Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

@heypleasehackmyaccount What's the point of this?

adam_noxadam_nox Member UncommonPosts: 2,148

I mean, why does it let you name a character whatever you want, with spaces, etc, and keeps all names unique, and then tells everyone your account login name?

 

Part of security is keeping both login and password secret, or preventing a link between what people know about you, your character, hobbies, anything identifiable, and your account name.  This is why email based logins are horrible. 

 

Imagine my surprise at joining a guild (which you can join 5 lol), and all these people I don't know suddenly know each others logins.

 

Not only that, but your login often just lacks character.  It doesn't represent you, and sometimes it's going to be stupid (mine is not), but you keep it around just because you are used to using it.

 

Annoyed... again.

«13

Comments

  • TheLizardbonesTheLizardbones Member CommonPosts: 10,910

    Usernames are a security non-issue because it's not the 80s.  Unless people pick a really stupid password, in which case it's their own fault for picking a password that could be cracked in a hundredth of a second by a machine on the first try.

     

    That is, so long as there are additional systems in place, like lockouts, increasing timeouts on failed attempts, IP checks, etc.  If it's just a username/password thing, and the passwords chosen are poor, this could lead to some 80s kind of scenarios.

     

    It does lead to some poor choices in how people sound to each other.  Might have been cool to let people pick a family name, but then they might run into the same issue with people picking ridiculous stuff just so they could get past the name form.

     

    I can not remember winning or losing a single debate on the internet.

  • Lord.BachusLord.Bachus Member RarePosts: 9,686
    Originally posted by lizardbones

    Usernames are a security non-issue because it's not the 80s.  Unless people pick a really stupid password, in which case it's their own fault for picking a password that could be cracked in a hundredth of a second by a machine on the first try.

     

    That is, so long as there are additional systems in place, like lockouts, increasing timeouts on failed attempts, IP checks, etc.  If it's just a username/password thing, and the passwords chosen are poor, this could lead to some 80s kind of scenarios.

     

    It does lead to some poor choices in how people sound to each other.  Might have been cool to let people pick a family name, but then they might run into the same issue with people picking ridiculous stuff just so they could get past the name form.

     

    You are misinformed...

     

    your username is a very important part of your securrity... As the OP said, its about 50% of your protection, because if they dont know your username, they are not even going to try and hack your account...   Thats why systems that use email adresses as account names are bad..

     

    and this system is even worse...

    Best MMO experiences : EQ(PvE), DAoC(PvP), WoW(total package) LOTRO (worldfeel) GW2 (Artstyle and animations and worlddesign) SWTOR (Story immersion) TSW (story) ESO (character advancement)

  • KarteliKarteli Member CommonPosts: 2,646
    Originally posted by Lord.Bachus
    Originally posted by lizardbones

    Usernames are a security non-issue because it's not the 80s.  Unless people pick a really stupid password, in which case it's their own fault for picking a password that could be cracked in a hundredth of a second by a machine on the first try.

     

    That is, so long as there are additional systems in place, like lockouts, increasing timeouts on failed attempts, IP checks, etc.  If it's just a username/password thing, and the passwords chosen are poor, this could lead to some 80s kind of scenarios.

     

    It does lead to some poor choices in how people sound to each other.  Might have been cool to let people pick a family name, but then they might run into the same issue with people picking ridiculous stuff just so they could get past the name form.

     

    You are misinformed...

     

    your username is a very important part of your securrity... As the OP said, its about 50% of your protection, because if they dont know your username, they are not even going to try and hack your account...   Thats why systems that use email adresses as account names are bad..

     

    and this system is even worse...

    Using emails as logins is standard because other MMO's do it .. Zzzzz...

     

    Requiring a credit card up ftont on a free 30 day period is OK because other MMO's do it... Zzz....

     

    Cash-shops in P2P games are OK because other MMO's do it.....

     

    Pay-to-Skip is OK because other MMO's do it...

