that isn't a useful attack vector. Guessing a password is a waste of time. Hence all the other, far more useful methods utilized to hack accounts.
Again, that assumes there are other protections in place. If there's nothing else in place then yes, this is a bad system, but it's a bad system because there are no other systems in place, not because the username is known.
You guys assume to much. If you have the same account ESO name as lets say an Xbox live, when in a multiplayer Xbox game of basically any type it would take me about 1 minute to get your IP addy. Check youtube for Cain & Abel. Taking any single security measure for granted is a mistake. There are also several ways to get peoples IP address from facebook. So if you /like eso on facebook, its not to hard to target you.
Simple rules that increase security: use random phrases as passwords, never use email account names as logins, never advertise your log in. Also, hackers do not guess passwords. Hackers use tools and let their hardware guess passwords. If you think a bitcoin miner doesnt have the raw power to brute force passwords or run dictionary attacks then you have no knowledge of security.
Actually, I need to change my account name because i didn't realize it would be shared with the entire megaserver. (contains more information about myself that I'm willing to share)
Problem is, you have to talk to their support to do this, and so far I've been waiting two days for a call back.
They won't give out the phone number and let you hold, which I'd be more than willing to do. (unlimited free talk time on both my house and cell phone).
in the US, 855.296.3170.
24/7
Simple Google search, I have called and used that number. It's real, and works.
Originally posted by g0m0rrah
Originally posted by lizardbones
Originally posted by Lord.Bachus
Originally posted by lizardbones
Usernames are a security non-issue because it's not the 80s. Unless people pick a really stupid password, in which case it's their own fault for picking a password that could be cracked in a hundredth of a second by a machine on the first try.
That is, so long as there are additional systems in place, like lockouts, increasing timeouts on failed attempts, IP checks, etc. If it's just a username/password thing, and the passwords chosen are poor, this could lead to some 80s kind of scenarios.
It does lead to some poor choices in how people sound to each other. Might have been cool to let people pick a family name, but then they might run into the same issue with people picking ridiculous stuff just so they could get past the name form.
You are misinformed...
your username is a very important part of your securrity... As the OP said, its about 50% of your protection, because if they dont know your username, they are not even going to try and hack your account... Thats why systems that use email adresses as account names are bad..
and this system is even worse...
"They" aren't going to try and hack your password because "they" don't know or care who you are. "They" are going to send "you" a phishing email, or "they" are going to wait for "you" to visit a website where "you" have allowed javascript and load a keylogger on "your" machine. "They", if "they" were determined to target you wouldn't bother with guessing your password at all. "They" would tap into the traffic coming to and from your house, taking less time to break the encryption on your data stream than it takes to guess a password and just knowing all the information "they" needed to know. It would bypass all the account lockouts and the IP address scans too.
Hiding a username is a false sense of security, because that isn't a useful attack vector. Guessing a password is a waste of time. Hence all the other, far more useful methods utilized to hack accounts.
Again, that assumes there are other protections in place. If there's nothing else in place then yes, this is a bad system, but it's a bad system because there are no other systems in place, not because the username is known.
You guys assume to much. If you have the same account ESO name as lets say an Xbox live, when in a multiplayer Xbox game of basically any type it would take me about 1 minute to get your IP addy. Check youtube for Cain & Abel. Taking any single security measure for granted is a mistake. There are also several ways to get peoples IP address from facebook. So if you /like eso on facebook, its not to hard to target you.
Simple rules that increase security: use random phrases as passwords, never use email account names as logins, never advertise your log in. Also, hackers do not guess passwords. Hackers use tools and let their hardware guess passwords. If you think a bitcoin miner doesnt have the raw power to brute force passwords or run dictionary attacks then you have no knowledge of security.
Having someones IP won't help you one bit. Please learn about security and it's effects before talking you you think you do. You cannot spoof an IP except via proxy and that is out of the league of the average person that would be trying to hack ESO.
You are talking way over you head on all the things you are saying, please stop. Usernames being exposed are not passwords and will not help anyone that wants in your account, get in your account as long as you have a nice, secure password and as long as services offer two factor, or email authentication.
