Welcome, Guest. Please login or register.
March 22, 2017, 07:17:50 PM

Login with username, password and session length

Search:     Advanced search
Donate! | Subscribe! | Shop: Amazon

***DONATION DRIVE 2 HAS BEGUN:
CLICK HERE TO BURN MONEY***
*
Home Help Search Login Register
f13.net  |  f13.net General Forums  |  MMOG Discussion  |  Guild Wars 2  |  Topic: Guild Wars 2 Status by ANet 0 Members and 1 Guest are viewing this topic.
Pages: 1 [2] 3 4 ... 6 Go Down Print
Author Topic: Guild Wars 2 Status by ANet  (Read 16034 times)
Modern Angel
Terracotta Army
Posts: 3553


Reply #35 on: August 31, 2012, 06:42:38 AM

Remember that massive security breach NCSoft had several years ago, with special emphasis on hacking GW1 accounts? I have a theory they're just using that list of email addresses (which was a LOT, as I recall) to see what sticks.
Amaron
Terracotta Army
Posts: 2020


Reply #36 on: August 31, 2012, 07:09:07 AM

Remember that massive security breach NCSoft had several years ago, with special emphasis on hacking GW1 accounts? I have a theory they're just using that list of email addresses (which was a LOT, as I recall) to see what sticks.

They already said that's what's happening.   They're using that and breaches at Bethesda, Blizzard, etc.
Venkman
Terracotta Army
Posts: 11536


Reply #37 on: September 02, 2012, 03:53:38 PM

Status update noted in the launcher today but actually posted on the wiki yesterday:

Chimpy
Terracotta Army
Posts: 7842


WWW
Reply #38 on: September 02, 2012, 04:50:03 PM

It is simple, if you don't want to have a "list of emails from other games" be a vector for hacking to your game DON'T FUCKING USE EMAIL ADDRESSES AS ACCOUNT NAMES. It is really that fucking simple.


'Reality' is the only word in the language that should always be used in quotes.
Kageru
Terracotta Army
Posts: 4422


Reply #39 on: September 02, 2012, 05:11:22 PM


It's been a bad idea since Blizzard started it.

Is a man not entitled to the hurf of his durf?
- Simond
Sky
Terracotta Army
Posts: 28832

I love my TV an' hug my TV an' call it 'George'.


WWW
Reply #40 on: September 03, 2012, 09:05:55 AM


It's been a bad idea since Blizzard started it.

As has so much.

I boggled when Trion Worlds changed over to email login; not having been a wowtard it was shockingly poor security. I should've known from whence it came.

Chimpy
Terracotta Army
Posts: 7842


WWW
Reply #41 on: September 03, 2012, 09:24:10 AM

Amazon was the first site I can remember that had your email be your account login, long before WoW came along.

Regardless of where it came from, it is a stupid idea and the inconvenience of how big a security hole it opens is much worse than the convenience gained for the consumer when they just use their email account.


'Reality' is the only word in the language that should always be used in quotes.
Quinton
Terracotta Army
Posts: 3169

is saving up his raid points for a fancy board title


Reply #42 on: September 03, 2012, 09:45:06 AM

Amazon was the first site I can remember that had your email be your account login, long before WoW came along.

Regardless of where it came from, it is a stupid idea and the inconvenience of how big a security hole it opens is much worse than the convenience gained for the consumer when they just use their email account.

Unfortunately, forcing users to use a per-site login would not be a huge improvement.  The problem here is that many, many people will use the same credentials over and over again -- whether it be their email address or a username they like.  If one database of username+password is compromised (an online game, forum, whatever), using that set of credentials to attempt to login to similar things is a pretty obvious attack.

The biggest downside of using email addresses is that it gives you an immediate obvious target (the email provider -- gmail, hotmail, etc) which also happens to be the vector through which confirmation and verification flows.
Nightblade
Terracotta Army
Posts: 800


Reply #43 on: September 03, 2012, 09:54:02 AM

The state of the game states that password resetting is disabled, yet I somehow received an unsolicited email from arena net stating "click here to reset password".