     

    I guess SOE's pay to get better customer service might be cream of the crop.  That is just win right there.

     

    when does it end?

     

    OK just generalizations .. I frowned when Blizzard went with emails instead of unique logon names.  WHY???  But now logon names are public info in ESO  .. that's a serious issue.  A.REALLY.BIG.ISSUE.ZENIMAX.  give half the password away too while your at it.

     

     

    Want a nice understanding of life? Try Spirit Science: "The Human History"
    http://www.youtube.com/watch?v=U8NNHmV3QPw&feature=plcp
    Recognize the voice? Yep sounds like Penny Arcade's Extra Credits.

  • g0m0rrahg0m0rrah Member UncommonPosts: 325
    Originally posted by lizardbones

    Usernames are a security non-issue because it's not the 80s.  Unless people pick a really stupid password, in which case it's their own fault for picking a password that could be cracked in a hundredth of a second by a machine on the first try.

     

    That is, so long as there are additional systems in place, like lockouts, increasing timeouts on failed attempts, IP checks, etc.  If it's just a username/password thing, and the passwords chosen are poor, this could lead to some 80s kind of scenarios.

     

    It does lead to some poor choices in how people sound to each other.  Might have been cool to let people pick a family name, but then they might run into the same issue with people picking ridiculous stuff just so they could get past the name form.

     

     

       The only important mitigating factor in security is time.  If you freely give out logins you are reducing the time it takes to hack.  I had a talk with my neighbor the other day because his WiFi was set to wep.  I brought him to my house and showed him how easy it is to hack, 3 minutes to break from start to finish and that is only because I am a bit slow and linux is still a bit foreign to me.  I spoofed the mac address of his xbox , which is giving me basically a login ID equivalent.  Now yes wep is weak encryption but like I said originally the only real mitigation to hacking is time.  Anything can be hacked given enough time.  So for security you attempt to put as much time between the hacker and his goal as possible hoping they will go for an easier Target (pun intended).

  • ManasongManasong Member Posts: 208
    Is the ESO account handle any different than GW2 account handle security wise? In GW2 you can easily see acount names of anyone you put on your friends list, group party (I think) and guild, just by hovering their names.
  • KarteliKarteli Member CommonPosts: 2,646
    Originally posted by g0m0rrah
    Originally posted by lizardbones

    Usernames are a security non-issue because it's not the 80s.  Unless people pick a really stupid password, in which case it's their own fault for picking a password that could be cracked in a hundredth of a second by a machine on the first try.

     

    That is, so long as there are additional systems in place, like lockouts, increasing timeouts on failed attempts, IP checks, etc.  If it's just a username/password thing, and the passwords chosen are poor, this could lead to some 80s kind of scenarios.

     

    It does lead to some poor choices in how people sound to each other.  Might have been cool to let people pick a family name, but then they might run into the same issue with people picking ridiculous stuff just so they could get past the name form.

     

     

       The only important mitigating factor in security is time.  If you freely give out logins you are reducing the time it takes to hack.  I had a talk with my neighbor the other day because his WiFi was set to wep.  I brought him to my house and showed him how easy it is to hack, 3 minutes to break from start to finish and that is only because I am a bit slow and linux is still a bit foreign to me.  I spoofed the mac address of his xbox , which is giving me basically a login ID equivalent.  Now yes wep is weak encryption but like I said originally the only real mitigation to hacking is time.  Anything can be hacked given enough time.  So for security you attempt to put as much time between the hacker and his goal as possible hoping they will go for an easier Target (pun intended).

    Poor WEP :/

     

    RIP

    Want a nice understanding of life? Try Spirit Science: "The Human History"
    http://www.youtube.com/watch?v=U8NNHmV3QPw&feature=plcp
    Recognize the voice? Yep sounds like Penny Arcade's Extra Credits.

