All of these things are thrown into a persons face when they create an account with one of these companies. If it is not, it takes a whopping two second glance at your account to find options like the authenticators and such. Problem is, all of this is useless when a company (In my case Sony.) fails to upold their own end of security. Granted I only use pre-paid masetrcards I pick up from a local gas station, that only hold my postal code for personal info, I would have expected Sony to at the very least, oh, I dont know, hold my other personal information I was forced to give up with more security than plain text documents..
is it illegal to give game companies false info for required registration? whats about false name,address etc for billing? it seems like the only way to be sure to be safe is not to give your REAL info. Since we can not count on companies like SOE to securely store our info can they force us to give it to them?
How safe is the info we give here on mmorpg.com i wonder..
Watch your thoughts; they become words. Watch your words; they become actions. Watch your actions; they become habits. Watch your habits; they become character. Watch your character; it becomes your destiny. Lao-Tze
Yeah. No reason to single out Sony for anything right? They were simply the victims of hackers, a tsunami and earthquakes. This could have happened to anyone.
This isn't about logging off and logging back on to toons mate. This was sloppy and negligent security by Sony that has compromised 100 MILLION users identities, not gold farmers or whatever worthless pixelated item you take pride in.
Protecting what we can is our job. Protecting the information we MUST submit in order to play a game is THEIR job.
You need to read the Original Article
First paragraph:
Although the recent issues with PSN have many of us thinking about a different kind of security, I delve into individual account hacking in this column. Individual account hacking is the kind of hacking that has plagued WoW for years and that cropped up in Rift nearly as soon as the game went live.
Yes, SONY didn't do their job. But that is not what the point of this column is.
The point is what should companies be doing about individual account security? Could they do more?
Well, they can only do so much - if YOU as an account holder choose to make it easy to access your account by giving your account information to friends, family, power levelling services... writing your password on a post it note and attaching it to a monitor at work... then you really cannot blame companies like Blizzard when your account gets hacked, can you?
Now, to be fair, there are circumstances that we do allow others access to our accounts. That's a reality that game companies need to address too perhaps?
I have worked for a number of companies that had IT (account security) policies that were out of touch with reality.
But for security to work - it's a two way thing.
No actually I have NEVER allowed anyone access to any of my accounts on MMOs or otherwise other than to people who are my family and live in my own home who I know would never compromise my security. Nor would I it is against almost all of the user agreements.
Our current online transaction system really does need an overhaul
When such large scale theft of data is possible and repeatedly occurs its in our best interests.
The costs of not improving the industry standards *will* prove great if nothing changes.
There needs to be a new level of security for online transactions in my opinion.. something that you have to physical do whenever something is purchased online..
Whether it be a security token / authenticator or some form of biometric reader.
I would suggest having the authentication system connect directly to a secure network via satellite so less secure home/business networks couldn't be used to get info.
yes satellite signals can be intercepted... but it would be incredibly difficult for small scale basement dwellers/hackers to amass a large amount of illicit credit card numbers with a system like that.. and not to mention.. any data they did manage to steal would be much easier to track because of their physical need to be in proximity to the people the signal was being intercepted from.
If visa or mastercard implemented a system like this it would save tons of money/frustration in the long run... I doubt they would ever fund it themselves though.. maybe if they had a government mandate/subsidy
No actually I have NEVER allowed anyone access to any of my accounts on MMOs or otherwise other than to people who are my family and live in my own home who I know would never compromise my security. Nor would I it is against almost all of the user agreements.
So... you allowed someone else access to your accounts.
This is exactly what I said above - YOU allowed a breach in your account security - and because it is people you trust you don't even see it.
Our current online transaction system really does need an overhaul
When such large scale theft of data is possible and repeatedly occurs its in our best interests.
The costs of not improving the industry standards *will* prove great if nothing changes.
There needs to be a new level of security for online transactions in my opinion.. something that you have to physical do whenever something is purchased online..
Whether it be a security token / authenticator or some form of biometric reader.
I would suggest having the authentication system connect directly to a secure network via satellite so less secure home/business networks couldn't be used to get info.
yes satellite signals can be intercepted... but it would be incredibly difficult for small scale basement dwellers/hackers to amass a large amount of illicit credit card numbers with a system like that.. and not to mention.. any data they did manage to steal would be much easier to track because of their physical need to be in proximity to the people the signal was being intercepted from.