Owner/Admin of GodlessGamer.com - Gaming news and reviews for the godless.
Actually, I need to change my account name because i didn't realize it would be shared with the entire megaserver. (contains more information about myself that I'm willing to share)
Problem is, you have to talk to their support to do this, and so far I've been waiting two days for a call back.
They won't give out the phone number and let you hold, which I'd be more than willing to do. (unlimited free talk time on both my house and cell phone).
Try getting back in touch with ZOS. I had an issue I called them about and they got back to me in 3 hours and gave me a number to call back if I had further questions. Maybe you just got a CSR on a bad day.
Currently Playing: ESO and FFXIV Have played: You name it If you mention rose tinted glasses, you better be referring to Mitch Hedberg.
I'm just glad that somebody can't log in on their account, join up with as many guilds as possible to gather a list of as many logins as possible then log in via proxy ip to get an official verification email to use as a template for spamming accounts with phishing "you've been hacked! Please sign in here" emails. Maybe everybody should buy authenticators just for fun.
All of my posts are either intelligent, thought provoking, funny, satirical, sarcastic or intentionally disrespectful. Take your pick.
I get banned in the forums for games I love, so lets see if I do better in the forums for games I hate.
I enjoy the serenity of not caring what your opinion is.
Use a *Different* password for everything - This is so important.
This and it does not even have to be completly different could be like genericpassword_forWoW and genericpassword_forESO. Clearly a human eye could figure it out, but when your password gets stolen they can not automaticly use it on other websites and I assume they often check this using a bot and not by hand.
Also do not save you password in your mail, phone of tablet. Unless you have it locked in a encription program, but even then I would not recommend it.
Having someones IP won't help you one bit. Please learn about security and it's effects before talking you you think you do. You cannot spoof an IP except via proxy and that is out of the league of the average person that would be trying to hack ESO.
You are talking way over you head on all the things you are saying, please stop. Usernames being exposed are not passwords and will not help anyone that wants in your account, get in your account as long as you have a nice, secure password and as long as services offer two factor, or email authentication.
Its not the average person that is hacking accounts. The average person doesnt know how to phish. The average person doesnt know how to send you a link to a hidden install keylogger. Average people arent hacking. Not that its hard to set up or use a proxy. Not that its hard to use TOR.
I am talking well within my realm of knowledge. Logins being exposed is always a mistake and it is beneficial to a hacker. Also not all services offer multi-factor authentication. The entire point was that if the server isnt using tls spoofing an ip can bypass email authentication. Some ISP's do not share specific IPs and they only share an area specific IP which makes it even easier to spoof. Its not hard to set up a proxy in a specific city in this case.
Having someones IP won't help you one bit. Please learn about security and it's effects before talking you you think you do. You cannot spoof an IP except via proxy and that is out of the league of the average person that would be trying to hack ESO.
You are talking way over you head on all the things you are saying, please stop. Usernames being exposed are not passwords and will not help anyone that wants in your account, get in your account as long as you have a nice, secure password and as long as services offer two factor, or email authentication.
Its not the average person that is hacking accounts. The average person doesnt know how to phish. The average person doesnt know how to send you a link to a hidden install keylogger. Average people arent hacking. Not that its hard to set up or use a proxy. Not that its hard to use TOR.
I am talking well within my realm of knowledge. Logins being exposed is always a mistake and it is beneficial to a hacker. Also not all services offer multi-factor authentication. The entire point was that if the server isnt using tls spoofing an ip can bypass email authentication. Some ISP's do not share specific IPs and they only share an area specific IP which makes it even easier to spoof. Its not hard to set up a proxy in a specific city in this case.
Might want to brush up on your reading comprehension, when he said 'average person' he was talking about average hackers who do stupid simple shit like fuck with their schools library computers or their professors personal computers to get access to their gradebook or some shit.
Doing simple shit like that and hacking a major companies servers like ZOS even if they're new, are worlds apart.
