Jump to content


I love stupid security.


  • Please log in to reply
7 replies to this topic

#1 Frigidman™

Frigidman™

    Eye Sea Yew

  • Admin
  • 4265 posts
  • Steam ID:frigidman
  • Location:East mahn, East!
  • Pro Member:Yes

Posted 05 March 2013 - 04:36 PM

http://www.swtor.com...rticle/20130305

I had to double-take when I read this.

Really?

SO HAY GUIZ, how bout I make all your logins require your display name??? SOUND GOOD??? EA is doin it, must be right, huh? LMAO.

-Fm [1oM7]
"I'm not incorruptible, I am so corrupt nothing you can offer me is tempting." - Alfred Bester


#2 the Battle Cat

the Battle Cat

    Carnage Served Raw

  • Admin
  • 17377 posts
  • Location:Citadel City, Lh'owon
  • Pro Member:Yes

Posted 05 March 2013 - 07:11 PM

I don't see the advantage of a display name over an email address.  Have people been spoofing other's email accounts?
Gary Simmons
the Battle Cat

#3 Frigidman™

Frigidman™

    Eye Sea Yew

  • Admin
  • 4265 posts
  • Steam ID:frigidman
  • Location:East mahn, East!
  • Pro Member:Yes

Posted 05 March 2013 - 07:49 PM

View Postthe Battle Cat, on 05 March 2013 - 07:11 PM, said:

I don't see the advantage of a display name over an email address.  Have people been spoofing other's email accounts?

Nope. But people sure will be taking display names and trying to hack accounts a lot more now lol.

-Fm [1oM7]
"I'm not incorruptible, I am so corrupt nothing you can offer me is tempting." - Alfred Bester


#4 Frost

Frost

    Secretary of Offense

  • Forum Moderators
  • PipPipPipPipPipPipPipPipPipPipPip
  • 6075 posts
  • Steam ID:CaptFrost
  • Location:Republic of Texas
  • Pro Member:Yes

Posted 05 March 2013 - 10:54 PM

Let's put the TSA on it. Before each login attempt, a really weird fat dude has to put his hands down your pants.

Hacking = stopped.
Kestrel (Falcon NW Tiki) – 4.0 GHz i7 4790K / 16GB RAM / 512GB Samsung 950 Pro M.2, 2x480GB Intel 730 (RAID0), 10TB STX BarraCuda Pro / GeForce GTX TITAN X 12GB
Iridium (MacBook Pro Mid-2012) – 2.7 GHz i7 3820QM / 16GB RAM / 2TB Samsung 850 Pro / GeForce GT 650M 1GB

Eric5h5:
When there's a multiplayer version, I'm going to be on Frost's team. Well, except he doesn't seem to actually need a team...I mean, what's the point? "Hey look, it's Frost and His Merry Gang of Useless Hangers-On!" Or something.

#5 Janichsan

Janichsan

    Jugger Bugger

  • Forum Moderators
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 8075 posts
  • Steam Name:Janichsan
  • Location:over there

Posted 06 March 2013 - 04:29 AM

View PostFrigidman, on 05 March 2013 - 04:36 PM, said:

EA is doin it, must be right, huh?
Since this is EA, they are of course convinced that this is right.

Anyhow, I really cannot see the logic. In how far is a screen name for log-in in any way safer?

"We do what we must, because we can."
"Gaming on a Mac is like women on the internet." — "Highly common and totally awesome?"


#6 doh123

doh123

    Wineskin

  • Developer
  • PipPipPip
  • 165 posts

Posted 06 March 2013 - 08:04 AM

I dunno... they don't list everything about security.

If you try brute force attack, the account gets locked out.

Most people get hacked by email... most peoples email accounts are very insecure and easy to hack, then request a password reset to the hacked email.

If they don't know your email address, they can't try to get your password reset.. they can just try brute force attacks, and get your account locked out.  That helps prevent more person specific directed attacks.  Maybe they already sent that all in the clear?  who knows...

If you really want security from them, they already offer a 2 factor ability if you opt in with a security key or phone app.

also, this is an increase in security simply because... logging in with the Display Name is not new.  Right now you can log in with that or email address... they are removing the email option.

#7 Frigidman™

Frigidman™

    Eye Sea Yew

  • Admin
  • 4265 posts
  • Steam ID:frigidman
  • Location:East mahn, East!
  • Pro Member:Yes

Posted 06 March 2013 - 11:32 AM

View Postdoh123, on 06 March 2013 - 08:04 AM, said:

If you try brute force attack, the account gets locked out.

This is the best part of it. Someone hates you on the forum for (omg) posting a different opinion... they will take the "Display Name" and throw a dozen false passwords at it, then YOU have to deal with the unlocking proceedure... every single time you try to visit ;)

Let the mayhem happen! :D

-Fm [1oM7]
"I'm not incorruptible, I am so corrupt nothing you can offer me is tempting." - Alfred Bester


#8 doh123

doh123

    Wineskin

  • Developer
  • PipPipPip
  • 165 posts

Posted 07 March 2013 - 11:02 AM

View PostFrigidman, on 06 March 2013 - 11:32 AM, said:

This is the best part of it. Someone hates you on the forum for (omg) posting a different opinion... they will take the "Display Name" and throw a dozen false passwords at it, then YOU have to deal with the unlocking proceedure... every single time you try to visit ;)

Let the mayhem happen! :D
Account locking shouldn't be permanent.  It should be a temp block... you know after 3 attempts only let them do 1 attempt per minute type of thing.... making a brute force attack too slow to do anything. (I have no idea if they are doing this on SWTOR.. they may not even do any blocking at all and let you try a billion passwords for all I know)

They are asking for problems... yes.. I believe account log in names should not be public... but several other MMOs do the same things.  Champions Online and Star Trek Online show everyone your user name everywhere, even in game... you switch characters and they still see your account name all the time, as well as on the forums.