Guess I'd better change my password just to be safe >.>
Sky
Terracotta Army
Posts: 28832

I love my TV an' hug my TV an' call it 'George'.


WWW
Reply #44 on: September 03, 2012, 11:05:41 AM

The problem here is that many, many people will use the same credentials over and over again -- whether it be their email address or a username they like.  If one database of username+password is compromised (an online game, forum, whatever), using that set of credentials to attempt to login to similar things is a pretty obvious attack.
It would be an improvement without having to roll up a new email sub-account for every damned site, for fuck's sake.

And fuck lazy people, who cares about their security? I'm talking about at least making it better for somewhat responsible people.

And as you say, you're giving them the vector for backup avenues - at least with a simple user/pass database they wouldn't have the keys to verification. It's just a really dumb idea that has become mainstream and then IT people wonder why the experts are pulling out their hair over the state of security in the US.

March
Terracotta Army
Posts: 476


Reply #45 on: September 03, 2012, 12:50:33 PM

Amazon was the first site I can remember that had your email be your account login, long before WoW came along.

Regardless of where it came from, it is a stupid idea and the inconvenience of how big a security hole it opens is much worse than the convenience gained for the consumer when they just use their email account.

Unfortunately, forcing users to use a per-site login would not be a huge improvement.  The problem here is that many, many people will use the same credentials over and over again -- whether it be their email address or a username they like.  If one database of username+password is compromised (an online game, forum, whatever), using that set of credentials to attempt to login to similar things is a pretty obvious attack.

The biggest downside of using email addresses is that it gives you an immediate obvious target (the email provider -- gmail, hotmail, etc) which also happens to be the vector through which confirmation and verification flows.

I take your point... but the bigger problem is that *everyone* is doing it... just looking at some of the many accounts I have, a Major Bank, a Major Pay hub, a Major Telephone Company, a major Entertainment provider, etc.  all use email for user name.  Like everyone else I have several "categories" of passwords... and the password +1 is a bitch over time.  I *used* to also have varying login credentials depending on the account type... but that is precisely the second variable that email takes away.

I've started using Lastpass to try to keep track of everything (until they get hacked)... but seriously between work, play, and financials, I want bio-security and to be done with it.
KallDrexx
Terracotta Army
Posts: 3510


Reply #46 on: September 03, 2012, 12:55:57 PM

Honestly, I saw no issue with emails as usernames until this.
Quinton
Terracotta Army
Posts: 3169

is saving up his raid points for a fancy board title


Reply #47 on: September 03, 2012, 01:44:46 PM

Check if your email provider maps username+something@example.com to username@example.com (gmail does this, and I believe a number of others do) -- use a unique "something" for each account you care about -- now you've made it much harder for somebody to guess your credentials elsewhere if they obtain them from one location.  Added bonus it makes it easier to filter mail from different entities and better track who is giving your address out to random mailing lists or whatnot.
koro
Terracotta Army
Posts: 2224


Reply #48 on: September 03, 2012, 01:52:52 PM

Check if your email provider maps username+something@example.com to username@example.com (gmail does this, and I believe a number of others do) -- use a unique "something" for each account you care about -- now you've made it much harder for somebody to guess your credentials elsewhere if they obtain them from one location.  Added bonus it makes it easier to filter mail from different entities and better track who is giving your address out to random mailing lists or whatnot.

I have no idea how you would even begin to do something like that with Gmail.
Quinton
Terracotta Army
Posts: 3169

is saving up his raid points for a fancy board title


Reply #49 on: September 03, 2012, 02:09:22 PM

You don't need to do anything.  If you have username@gmail.com, mail to username+blargh@gmail.com, etc will be delivered to your inbox.  No configuration required. 
Lantyssa
Terracotta Army
Posts: 20848


Reply #50 on: September 04, 2012, 08:14:51 AM

Wouldn't hackers know to just drop the +something for providers such as gmail?