Having someones IP won't help you one bit. Please learn about security and it's effects before talking you you think you do. You cannot spoof an IP except via proxy and that is out of the league of the average person that would be trying to hack ESO.
You are talking way over you head on all the things you are saying, please stop. Usernames being exposed are not passwords and will not help anyone that wants in your account, get in your account as long as you have a nice, secure password and as long as services offer two factor, or email authentication.
Its not the average person that is hacking accounts. The average person doesnt know how to phish. The average person doesnt know how to send you a link to a hidden install keylogger. Average people arent hacking. Not that its hard to set up or use a proxy. Not that its hard to use TOR.
I am talking well within my realm of knowledge. Logins being exposed is always a mistake and it is beneficial to a hacker. Also not all services offer multi-factor authentication. The entire point was that if the server isnt using tls spoofing an ip can bypass email authentication. Some ISP's do not share specific IPs and they only share an area specific IP which makes it even easier to spoof. Its not hard to set up a proxy in a specific city in this case.
It's either an average player or someone who earns a living doing this stuff. The average player lacks the skills to make effective use of a username. Someone earning money doing this stuff isn't going to bother with a single individual.
Finding the username of an individual and then following that individual is the least likely effective attack vector. Why would someone wishing to make money expend all that effort when they can just open a leveling service? The answer is, they won't. On the off chance the professional money maker and the average player are the same person, hiding the username would be useless.
Hiding a username gives a false sense of security. Having the username known gives a false sense of exposure.
The legitimate complaint is that it would be fantastically annoying to have dozens of humans trying to login to your account and receiving all those emails. As another user stated, not knowing the username is public before you pick one can lead to exposing more information about yourself than you'd like. This happened to a friend of mine with their Minecraft account. It makes a person think twice before logging into a public server if they did not intend to expose that information. Zenimax should have thought of their system a little more and should have separated the usernames and public account names, but not for the horror story reasons people want to get upset about.
I can not remember winning or losing a single debate on the internet.
Having someones IP won't help you one bit. Please learn about security and it's effects before talking you you think you do. You cannot spoof an IP except via proxy and that is out of the league of the average person that would be trying to hack ESO.
You are talking way over you head on all the things you are saying, please stop. Usernames being exposed are not passwords and will not help anyone that wants in your account, get in your account as long as you have a nice, secure password and as long as services offer two factor, or email authentication.
Its not the average person that is hacking accounts. The average person doesnt know how to phish. The average person doesnt know how to send you a link to a hidden install keylogger. Average people arent hacking. Not that its hard to set up or use a proxy. Not that its hard to use TOR.
I am talking well within my realm of knowledge. Logins being exposed is always a mistake and it is beneficial to a hacker. Also not all services offer multi-factor authentication. The entire point was that if the server isnt using tls spoofing an ip can bypass email authentication. Some ISP's do not share specific IPs and they only share an area specific IP which makes it even easier to spoof. Its not hard to set up a proxy in a specific city in this case.
Might want to brush up on your reading comprehension, when he said 'average person' he was talking about average hackers who do stupid simple shit like fuck with their schools library computers or their professors personal computers to get access to their gradebook or some shit.
Doing simple shit like that and hacking a major companies servers like ZOS even if they're new, are worlds apart.
The point is we are not talking about average people. We are talking about hackers not script kiddies. We are talking about the people who hacked Target and cost them $.
how many accounts get hacked by brute force these days? why would a hacker bother trying to brute force your account when they can just get all your info via keylogger?
oh and if you are dumb enough to have the same password for ESO and your e mail that is tied to it, you deserve to be hacked so you can learn your lesson.
Having someones IP won't help you one bit. Please learn about security and it's effects before talking you you think you do. You cannot spoof an IP except via proxy and that is out of the league of the average person that would be trying to hack ESO.
You are talking way over you head on all the things you are saying, please stop. Usernames being exposed are not passwords and will not help anyone that wants in your account, get in your account as long as you have a nice, secure password and as long as services offer two factor, or email authentication.