If visa or mastercard implemented a system like this it would save tons of money/frustration in the long run... I doubt they would ever fund it themselves though.. maybe if they had a government mandate/subsidy
Like I said above mastercardsecurecode. It makes you put in a seperate # from the pin # you use in the stores. I honestly think this is something all MMO makers should consider that are pay to play. At least put the option there. As far as the problems that already exist with such games as WoW and what not. I honestly don't think Blizzard is going to take what happened to Sony to heart and is not going to do anymore than they already have which people are already starting to hack through again and they do nothing already. Not unless it happnes to them because so far they have ALWAYS managed to throw the blame elsewhere I am sure they will continue to blame it on the costumers just like they always have even though the only way someone could have access to turn on a WoW account that is inactive would be through hacking into Blizzard or one of it's subsidiary companies such as curse.com or the battle.net in which case would still be their responsibility because they allow those companies to run thier srcurity and addons would still be Blizzards fault. And yes the reason that a lot of accounts weere getting hacked was because one of those companies got hacked last year and Blizzard will not tell the truth to anyone even though they did admit it to someone that had played WoW from teh beginning that got hacked ands his entire guild bank got emptied. And that was one out of 2 times that that guild bank was emptied due to hacking within 2 weeks and the other account that emptied it out was an inactive RL friends of the GL and other people in that guild and he had not been playing or anything so it could not have been a keylogger.
Basically it comes down to this. the only reason that this Sony thing has gone to the extreme that it has is because Sony is one of the LARGEST companies in the world and so when something happens to them because it affects 100,000,000 people. Authorities and everyone are involved. Companies like Blizzard jsut get to sit there and not admit to anything because it does not happen on this big of a scale and the only way that all game makers are going to get forced to upgrade their security is if people start speaking up like putting complaints in at the BBB and such when something like this goes on. When you have an issue with Blizzard go to teh BBB and put in a complaint. If it is found to be a valid complaint it will go to Blizzard and Blizzard will either HAVE to fix the problem or have their rating drop. If you look on hte BBB it is pretty funny how SOE has only had less than 200 complaints in 3 years out of 24,000,000 accounts and Blizzard has had 2500 out of 12,000,000. I do believe the numbers speak for themselves and sometimes you have to speak up and not be afraid to complain when a company is doing bad business. Because if they are and no one ever speaks then the uppers never know the truth of how big the hacking has really been long before this happened to Sonyand did nothing about it because it did not affect enough people. Maybe now they will listen. Maybe now they will start making laws and whaever to require these game makers to upgrade their security. But for now and always even if they do or don't we have to protect ourselves.
I never could figure out why it was that I never got hacked on WoW. I was certainly surprised other than the fact that I am hardcore and the only time I am not on the game I am subscribing to is when I sleep and when all of those hackings were going on I didn't sleep much for fear that my account would be next. I made myself literally stay awake to watch out for my friends accounts, the guild, and my own. It was terrible. I kept waiting to log in and have all of my stuff gone or something to that affect.
I really wish they would listen to our ideas more now Blizzard has even gotten rid of their suggestion forums too and if someone says something they don't like they either lock or delete the thread. I witnessed it one day I posted on a thread that had to do with some of my concerns it was no where near the 500 limit post and the next thing I knew I logged in to check on it and it had been deleted an hour after I posted in it. And to get a hold of Blizzard personally and actually get to talk to a live person is like pulling teeth. So I am not toally sure what the answer is here but I sure hope this wakes some people up as much as I hate to say it maybe this thing with Sony happened for a reason adn they didn't get a lot of card #'s and no SS#'s at least so I think we'll still be ok with what happened at Sont but I TOTALLY agree that more security measures need to be taken by more companies than just Sony because this is getting to be crazy. Who knows but maybe one of hte other big game xompanies might be the next target. At this point I don't think anyone really knows if this was personal on Sony or if Sony was just who they picled to target.
I am most definately getting mastercaresecurecard at this point though and will movce banks if I have to to get it. I need that extra protection and if my bank won't provide it I will go to someone who will and will not use a company online who does not have it or at least the option to use it.
I feel for anyone who comes out of this and actually gets fraud done to them hope it isn't me as well. But I think there are certainly some measures some of these companies should be implementing right now. Don't wait. It is obvious that if a companies weakness gets out there they are going to get hacked. And that is something that needs to stop too is people saying that a company might have a weakness in their system on open chat in any kind of forum or anything else. Saying things like that starts criminal minds wheels turning adn then it's liek a challenge put out there to them and they have to concur it.