Hahahaha!  I'm really good at this!
01101010
Terracotta Army
Posts: 9682

You call it an accident. I call it justice.


Reply #51 on: September 04, 2012, 08:18:50 AM

You don't need to do anything.  If you have username@gmail.com, mail to username+blargh@gmail.com, etc will be delivered to your inbox.  No configuration required. 

I had no idea... Thanks for the tip.  awesome, for real

"I want to watch it all burn in an orgy of smashed Coke machines and weasel rape." - HaemishM
DraconianOne
Terracotta Army
Posts: 2905


Reply #52 on: September 04, 2012, 08:23:13 AM

Wouldn't hackers know to just drop the +something for providers such as gmail?

To email you, yes, but that wouldn't work to log in - provided GW2 let you use that format in the email field.

A point can be MOOT. MUTE is more along the lines of what you should be. - WayAbvPar
Lantyssa
Terracotta Army
Posts: 20848


Reply #53 on: September 04, 2012, 09:00:52 AM

I suppose it depends how they get your account info.  And if you're scrambling the +something with gibberish and using unique passwords, then it adds that much more protection.  If you're already going to those lengths, though, your password is probably already fairly safe due to good habits.

Still, I suppose that's easier than creating a unique e-mail address for each game and every little bit helps.

Hahahaha!  I'm really good at this!
Xuri
Terracotta Army
Posts: 1194

몇살이세욬ㅋ 몇살이 몇살 몇살이세욬ㅋ!!!!!1!


WWW
Reply #54 on: September 04, 2012, 09:22:08 AM

Could you not run into customer support trouble if you're setting up your account to be "blah+something@gmail.com" while you're sending e-mails to customer support from "blah@gmail.com"? I.e. they would not match.

-= Ho Eyo He Hum =-
DraconianOne
Terracotta Army
Posts: 2905


Reply #55 on: September 04, 2012, 10:23:14 AM

Still, I suppose that's easier than creating a unique e-mail address for each game and every little bit helps.

Got home to a couple of emails from ArenaNet telling me that my password had been changed. Luckily they had gone to an email address that I don't use for games because I do exactly that - a unique email address for each game. It's surprising how little they get used or how little spam they receive.

See what I did there?

A point can be MOOT. MUTE is more along the lines of what you should be. - WayAbvPar
Sky
Terracotta Army
Posts: 28832

I love my TV an' hug my TV an' call it 'George'.


WWW
Reply #56 on: September 04, 2012, 10:32:30 AM

Or you could just stop using fucking email addresses as usernames.

Trippy
Administrator
Posts: 20209


Reply #57 on: September 04, 2012, 10:33:46 AM

Still, I suppose that's easier than creating a unique e-mail address for each game and every little bit helps.
Got home to a couple of emails from ArenaNet telling me that my password had been changed. Luckily they had gone to an email address that I don't use for games because I do exactly that - a unique email address for each game. It's surprising how little they get used or how little spam they receive.

See what I did there?
And when they do get spammed you know which fuckers sold your email address to spammers (assuming you didn't make your address trivial to guess).

Quinton
Terracotta Army
Posts: 3169

is saving up his raid points for a fancy board title


Reply #58 on: September 04, 2012, 12:15:20 PM

Could you not run into customer support trouble if you're setting up your account to be "blah+something@gmail.com" while you're sending e-mails to customer support from "blah@gmail.com"? I.e. they would not match.

Settings / Accounts / Add another email address you own - then you can add blah+something@gmail.com and it'll be in the dropdown menu on the From: field when composing mail.  There's even a "Reply from same address" option there if you want to automatically make the From: address match (if possible) when replying.  You can use this to add addresses from other domains as well (provided you can receive email there to get the "is this really you?" confirmation from gmail).