Its not the average person that is hacking accounts. The average person doesnt know how to phish. The average person doesnt know how to send you a link to a hidden install keylogger. Average people arent hacking. Not that its hard to set up or use a proxy. Not that its hard to use TOR.
I am talking well within my realm of knowledge. Logins being exposed is always a mistake and it is beneficial to a hacker. Also not all services offer multi-factor authentication. The entire point was that if the server isnt using tls spoofing an ip can bypass email authentication. Some ISP's do not share specific IPs and they only share an area specific IP which makes it even easier to spoof. Its not hard to set up a proxy in a specific city in this case.
Might want to brush up on your reading comprehension, when he said 'average person' he was talking about average hackers who do stupid simple shit like fuck with their schools library computers or their professors personal computers to get access to their gradebook or some shit.
Doing simple shit like that and hacking a major companies servers like ZOS even if they're new, are worlds apart.
The point is we are not talking about average people. We are talking about hackers not script kiddies. We are talking about the people who hacked Target and cost them $.
No we are talking about the average "hacker". You are still speaking about matters you have little or no understanding of and are being extremely paranoid and delusional. The people that hit Target are not going to single out players in an MMO, those guys are professionals, not small time do nothings. They are not, and will never be interested in stupid virtual accounts, especially those with dual layer protection such as needing not just your username, and password but your email, and its password. I am sure they would be, if not already are looking into two factor authentication as well.
I mean no offense I just want people to understand something here, MMO accounts are not as prone to getting hit like larger corporate offerings and banks. Yes it does happen but usually to people who have a keylogger, use simple/stupid passwords, or share accounts or in some way cause it themselves. It's not worth the trouble otherwise and as most people use the same email/username to 99% of the stuff they sign up for it's not like things are hidden anyhow.
Owner/Admin of GodlessGamer.com - Gaming news and reviews for the godless.
Actually, I need to change my account name because i didn't realize it would be shared with the entire megaserver. (contains more information about myself that I'm willing to share)
Problem is, you have to talk to their support to do this, and so far I've been waiting two days for a call back.
They won't give out the phone number and let you hold, which I'd be more than willing to do. (unlimited free talk time on both my house and cell phone).
Try getting back in touch with ZOS. I had an issue I called them about and they got back to me in 3 hours and gave me a number to call back if I had further questions. Maybe you just got a CSR on a bad day.
Well that's the issue, I don't know what the phone number is. The web site doesn't provide it, saying the wait time is more than an hour and I am asked to complete a form and wait for a call back. I did that 2 nights ago, still no word yet.
If anyone knows the US support number and can pass it along I'd appreciate it.
Just trying to live long enough to play a new, released MMORPG, playing New Worlds atm
Fools find no pleasure in understanding but delight in airing their own opinions. Pvbs 18:2, NIV
Don't just play games, inhabit virtual worlds™
"This is the most intelligent, well qualified and articulate response to a post I have ever seen on these forums. It's a shame most people here won't have the attention span to read past the second line." - Anon
Actually, I need to change my account name because i didn't realize it would be shared with the entire megaserver. (contains more information about myself that I'm willing to share)
Problem is, you have to talk to their support to do this, and so far I've been waiting two days for a call back.
They won't give out the phone number and let you hold, which I'd be more than willing to do. (unlimited free talk time on both my house and cell phone).
Try getting back in touch with ZOS. I had an issue I called them about and they got back to me in 3 hours and gave me a number to call back if I had further questions. Maybe you just got a CSR on a bad day.
Well that's the issue, I don't know what the phone number is. The web site doesn't provide it, saying the wait time is more than an hour and I am asked to complete a form and wait for a call back. I did that 2 nights ago, still no word yet.
If anyone knows the US support number and can pass it along I'd appreciate it.
I already mentioned in reply to you the phone number on the last page or so. 855-296-3170 hope this helps.
Owner/Admin of GodlessGamer.com - Gaming news and reviews for the godless.
Yeah were all an expert on hacking? Go for it share. We hear spoofing IP to get that email code? Oooh lets toss in a proxy here and there and now your a A++ hacker. Grats...