  • Dr_ShivinskiDr_Shivinski Member UncommonPosts: 311
    It blows my mind that ZoS thinks this ok, or really that anyone could think this is ok.
  • psiicpsiic Member RarePosts: 1,642
    Originally posted by Lord.Bachus
    Originally posted by lizardbones

    Usernames are a security non-issue because it's not the 80s.  Unless people pick a really stupid password, in which case it's their own fault for picking a password that could be cracked in a hundredth of a second by a machine on the first try.

     

    That is, so long as there are additional systems in place, like lockouts, increasing timeouts on failed attempts, IP checks, etc.  If it's just a username/password thing, and the passwords chosen are poor, this could lead to some 80s kind of scenarios.

     

    It does lead to some poor choices in how people sound to each other.  Might have been cool to let people pick a family name, but then they might run into the same issue with people picking ridiculous stuff just so they could get past the name form.

     

    You are misinformed...

     

    your username is a very important part of your securrity... As the OP said, its about 50% of your protection, because if they dont know your username, they are not even going to try and hack your account...   Thats why systems that use email adresses as account names are bad..

     

    and this system is even worse...

    Non stop emails everyday saying someone has tried to login my account from a different IP address. NEVER had this issue with any other game ever because nobody ever knew my user name, now people spend all day trying to crack my password. 

    No matter how complex I make my password it is just a matter of time before they manage to brute force my password thanks to this retarded user name issue.

  • MagikarpsGhostMagikarpsGhost Member RarePosts: 689
    and YET another post about this, Even IF they managed to get your username and password some how. they would need acess to your e-mail to allow them to log in from a different IP. so unless you are dumb enough to buy from a gold sight with key loggers then you will be fine. Hell runescape uses your log in name as your character name, and as crappy as that game is no one has hacked me. Best thing to do is play it smart and don't go giving info to people or websights.

    free 7 day sub and unlocks for swtor new accounts and 90+ day inactive subs click here to get it!

    Click here for trove referral, bonuses to both!

  • AcidonAcidon Member UncommonPosts: 796

    This isn't ESO specific obviously, look at all the other games that do this very thing (or the equivalent).

     

    • Use Complex Passwords - Google it if you don't know how.
    • Use a *Different* password for everything - This is so important.
    • Use an Offline, Safe piece of Software to help REMEMBER all of your Logins / Passwords (Link to such a program in my Sig)
     
     
  • Solar_ProphetSolar_Prophet Member EpicPosts: 1,960
    Originally posted by jircris
    and YET another post about this, Even IF they managed to get your username and password some how. they would need acess to your e-mail to allow them to log in from a different IP. so unless you are dumb enough to buy from a gold sight with key loggers then you will be fine. Hell runescape uses your log in name as your character name, and as crappy as that game is no one has hacked me. Best thing to do is play it smart and don't go giving info to people or websights.

    Yes, because I'm sure it'd be really easy for someone who could obtain your password to spoof your IP or obtain your email address, right?

    The gentleman who posted about time is right. That's all any security measure will buy you from someone who is determined and / or experienced enough. Make your car take too long to steal, your house too long to break into, your account too troublesome to hack. Any sort of theft non-professional theft is all about opportunity.

    Now, a professional who's targeting you? Kiss your car, personal belongings, or account(s) goodbye.

    AN' DERE AIN'T NO SUCH FING AS ENUFF DAKKA, YA GROT! Enuff'z more than ya got an' less than too much an' there ain't no such fing as too much dakka. Say dere is, and me Squiggoff'z eatin' tonight!

    We are born of the blood. Made men by the blood. Undone by the blood. Our eyes are yet to open. FEAR THE OLD BLOOD. 

    #IStandWithVic

  • DihoruDihoru Member Posts: 2,731
    Originally posted by Acidon

    This isn't ESO specific obviously, look at all the other games that do this very thing (or the equivalent).