I know as for me I have done everything I could always do to try and keep my information safe on my MMO's but yes everyone has a part in keeping it safe the gamemakers as well as us it is not jsut one sided. I know there is some kine of really strong encryption system that FF XI put out about a month ago. I can't even play it because they DO require secure code and my bank is not signed up for it lol. Bought it to keep me occupied while EQ2 is down and can't play it either because of how strong the security IS on it LOL. Kind of bummed atm that these stupid hackers are causing this mess.
No actually I have NEVER allowed anyone access to any of my accounts on MMOs or otherwise other than to people who are my family and live in my own home who I know would never compromise my security. Nor would I it is against almost all of the user agreements.
So... you allowed someone else access to your accounts.
This is exactly what I said above - YOU allowed a breach in your account security - and because it is people you trust you don't even see it.
Did you change your account password since?
No didn't need to because no one ever actually logged in toehr than me and I wasa standing over their shoulder LOL> Have never actually been hacked but the fear of being the next victim has definately been there.
---------------------------------------- Evil UO has doomed my poor soul and now I'm wandering restlessly through all MMORPG's, desperately searching for a place to rest in peace.....
No actually I have NEVER allowed anyone access to any of my accounts on MMOs or otherwise other than to people who are my family and live in my own home who I know would never compromise my security. Nor would I it is against almost all of the user agreements.
So... you allowed someone else access to your accounts.
This is exactly what I said above - YOU allowed a breach in your account security - and because it is people you trust you don't even see it.
Did you change your account password since?
No didn't need to because no one ever actually logged in toehr than me and I wasa standing over their shoulder LOL> Have never actually been hacked but the fear of being the next victim has definately been there.
And, you see?, you are the classic case.
Now, just to be clear, I am not attacking you or accusing you of anything. But what I am doing is saying that you are typical of thousands of gamers out there (including me).
We (gamers) do allow others use of our accounts from time to time. It's the 'human' thing to do. We show friends, family, workmates what game we are playing. And why shouldn't we? It's a game. Then they want a go - sure, no problem. And why not? It's not like it's a matter of national security?
And we let them play on our account a little - and they lose connection - so we give them the password and tell them to just log themselves in if they want "but don't touch my characters". And it's fine.
And later on they want to show one of their friends...
Or we give a guildie our password so that they can do something for us while we are away camping... or at work... and we forget that our WoW login is exactly the same as our Rift login...
Or our WoW account was hacked... but that was years ago... so when we create our Rift account why not use that cool account name we had (after all we always us that handle...its ours!) and we can remember what password we used so it will be easy to remember if we just keep the details the same...
I use my same handle and pw for everything on the internett, only stuff that have been hacked are my hotmail and wow. i did change my hotmail to an uniq pw(1big letter,3small,1big and 3numbers) but 2month later it was hacked again so now im back to same user name and pw for everything, but stil its only those 2 have been hacked non of my other games/email service.
Hotmail/rift/aoc/aion etc all use the same pw but some use my email other use my username and those have never been thouchd and to be honest i find it strange since those that hacked my email can log in if they wanted but guess they looked for something else then games.
I have had diff username since 2000 but the pw have stayd the same over all those years, the 6 last years my user name have stayd the same. I find it strange that i have not been hacked more.
For me I use different username and passwords for most of my accounts, also use unpredictable passwords. My mother and sister figured out my other sister's email password because she used a predictable password- she loved Hawaii and that's the password she used. Also any word that's in the dictionary will be cracked way faster than oddly spelled words and words that includes numbers like "f1r3truck".
As far as I know I haven't been hacked except for the inactive WoW account that I haven't played in 4 years (thankfully I had fake info on it), then again several people has had the same thing happen.
What a surprice, this instantly turned into a "SOE is evil" microphone.
Anyways, a company can create security measures till hell freezes over, but if users are careless and don't want to spend time understanding how to behave on the net, then they will be hacked.
Don't give away sensible information about yourself (example facebook). Understand what is safe to give access to in a browser (annoying and technical). Don't run executables downloaded from shady sites (torrent downloads). Use common sense.
No one is hack proof, not you, not SOE, not facebook, but you can minimize the risk.
The visa/mastercard online security feature is getting mentioned, Verified by Visa and Securecode.