No really just call them up tell them how easy it is give them all the info on what your going to do, the IP and what not. Show them how easy it is.
95% bluff, the clue is they puff them selfs up as yep an expert. What your talking about (hackers) not one of them is ever here reading and surfing the internet reading mmo sites.
Then end has to out weigh the risk and were talking MMO here. Since beta till now you've read how OMG easy this has been huh. Yeah nothing.. maybe a pin drop.
Threads that keep talking like this should be closed. This helps no one. If you wanted to help you would be talking to ESO not here.
The user and all related content has been deleted.
Somebody, somewhere has better skills as you have, more experience as you have, is smarter than you, has more friends as you do and can stay online longer. Just pray he's not out to get you.
Comments
You guys assume to much. If you have the same account ESO name as lets say an Xbox live, when in a multiplayer Xbox game of basically any type it would take me about 1 minute to get your IP addy. Check youtube for Cain & Abel. Taking any single security measure for granted is a mistake. There are also several ways to get peoples IP address from facebook. So if you /like eso on facebook, its not to hard to target you.
Simple rules that increase security: use random phrases as passwords, never use email account names as logins, never advertise your log in. Also, hackers do not guess passwords. Hackers use tools and let their hardware guess passwords. If you think a bitcoin miner doesnt have the raw power to brute force passwords or run dictionary attacks then you have no knowledge of security.
in the US, 855.296.3170.
24/7
Simple Google search, I have called and used that number. It's real, and works.
Having someones IP won't help you one bit. Please learn about security and it's effects before talking you you think you do. You cannot spoof an IP except via proxy and that is out of the league of the average person that would be trying to hack ESO.
You are talking way over you head on all the things you are saying, please stop. Usernames being exposed are not passwords and will not help anyone that wants in your account, get in your account as long as you have a nice, secure password and as long as services offer two factor, or email authentication.
Owner/Admin of GodlessGamer.com - Gaming news and reviews for the godless.
Try getting back in touch with ZOS. I had an issue I called them about and they got back to me in 3 hours and gave me a number to call back if I had further questions. Maybe you just got a CSR on a bad day.
Currently Playing: ESO and FFXIV
Have played: You name it
If you mention rose tinted glasses, you better be referring to Mitch Hedberg.
All of my posts are either intelligent, thought provoking, funny, satirical, sarcastic or intentionally disrespectful. Take your pick.
I get banned in the forums for games I love, so lets see if I do better in the forums for games I hate.
I enjoy the serenity of not caring what your opinion is.
I don't hate much, but I hate Apple© with a passion. If Steve Jobs was alive, I would punch him in the face.
This and it does not even have to be completly different could be like genericpassword_forWoW and genericpassword_forESO. Clearly a human eye could figure it out, but when your password gets stolen they can not automaticly use it on other websites and I assume they often check this using a bot and not by hand.
Also do not save you password in your mail, phone of tablet. Unless you have it locked in a encription program, but even then I would not recommend it.
Its not the average person that is hacking accounts. The average person doesnt know how to phish. The average person doesnt know how to send you a link to a hidden install keylogger. Average people arent hacking. Not that its hard to set up or use a proxy. Not that its hard to use TOR.
I am talking well within my realm of knowledge. Logins being exposed is always a mistake and it is beneficial to a hacker. Also not all services offer multi-factor authentication. The entire point was that if the server isnt using tls spoofing an ip can bypass email authentication. Some ISP's do not share specific IPs and they only share an area specific IP which makes it even easier to spoof. Its not hard to set up a proxy in a specific city in this case.
Might want to brush up on your reading comprehension, when he said 'average person' he was talking about average hackers who do stupid simple shit like fuck with their schools library computers or their professors personal computers to get access to their gradebook or some shit.
Doing simple shit like that and hacking a major companies servers like ZOS even if they're new, are worlds apart.
Be the Ultimate Ninja! Play Billy Vs. SNAKEMAN today!
