I love this feature, but there is one glaring weakness. The unlock code gets emailed to you. To your Trion account registered email. The same email, as it happens, that is also your login username for the game. Why this is a glaring weakness should be pretty obvious. First, most people use the same password (or slight variations) for everything, because lets face it, it's just not always that easy to keep track of many different passwords. Second, even if a different password is used, the vast majority of passwords aren't that difficult to crack with a brute-force attack. I'm not aware of any security measures in place to prevent a brute-force attack from being successful.
Companies need to STOP using your account email address as the login username. It's a good idea to have the username be changeable, but having it be the actual email is terrible.
In my case I'm using an email address I created just for this account, but that doesn't help much if you get a keylogger on your system, or in any situation where a hacker gets your account login info.
if they try to move to botting its going to be HILLARIOUS, as i am on an open pvp server. the only thing more satisfying than killing another person's character is killing a gold seller.
I think most people are confused about what this featured is supposed to accomplish.
Coin lock is not supposed to protect your account from hacking. Not directly. Whatever reason led to people's getting their account hacked will still be valid after the coin lock is implemented.
The fundamental change is on the hackers front. If the hackers can't take advantage of the account by transfering assets and stripping it clean, what's the point in hacking it in the first place?
I love this feature, but there is one glaring weakness. The unlock code gets emailed to you. To your Trion account registered email. The same email, as it happens, that is also your login username for the game. Why this is a glaring weakness should be pretty obvious. First, most people use the same password (or slight variations) for everything, because lets face it, it's just not always that easy to keep track of many different passwords. Second, even if a different password is used, the vast majority of passwords aren't that difficult to crack with a brute-force attack. I'm not aware of any security measures in place to prevent a brute-force attack from being successful.
Companies need to STOP using your account email address as the login username. It's a good idea to have the username be changeable, but having it be the actual email is terrible.
In my case I'm using an email address I created just for this account, but that doesn't help much if you get a keylogger on your system, or in any situation where a hacker gets your account login info.
Actually, it is not a weakness. The hacker may have your email, but he cant receive your email, unless he has your email password. If he has that, you are screwed.
Not that I play Rift (yet), but perhaps they should have something set up that would allow people who frequently travel and wish to game a chance to be able to play normally as well? Perhaps they could do what some banks prefer which is to be notified when the account owner goes away?
Khm ... and how many are like this? 0,001% of playerbase that would have this need?
Comments
Nice feature
Currently Playing:
Rift + Starcraft II + Gears Of War 3 Beta
I love this feature, but there is one glaring weakness. The unlock code gets emailed to you. To your Trion account registered email. The same email, as it happens, that is also your login username for the game. Why this is a glaring weakness should be pretty obvious. First, most people use the same password (or slight variations) for everything, because lets face it, it's just not always that easy to keep track of many different passwords. Second, even if a different password is used, the vast majority of passwords aren't that difficult to crack with a brute-force attack. I'm not aware of any security measures in place to prevent a brute-force attack from being successful.
Companies need to STOP using your account email address as the login username. It's a good idea to have the username be changeable, but having it be the actual email is terrible.
In my case I'm using an email address I created just for this account, but that doesn't help much if you get a keylogger on your system, or in any situation where a hacker gets your account login info.
Take the Magic: The Gathering 'What Color Are You?' Quiz.
for that i would love to go on a pvp server.
I think most people are confused about what this featured is supposed to accomplish.
Coin lock is not supposed to protect your account from hacking. Not directly. Whatever reason led to people's getting their account hacked will still be valid after the coin lock is implemented.
The fundamental change is on the hackers front. If the hackers can't take advantage of the account by transfering assets and stripping it clean, what's the point in hacking it in the first place?
Actually, it is not a weakness. The hacker may have your email, but he cant receive your email, unless he has your email password. If he has that, you are screwed.
Khm ... and how many are like this? 0,001% of playerbase that would have this need?