The reason why merchants can't insist on this is that Visa/Mastercard doesn't enforce this. If I have a Visa card and I am not on Verified by Visa, I can go to Visa itself if the merchant has that enforcement and ask why. As far as I know, Visa will side with the 'me' and not the merchant.
Why? Cause Visa/Mastercard haven't rolled out to every card issuing entity (IE Banks) right now. So until that happens, the online security feature will be optional.
South Korea is an exception as it is actually enforced through law so Visa/Mastercard can't side with me.
Gdemami - Informing people about your thoughts and impressions is not a review, it's a blog.
I wonder if all the game companies agreed to issue with every game sold a reuseable timecard system like a mobile phone top-up card.
The card would only be connected with the physical game in your posession . You logged in , put the game card details in, and patched up. Having a card reader would give a 6-8 didgit pin code to type in each time the card was used . If there was monies on the card , the sub would continue .
Basically you fill the card with money via credit card or cash at a store , the game company is paid via the store network . Similar to paypal. The point being no personal details need to be transferred at any point . The game subscription is linked to only the physical copy of the game. Not to Joe Bloggs at Smith Street with password xyz.
A lot of free MMO's have the onscreen keyboar you can click with your mouse to try to counter keyloggers. A few of the free MMO vendors have started going to password expiry as an account protection method and force you to change your password every 60-90 days.
Its a nice step I suppose but to me its not going to help the morons who set their password as "password" or "username" and who sadly always fall for account phishing emails and clones website logins. All it probably will do is drive competent users insane that they have to go change their password when they try to login to a game & find out it has expired.
Forcing you to change a pasword every so often is probably the worst idea ever for security purposes. Sure, you are forcing people to change password, making the previously (Potentially) stolen password obsolete, but there are consequences to that.
Forcing a password reset inevitably leads to lower security, since the passwords become simpler and simpler, and eventually become a pattern (In order to remember them), or even written down in a convenient and visible location. What security value is there in forcing you to change your password if it becomes P@ssw0rdJan11, P@ssw0rdFeb11, etc (A previous employer had a monthly reset policy, and guess what, everybody had a patterned password after 3 months of starting, and most of those passwords started the same)?
Sure, you could force them to pick a wildly different password, which would just lead to them writing down the password on a piece of paper.
Rift's Coin Lock plus security token is currently the best idea from a user perspective that provides a lot of security without relying on the user to be the clever one. Even if your password was 'password123', you would still be relatively safe in Rift.
Rift-style security is definitely the way to go, security systems should not rely on the user to be 'security savvy' in order to provide a secure environment, that's a hopeless pipe-dream.
If you wish some security, then code it all internal.
{mod edit}
All anti-cheat really does is prevent the lower end of the barrel from hacking and cheating in a game, but it doesn't stop the main cheaters of the game who have completely devoured the system to their own ends long before the system is placed.
Also, password protection works if people stop putting in the dumbest passwords. A few years ago, 40% of people registered to a server I put together had the password either be "password" or their phone number and some even put social security numbers or license numbers...I had to program the login system to force people into making complex passwords.
It was Einstein who said "There are two things which are infinite, Human Stupidity and the Universe and of the Universe, I am not so sure" ^_^
When a company like SONY loses THAT MUCH INFORMATION, they deserve to be investigated by the authorities for foul play. So many years I have handled servers and NOT ONCE have I EVER permamently lost account data. I am just one person, SONY has entire divisions working their systems. There really was no excuse on why they couldn't protect themselves...which lead me to believe they sold accounts to companies, lost hardware and then told the world hackers did it in order to retain their market shares and make a hefty profit.
Facebook users be aware, Facebook may have leaked your info. Kinda shows you in today's age, nothing is safe. Simple outdated API on facebook would've allowed any advertisers to obtain personal info. Hackers don't always need to hack into the servers to obtain personal info. And you wouldn't believe the things people put on their facebook
Comments
is it illegal to give game companies false info for required registration? whats about false name,address etc for billing? it seems like the only way to be sure to be safe is not to give your REAL info. Since we can not count on companies like SOE to securely store our info can they force us to give it to them?
How safe is the info we give here on mmorpg.com i wonder..
Watch your thoughts; they become words.
Watch your words; they become actions.
Watch your actions; they become habits.
Watch your habits; they become character.
Watch your character; it becomes your destiny.
Lao-Tze
No actually I have NEVER allowed anyone access to any of my accounts on MMOs or otherwise other than to people who are my family and live in my own home who I know would never compromise my security. Nor would I it is against almost all of the user agreements.