     

    • Use Complex Passwords - Google it if you don't know how.
    • Use a *Different* password for everything - This is so important.
    • Use an Offline, Safe piece of Software to help REMEMBER all of your Logins / Passwords (Link to such a program in my Sig)
     
     

    Which does not make shitty practices less shitty.

    image
  • MerklynnMerklynn Member UncommonPosts: 100
    So far the only thing I received were a few in game mails trying to get me to buy gold. I reported both to support and received an email thanking me for keeping the community safe. I haven't gotten any emails about possible hackers but I see your concern. Perhaps we'll see an ESO phone app or a security keycode device being sold on their website in the near future.
  • TheDarkrayneTheDarkrayne Member EpicPosts: 5,297
    Yep, since character names are unique there is no need to provide our usernames. GW2 has the same problem (might have been changed, haven't played in awhile). There's no argument about it and I don't care if some people aren't bothered.. some are bothered and it serves no purpose. So, better to remove it.. then everyone is happy.
    I don't suffer from insanity, I enjoy every minute of it.
  • SirBalinSirBalin Member UncommonPosts: 1,300
    The reason the op is posting about this is because it's a major flaw.  This really does need to be fixed..I love the game...becoming quite the fanboy...but this needs to be fixed.

    Incognito
    www.incognito-gaming.us
    "You're either with us or against us"

  • Emmer4Emmer4 Member Posts: 29

    I can't believe this has not been addressed yet.

     

    Despite the claims of a few short sighted posters on this forum, the account name thing IS a huge security issue. As others have said, instead of providing protection for your account, all ZOS have provided is extra time before you do get hacked.

     

    This is one of the reasons I am refusing to pick up this game, as much as I want to give it a try....

     

    ZOS if you are reading any of this, chalk up one additional customer that will never buy your game unless you sort this issue among others!!

     

    My concern is how deep does this system go in terms of the code base, could they change the account name system now the game has launched? Or would this be a huge undertaking in terms of development?

  • ScotScot Member LegendaryPosts: 24,426

    Welcome to SMMMO's, Social Media MMO's, where the design principles of Social Media are more important than the principles of game design. GW2, FF, they are all doing it now, get used to the future.

    It is crap but its new in MMOland and they are all doing it, so it must be wonderful. :)

  • TheLizardbonesTheLizardbones Member CommonPosts: 10,910
    Originally posted by Lord.Bachus
    Originally posted by lizardbones

    Usernames are a security non-issue because it's not the 80s.  Unless people pick a really stupid password, in which case it's their own fault for picking a password that could be cracked in a hundredth of a second by a machine on the first try.

     

    That is, so long as there are additional systems in place, like lockouts, increasing timeouts on failed attempts, IP checks, etc.  If it's just a username/password thing, and the passwords chosen are poor, this could lead to some 80s kind of scenarios.

     

    It does lead to some poor choices in how people sound to each other.  Might have been cool to let people pick a family name, but then they might run into the same issue with people picking ridiculous stuff just so they could get past the name form.

     

    You are misinformed...

     

    your username is a very important part of your securrity... As the OP said, its about 50% of your protection, because if they dont know your username, they are not even going to try and hack your account...   Thats why systems that use email adresses as account names are bad..

     

    and this system is even worse...

     

    "They" aren't going to try and hack your password because "they" don't know or care who you are.  "They" are going to send "you" a phishing email, or "they" are going to wait for "you" to visit a website where "you" have allowed javascript and load a keylogger on "your" machine.  "They", if "they" were determined to target you wouldn't bother with guessing your password at all.  "They" would tap into the traffic coming to and from your house, taking less time to break the encryption on your data stream than it takes to guess a password and just knowing all the information "they" needed to know.  It would bypass all the account lockouts and the IP address scans too.

     

    Hiding a username is a false sense of security, because that isn't a useful attack vector.  Guessing a password is a waste of time.  Hence all the other, far more useful methods utilized to hack accounts.

     

    Again, that assumes there are other protections in place.  If there's nothing else in place then yes, this is a bad system, but it's a bad system because there are no other systems in place, not because the username is known.

     

    I can not remember winning or losing a single debate on the internet.