[qoute author=Lantyssa]
Wouldn't hackers know to just drop the +something for providers such as gmail?
[/quote]

Yeah, it's easy enough to guess the gmail login from another account, but if you're going through the trouble to do this hopefully you're using a decent password and/or have setup two-factor authentication on your gmail account. 
WayAbvPar
Moderator
Posts: 18538


Reply #59 on: September 05, 2012, 02:17:48 PM

In addition to the use of email addresses as user names- how did this game not launch with an authenticator system? That should have been part of the first infrastructure design meeting. It is so much easier now that smart phones are ubiquitous that not having one at launch is just  swamp poop

When speaking of the MMOG industry, the glass may be half full, but it's full of urine. HaemishM

Always wear clean underwear because you never know when a Tory Government is going to fuck you.- Ironwood

Who the hell taught you how to write? Fuck, that sentence is like internet transmitted face-attacking knives. Jesus. schild
Venkman
Terracotta Army
Posts: 11536


Reply #60 on: September 10, 2012, 04:42:37 PM

Press release: Re-opened direct sales and a new Our Time is Now* video commercial.

Kinda ok video. Was thinking I was watching a TSW spot by accident at first, but then got the WoW "I'm a Night Elf Mohawk" vibe by the middle of it.

* Videos on GW2 site not loading for me so this is to YouTube.
Furiously
Terracotta Army
Posts: 7165


WWW
Reply #61 on: September 10, 2012, 04:47:24 PM

I totally agree the first bit seems very secret worldy,

Wasted
Terracotta Army
Posts: 757


Reply #62 on: September 10, 2012, 09:34:14 PM

That video is fucking horrible, there's two minutes of ludicrous crap before they even show the game.
jlwilli5
Terracotta Army
Posts: 70


Reply #63 on: September 10, 2012, 09:46:40 PM

That video is fucking horrible, there's two minutes of ludicrous crap before they even show the game.

yep

Target Erukul 

EvE:
      Lukure
      Karsys
Modern Angel
Terracotta Army
Posts: 3553


Reply #64 on: September 11, 2012, 05:25:57 AM

I hate those fucking commercials because they subtly rely on a pernicious stereotype, which is that you're equating your Self with your in-game character. From there, it just all gets gross.
Genev
Terracotta Army
Posts: 77


Reply #65 on: September 11, 2012, 05:36:43 AM

Holy shit, that's one lousy video.
Cool dragon, though.
Falconeer
Terracotta Army
Posts: 10025

a polyamorous pansexual genderqueer born and living in the wrong country


WWW
Reply #66 on: September 11, 2012, 05:59:13 AM

The guy girl with the gasmask is totally looking like an Illuminati kid in The Secret World. I wonder if they didn't do it on purpose. Which would be weird. But it's even weirder to think they didn't.

Brogarn
Terracotta Army
Posts: 1372


Reply #67 on: September 11, 2012, 07:47:35 AM

That was terrible.
01101010
Terracotta Army
Posts: 9682

You call it an accident. I call it justice.


Reply #68 on: September 11, 2012, 07:50:18 AM

I am sure it is fine for the target demographic. But yeah, my near-40 ass thought it cringe-worthy.

"I want to watch it all burn in an orgy of smashed Coke machines and weasel rape." - HaemishM
Miasma
Terracotta Army
Posts: 5282

Stopgap Measure


Reply #69 on: September 11, 2012, 08:04:41 AM

That video is so terrible I find it hard to believe it is official.  That would have to have been shown to a roomful of senior people in the company before released and somehow those people would have had to say "Yeah that was good let's release it".  Maybe ncSoft made it and it's a cultural thing?

The guy girl with the gasmask is totally looking like an Illuminati kid in The Secret World. I wonder if they didn't do it on purpose. Which would be weird. But it's even weirder to think they didn't.
I think they were trying to go for some sort of weird connection to occupy wall street protestors not TSW.
Pages: 1 [2] 3 4 ... 6 Go Up Print 
f13.net  |  f13.net General Forums  |  MMOG Discussion  |  Guild Wars 2  |  Topic: Guild Wars 2 Status by ANet  
Jump to:  

Powered by SMF 1.1.10 | SMF © 2006-2009, Simple Machines LLC