Our current online transaction system really does need an overhaul
When such large scale theft of data is possible and repeatedly occurs its in our best interests.
The costs of not improving the industry standards *will* prove great if nothing changes.
There needs to be a new level of security for online transactions in my opinion.. something that you have to physical do whenever something is purchased online..
Whether it be a security token / authenticator or some form of biometric reader.
I would suggest having the authentication system connect directly to a secure network via satellite so less secure home/business networks couldn't be used to get info.
yes satellite signals can be intercepted... but it would be incredibly difficult for small scale basement dwellers/hackers to amass a large amount of illicit credit card numbers with a system like that.. and not to mention.. any data they did manage to steal would be much easier to track because of their physical need to be in proximity to the people the signal was being intercepted from.
If visa or mastercard implemented a system like this it would save tons of money/frustration in the long run... I doubt they would ever fund it themselves though.. maybe if they had a government mandate/subsidy
So... you allowed someone else access to your accounts.
This is exactly what I said above - YOU allowed a breach in your account security - and because it is people you trust you don't even see it.
Did you change your account password since?
Nothing says irony like spelling ideot wrong.
Like I said above mastercardsecurecode. It makes you put in a seperate # from the pin # you use in the stores. I honestly think this is something all MMO makers should consider that are pay to play. At least put the option there. As far as the problems that already exist with such games as WoW and what not. I honestly don't think Blizzard is going to take what happened to Sony to heart and is not going to do anymore than they already have which people are already starting to hack through again and they do nothing already. Not unless it happnes to them because so far they have ALWAYS managed to throw the blame elsewhere I am sure they will continue to blame it on the costumers just like they always have even though the only way someone could have access to turn on a WoW account that is inactive would be through hacking into Blizzard or one of it's subsidiary companies such as curse.com or the battle.net in which case would still be their responsibility because they allow those companies to run thier srcurity and addons would still be Blizzards fault. And yes the reason that a lot of accounts weere getting hacked was because one of those companies got hacked last year and Blizzard will not tell the truth to anyone even though they did admit it to someone that had played WoW from teh beginning that got hacked ands his entire guild bank got emptied. And that was one out of 2 times that that guild bank was emptied due to hacking within 2 weeks and the other account that emptied it out was an inactive RL friends of the GL and other people in that guild and he had not been playing or anything so it could not have been a keylogger.
Basically it comes down to this. the only reason that this Sony thing has gone to the extreme that it has is because Sony is one of the LARGEST companies in the world and so when something happens to them because it affects 100,000,000 people. Authorities and everyone are involved. Companies like Blizzard jsut get to sit there and not admit to anything because it does not happen on this big of a scale and the only way that all game makers are going to get forced to upgrade their security is if people start speaking up like putting complaints in at the BBB and such when something like this goes on. When you have an issue with Blizzard go to teh BBB and put in a complaint. If it is found to be a valid complaint it will go to Blizzard and Blizzard will either HAVE to fix the problem or have their rating drop. If you look on hte BBB it is pretty funny how SOE has only had less than 200 complaints in 3 years out of 24,000,000 accounts and Blizzard has had 2500 out of 12,000,000. I do believe the numbers speak for themselves and sometimes you have to speak up and not be afraid to complain when a company is doing bad business. Because if they are and no one ever speaks then the uppers never know the truth of how big the hacking has really been long before this happened to Sonyand did nothing about it because it did not affect enough people. Maybe now they will listen. Maybe now they will start making laws and whaever to require these game makers to upgrade their security. But for now and always even if they do or don't we have to protect ourselves.
I never could figure out why it was that I never got hacked on WoW. I was certainly surprised other than the fact that I am hardcore and the only time I am not on the game I am subscribing to is when I sleep and when all of those hackings were going on I didn't sleep much for fear that my account would be next. I made myself literally stay awake to watch out for my friends accounts, the guild, and my own. It was terrible. I kept waiting to log in and have all of my stuff gone or something to that affect.
I really wish they would listen to our ideas more now Blizzard has even gotten rid of their suggestion forums too and if someone says something they don't like they either lock or delete the thread.