  • fs23otmfs23otm Member RarePosts: 506

    Brute Force hacking rarely happens, unless your password is so simple that a monkey could type it. 

    Social Engineering will always be the top dog in account compromises. 

    While I don't like the account thing for other reasons.. I do understand people concerns, especially if you used the same name repeatedly as your account name on other things.

  • TheLizardbonesTheLizardbones Member CommonPosts: 10,910
    Originally posted by psiic
    Originally posted by Lord.Bachus
    Originally posted by lizardbones

    Usernames are a security non-issue because it's not the 80s.  Unless people pick a really stupid password, in which case it's their own fault for picking a password that could be cracked in a hundredth of a second by a machine on the first try.

     

    That is, so long as there are additional systems in place, like lockouts, increasing timeouts on failed attempts, IP checks, etc.  If it's just a username/password thing, and the passwords chosen are poor, this could lead to some 80s kind of scenarios.

     

    It does lead to some poor choices in how people sound to each other.  Might have been cool to let people pick a family name, but then they might run into the same issue with people picking ridiculous stuff just so they could get past the name form.

     

    You are misinformed...

     

    your username is a very important part of your securrity... As the OP said, its about 50% of your protection, because if they dont know your username, they are not even going to try and hack your account...   Thats why systems that use email adresses as account names are bad..

     

    and this system is even worse...

    Non stop emails everyday saying someone has tried to login my account from a different IP address. NEVER had this issue with any other game ever because nobody ever knew my user name, now people spend all day trying to crack my password. 

    No matter how complex I make my password it is just a matter of time before they manage to brute force my password thanks to this retarded user name issue.

     

    Now that is annoying.  Depending on your password though, you probably have until well after you are done playing the game before a human guesses your password.  If they have IP lockouts, any bots trying to guess your password will be locked out for a near infinite amount of time too.

     

    Man, that sounds really annoying though.  Your, sir or ma'am, have a legitimate complaint.

     

    I can not remember winning or losing a single debate on the internet.

  • duiLucidduiLucid Member Posts: 46

    Your username on this website is adam_nox... lulz am r gunna hax0r u now!

     

  • koira1koira1 Member UncommonPosts: 264
    Originally posted by Manasong
    Is the ESO account handle any different than GW2 account handle security wise? In GW2 you can easily see acount names of anyone you put on your friends list, group party (I think) and guild, just by hovering their names.

    Yes, you can easily see people account name, but that wont help you hack em. even if you know their password, the log in locks you out even if you use correct information if you log in from different IP address, it locks me out quite often since i play from 2 different places and my other IP address chances each time i connect (stupid ISP) and then i need to go to my email account to get the unlock code so i can play again..

    EDIT: its like this in GW2, not sure for ESO

  • jdlamson75jdlamson75 Member UncommonPosts: 1,010
    Originally posted by jircris
     they would need acess to your e-mail to allow them to log in from a different IP.

    This.  Somehow, while playing from the same pc at the same desk in the same house since the game started, I got a login error telling me that I was attempting to log in from a new IP.  I had to use the new code sent via email in order to log in.  Great security system, if a little wonky.

  • KuinnKuinn Member UncommonPosts: 2,072
    Originally posted by duiLucid

    Your username on this website is adam_nox... lulz am r gunna hax0r u now!

     

    Not likely, gold spammers are mostly interested in MMO user names so they can sell your stuff, steal your cheese, and then sell the gold for real cash, forums account is completely pointless to hack in that scenario.

  • kruluxkrulux Member Posts: 229

    While I agree that posting the account name in chat is not ideal... at least they do filter connections based on the computer and IP you use. 

    So even if someone figured your password out - they would also need to know your email password to access the account from a new connection.  (Please don't have your password for your email the same as your game account - or any other password/account for that matter...)

    Personally - I like the keypass secure dongle... was hoping ESO would offer it.  I have one for most major MMO's that offered the choice.  (Or even a secure pin access like Rift uses for your smart phone)

Sign In or Register to comment.