It's either an average player or someone who earns a living doing this stuff. The average player lacks the skills to make effective use of a username. Someone earning money doing this stuff isn't going to bother with a single individual.
Finding the username of an individual and then following that individual is the least likely effective attack vector. Why would someone wishing to make money expend all that effort when they can just open a leveling service? The answer is, they won't. On the off chance the professional money maker and the average player are the same person, hiding the username would be useless.
Hiding a username gives a false sense of security. Having the username known gives a false sense of exposure.
The legitimate complaint is that it would be fantastically annoying to have dozens of humans trying to login to your account and receiving all those emails. As another user stated, not knowing the username is public before you pick one can lead to exposing more information about yourself than you'd like. This happened to a friend of mine with their Minecraft account. It makes a person think twice before logging into a public server if they did not intend to expose that information. Zenimax should have thought of their system a little more and should have separated the usernames and public account names, but not for the horror story reasons people want to get upset about.
I can not remember winning or losing a single debate on the internet.
The point is we are not talking about average people. We are talking about hackers not script kiddies. We are talking about the people who hacked Target and cost them $.
Its a dumb system regardless of how easy or hard it is to break.
"Knowing is Half the Battle"
how many accounts get hacked by brute force these days? why would a hacker bother trying to brute force your account when they can just get all your info via keylogger?
oh and if you are dumb enough to have the same password for ESO and your e mail that is tied to it, you deserve to be hacked so you can learn your lesson.
No we are talking about the average "hacker". You are still speaking about matters you have little or no understanding of and are being extremely paranoid and delusional. The people that hit Target are not going to single out players in an MMO, those guys are professionals, not small time do nothings. They are not, and will never be interested in stupid virtual accounts, especially those with dual layer protection such as needing not just your username, and password but your email, and its password. I am sure they would be, if not already are looking into two factor authentication as well.
I mean no offense I just want people to understand something here, MMO accounts are not as prone to getting hit like larger corporate offerings and banks. Yes it does happen but usually to people who have a keylogger, use simple/stupid passwords, or share accounts or in some way cause it themselves. It's not worth the trouble otherwise and as most people use the same email/username to 99% of the stuff they sign up for it's not like things are hidden anyhow.
Owner/Admin of GodlessGamer.com - Gaming news and reviews for the godless.
Well that's the issue, I don't know what the phone number is. The web site doesn't provide it, saying the wait time is more than an hour and I am asked to complete a form and wait for a call back. I did that 2 nights ago, still no word yet.
If anyone knows the US support number and can pass it along I'd appreciate it.
"True friends stab you in the front." | Oscar Wilde
"I need to finish" - Christian Wolff: The Accountant
Just trying to live long enough to play a new, released MMORPG, playing New Worlds atm
Fools find no pleasure in understanding but delight in airing their own opinions. Pvbs 18:2, NIV
Don't just play games, inhabit virtual worlds™
"This is the most intelligent, well qualified and articulate response to a post I have ever seen on these forums. It's a shame most people here won't have the attention span to read past the second line." - Anon
I already mentioned in reply to you the phone number on the last page or so. 855-296-3170 hope this helps.
Owner/Admin of GodlessGamer.com - Gaming news and reviews for the godless.
Yeah were all an expert on hacking? Go for it share. We hear spoofing IP to get that email code? Oooh lets toss in a proxy here and there and now your a A++ hacker. Grats...
No really just call them up tell them how easy it is give them all the info on what your going to do, the IP and what not. Show them how easy it is.
95% bluff, the clue is they puff them selfs up as yep an expert. What your talking about (hackers) not one of them is ever here reading and surfing the internet reading mmo sites.
Then end has to out weigh the risk and were talking MMO here. Since beta till now you've read how OMG easy this has been huh. Yeah nothing.. maybe a pin drop.
Threads that keep talking like this should be closed. This helps no one. If you wanted to help you would be talking to ESO not here.
Somebody, somewhere has better skills as you have, more experience as you have, is smarter than you, has more friends as you do and can stay online longer. Just pray he's not out to get you.