I witnessed it one day I posted on a thread that had to do with some of my concerns it was no where near the 500 limit post and the next thing I knew I logged in to check on it and it had been deleted an hour after I posted in it. And to get a hold of Blizzard personally and actually get to talk to a live person is like pulling teeth. So I am not toally sure what the answer is here but I sure hope this wakes some people up as much as I hate to say it maybe this thing with Sony happened for a reason adn they didn't get a lot of card #'s and no SS#'s at least so I think we'll still be ok with what happened at Sont but I TOTALLY agree that more security measures need to be taken by more companies than just Sony because this is getting to be crazy. Who knows but maybe one of hte other big game xompanies might be the next target. At this point I don't think anyone really knows if this was personal on Sony or if Sony was just who they picled to target.
I am most definately getting mastercaresecurecard at this point though and will movce banks if I have to to get it. I need that extra protection and if my bank won't provide it I will go to someone who will and will not use a company online who does not have it or at least the option to use it.
I feel for anyone who comes out of this and actually gets fraud done to them hope it isn't me as well. But I think there are certainly some measures some of these companies should be implementing right now. Don't wait. It is obvious that if a companies weakness gets out there they are going to get hacked. And that is something that needs to stop too is people saying that a company might have a weakness in their system on open chat in any kind of forum or anything else. Saying things like that starts criminal minds wheels turning adn then it's liek a challenge put out there to them and they have to concur it.
I know as for me I have done everything I could always do to try and keep my information safe on my MMO's but yes everyone has a part in keeping it safe the gamemakers as well as us it is not jsut one sided. I know there is some kine of really strong encryption system that FF XI put out about a month ago. I can't even play it because they DO require secure code and my bank is not signed up for it lol. Bought it to keep me occupied while EQ2 is down and can't play it either because of how strong the security IS on it LOL. Kind of bummed atm that these stupid hackers are causing this mess.
No didn't need to because no one ever actually logged in toehr than me and I wasa standing over their shoulder LOL> Have never actually been hacked but the fear of being the next victim has definately been there.
-> confident -> cocky -> lazy -> death ....
----------------------------------------
Evil UO has doomed my poor soul and now I'm wandering restlessly through all MMORPG's, desperately searching for a place to rest in peace.....
And, you see?, you are the classic case.
Now, just to be clear, I am not attacking you or accusing you of anything. But what I am doing is saying that you are typical of thousands of gamers out there (including me).
We (gamers) do allow others use of our accounts from time to time. It's the 'human' thing to do. We show friends, family, workmates what game we are playing. And why shouldn't we? It's a game. Then they want a go - sure, no problem. And why not? It's not like it's a matter of national security?
And we let them play on our account a little - and they lose connection - so we give them the password and tell them to just log themselves in if they want "but don't touch my characters". And it's fine.
And later on they want to show one of their friends...
Or we give a guildie our password so that they can do something for us while we are away camping... or at work... and we forget that our WoW login is exactly the same as our Rift login...
Or our WoW account was hacked... but that was years ago... so when we create our Rift account why not use that cool account name we had (after all we always us that handle...its ours!) and we can remember what password we used so it will be easy to remember if we just keep the details the same...
Nothing says irony like spelling ideot wrong.
I use my same handle and pw for everything on the internett, only stuff that have been hacked are my hotmail and wow. i did change my hotmail to an uniq pw(1big letter,3small,1big and 3numbers) but 2month later it was hacked again so now im back to same user name and pw for everything, but stil its only those 2 have been hacked non of my other games/email service.
Hotmail/rift/aoc/aion etc all use the same pw but some use my email other use my username and those have never been thouchd and to be honest i find it strange since those that hacked my email can log in if they wanted but guess they looked for something else then games.
I have had diff username since 2000 but the pw have stayd the same over all those years, the 6 last years my user name have stayd the same. I find it strange that i have not been hacked more.
For me I use different username and passwords for most of my accounts, also use unpredictable passwords. My mother and sister figured out my other sister's email password because she used a predictable password- she loved Hawaii and that's the password she used. Also any word that's in the dictionary will be cracked way faster than oddly spelled words and words that includes numbers like "f1r3truck".
As far as I know I haven't been hacked except for the inactive WoW account that I haven't played in 4 years (thankfully I had fake info on it), then again several people has had the same thing happen.
What a surprice, this instantly turned into a "SOE is evil" microphone.
Anyways, a company can create security measures till hell freezes over, but if users are careless and don't want to spend time understanding how to behave on the net, then they will be hacked.
Don't give away sensible information about yourself (example facebook). Understand what is safe to give access to in a browser (annoying and technical). Don't run executables downloaded from shady sites (torrent downloads). Use common sense.
No one is hack proof, not you, not SOE, not facebook, but you can minimize the risk.
"I am my connectome" https://m.youtube.com/watch?v=HA7GwKXfJB0
It would be nice if their weren't asshats out there that thrived on hacking or harrassing people online....
The visa/mastercard online security feature is getting mentioned, Verified by Visa and Securecode.
The reason why merchants can't insist on this is that Visa/Mastercard doesn't enforce this. If I have a Visa card and I am not on Verified by Visa, I can go to Visa itself if the merchant has that enforcement and ask why. As far as I know, Visa will side with the 'me' and not the merchant.
Why? Cause Visa/Mastercard haven't rolled out to every card issuing entity (IE Banks) right now. So until that happens, the online security feature will be optional.
South Korea is an exception as it is actually enforced through law so Visa/Mastercard can't side with me.
Gdemami -
Informing people about your thoughts and impressions is not a review, it's a blog.
I wonder if all the game companies agreed to issue with every game sold a reuseable timecard system like a mobile phone top-up card.
The card would only be connected with the physical game in your posession . You logged in , put the game card details in, and patched up. Having a card reader would give a 6-8 didgit pin code to type in each time the card was used . If there was monies on the card , the sub would continue .
Basically you fill the card with money via credit card or cash at a store , the game company is paid via the store network . Similar to paypal. The point being no personal details need to be transferred at any point . The game subscription is linked to only the physical copy of the game. Not to Joe Bloggs at Smith Street with password xyz.
A lot of free MMO's have the onscreen keyboar you can click with your mouse to try to counter keyloggers. A few of the free MMO vendors have started going to password expiry as an account protection method and force you to change your password every 60-90 days.
Its a nice step I suppose but to me its not going to help the morons who set their password as "password" or "username" and who sadly always fall for account phishing emails and clones website logins. All it probably will do is drive competent users insane that they have to go change their password when they try to login to a game & find out it has expired.
Forcing you to change a pasword every so often is probably the worst idea ever for security purposes. Sure, you are forcing people to change password, making the previously (Potentially) stolen password obsolete, but there are consequences to that.
Forcing a password reset inevitably leads to lower security, since the passwords become simpler and simpler, and eventually become a pattern (In order to remember them), or even written down in a convenient and visible location. What security value is there in forcing you to change your password if it becomes P@ssw0rdJan11, P@ssw0rdFeb11, etc (A previous employer had a monthly reset policy, and guess what, everybody had a patterned password after 3 months of starting, and most of those passwords started the same)?
Sure, you could force them to pick a wildly different password, which would just lead to them writing down the password on a piece of paper.
Rift's Coin Lock plus security token is currently the best idea from a user perspective that provides a lot of security without relying on the user to be the clever one. Even if your password was 'password123', you would still be relatively safe in Rift.
Rift-style security is definitely the way to go, security systems should not rely on the user to be 'security savvy' in order to provide a secure environment, that's a hopeless pipe-dream.
If you wish some security, then code it all internal.
{mod edit}
All anti-cheat really does is prevent the lower end of the barrel from hacking and cheating in a game, but it doesn't stop the main cheaters of the game who have completely devoured the system to their own ends long before the system is placed.
Also, password protection works if people stop putting in the dumbest passwords. A few years ago, 40% of people registered to a server I put together had the password either be "password" or their phone number and some even put social security numbers or license numbers...I had to program the login system to force people into making complex passwords.
It was Einstein who said "There are two things which are infinite, Human Stupidity and the Universe and of the Universe, I am not so sure" ^_^
When a company like SONY loses THAT MUCH INFORMATION, they deserve to be investigated by the authorities for foul play. So many years I have handled servers and NOT ONCE have I EVER permamently lost account data. I am just one person, SONY has entire divisions working their systems. There really was no excuse on why they couldn't protect themselves...which lead me to believe they sold accounts to companies, lost hardware and then told the world hackers did it in order to retain their market shares and make a hefty profit.
Facebook users be aware, Facebook may have leaked your info. Kinda shows you in today's age, nothing is safe. Simple outdated API on facebook would've allowed any advertisers to obtain personal info. Hackers don't always need to hack into the servers to obtain personal info. And you wouldn't believe the things people put on their facebook
EQ1-AC1-DAOC-FFXI-L2-EQ2-WoW-DDO-GW-LoTR-VG-WAR-GW2-ESO