55 replies to this topic

[GhostBexar]

I think having the option to bind an anthenticator to your account is a great idea! I would have one if it was offered.

[Glythe]

Your account isn't worth hacking. They can't take anything. All they can do is grief you..... that means there is about 99.9% less of a chance you will get hacked. Unlike Actiblizzard they also allow you to have passwords with things besides a-z and 0-9 (including capital letters). That makes your account much more secure.

[JFlash49]

there is no transfer of currency so it wont be needed as far as im concerned. all hacking is gonna do is allow you to have a look around and cant do squat

[Donner]

I think it would definitely be a good safety precaution, because a card linked to my bank account info was hacked into, and the people that hacked into the account via that card made several expensive transactions, such as plane tickets and electronics. All of this is unfortunately because of the internet, and F2P games with real life currency with many players are definitely a target for hacking and phishing into accounts to attain money.

[Quinid]

As long as it's more effective than Diablo III's authenticator, then great. That thing was garbage. Had it on the phone and still got hijacked. All they did was copy your IP and the authenticator wouldn't be required.
But yeah agreed, if they can not transfer anything, then the threat is pretty much null.

[Idiot Proof]

Bitslizer, on 03 August 2012 - 07:45 AM, said:

Its not YOUR system that you have to worry about being hack

its OTHER WEBSITE with your username/password that get hack.

Games like Diablo3, majority of account hack are 3rd party website database getting hacked, then the hackers use login script to run through the list they stole to see which one work or don't work.

The worse are the website that store your password in plain text, you can tell those website when their password recovery/forget password actually send you your ACTUAL password back via email

Even encrypted/salted/hashed password are better but still can be brute forced, those are the website that ask you to set a new password when you forget password


That's a very good reason to not share password between different website/games.

and avoid password like 1234

[Illuzian Pryde]

While I've never lost a gaming account my paypal was once 'hacked' after I believe a keylogger recorded my details on lunch at a programming course work sent me on. While it was a public PC, you never know.

I have 2 factor auth for anything that has it including paypal, gmail and swtor.

Losing accounts sucks as does trying to get it back. While not essential the option would be great.

[Python46]

if they ever have any information, such as credit card and bank account info, stored on their end, or they make it possible to transfer c-bills, m-cash and mechs to other players, an authenticator would make sense. but, if they do none of that, there's no reason to bother because there's no real reason for real hackers to try and hack your account. and if there's no real world benefit, true hackers aren't bothering with it.

as for Notch, if you really believe that your luck so far means that you'll never get hacked, without participating in some risky activities or that it's very unlikely to ever happen, you sadly don't understand much about today's world and computers within it. people hack facebook accounts all the time, whether the user visits questionable sites or not and there's not really much on facebook that's of any real world value, other than possibly names, addresses and phone numbers. and given the proliferation of virii on the web, sooner or later, you're going to get hit with something. so, count your blessings about not having had an account hacked so far. but, as long as you keep playing online games, your day is likely coming.

honestly, though, anyone who wants to avoid any real impact from hacking should 1) not store any sensitive information on their MWO account profile(credit card info, especially) 2) change your password frequently and use combinations of letters and numbers you can remember, but which shouldn't be obvious, even to people who know you, 3) never share your login information with anyone and 4) never click links in emails, with regard to your online gaming accounts, except authentication emails you are expecting. half the WoW kids who get hacked do so because they get some bogus email, telling them to go verify their account through this link. and very few of them have the status bar set to display the actual link behind the tag they are clicking, so they don't see they aren't going to the site they expected(though it will look just like it). if your browser has the option to display the actual http information when you mouse over a link, turn it on and know where you are going. you'll avoid a ton of grief that way.

[Mechwarrior Buddah]

RG Notch, on 03 August 2012 - 07:02 AM, said:

Never used one, never been hacked. I don't know anyone who was hacked, unless they bought gold or went to some fishy site. Don't buy gold , don't look for cheats don't get hacked. Simple formula that has worked for me and everyone I know so far. If they want to sell one to dupes I say go for it and more money for development.

Ive been hacked and never bought gold so any added security is good

I lost my WoW account when I wasnt playing because apparently I used the same email and password on a free forum site and they sold it to a hacker (I hadnt planned on going BACK to WoW at the time so I wasnt greatly worried about giving out that password combo. Ive learned since lol).
Something similar happened to a friend of mine twice with HIS WoW account; where it got hacked when he wasnt playing it like twice.

Edited by 514yer, 05 August 2012 - 10:55 PM.

[RG Notch]

Python46, on 05 August 2012 - 10:27 PM, said:

if they ever have any information, such as credit card and bank account info, stored on their end, or they make it possible to transfer c-bills, m-cash and mechs to other players, an authenticator would make sense. but, if they do none of that, there's no reason to bother because there's no real reason for real hackers to try and hack your account. and if there's no real world benefit, true hackers aren't bothering with it.

as for Notch, if you really believe that your luck so far means that you'll never get hacked, without participating in some risky activities or that it's very unlikely to ever happen, you sadly don't understand much about today's world and computers within it. people hack facebook accounts all the time, whether the user visits questionable sites or not and there's not really much on facebook that's of any real world value, other than possibly names, addresses and phone numbers. and given the proliferation of virii on the web, sooner or later, you're going to get hit with something. so, count your blessings about not having had an account hacked so far. but, as long as you keep playing online games, your day is likely coming.

honestly, though, anyone who wants to avoid any real impact from hacking should 1) not store any sensitive information on their MWO account profile(credit card info, especially) 2) change your password frequently and use combinations of letters and numbers you can remember, but which shouldn't be obvious, even to people who know you, 3) never share your login information with anyone and 4) never click links in emails, with regard to your online gaming accounts, except authentication emails you are expecting. half the WoW kids who get hacked do so because they get some bogus email, telling them to go verify their account through this link. and very few of them have the status bar set to display the actual link behind the tag they are clicking, so they don't see they aren't going to the site they expected(though it will look just like it). if your browser has the option to display the actual http information when you mouse over a link, turn it on and know where you are going. you'll avoid a ton of grief that way.

I understand modern hacking perfectly well I understand all the new kiddies who don't need capitalization think they invented the internets, but those of us old enough to use proper English on the web know how to operate. Nothing has fundamentally changed, if a company gets hacked on their end, that's their issue, no one is hacking any of my gaming accounts sans my choice to engage in unsavory activities. Fearmonger all you like, buy authenicators if you think they will protect you. A fool and his money are lucky enough to come together in the first place.

[DeeSaster]

Ignorance is bliss...

[Lucius Prospero]

Pointless in MWO. There's nothing to steal. You can't trade between players.

[Deathz Jester]

RG Notch, on 03 August 2012 - 07:02 AM, said:

Never used one, never been hacked. I don't know anyone who was hacked, unless they bought gold or went to some fishy site. Don't buy gold , don't look for cheats don't get hacked. Simple formula that has worked for me and everyone I know so far. If they want to sell one to dupes I say go for it and more money for development.

I had a WoW account that got hacked 2 months ago. I haven't played WoW since I started playing it in 2008 and stopped in 2009. I use the free* Blizzard Authenticator on my Android phone, after changing my password on my battlenet account.


I guess what I'm getting at is I didn't touch my account, and it got hacked without me having "done something fishy". Blizzard sent me an email saying that my battlenet account was going to be banned (not just my WoW account) if I didn't "do something about it". So I had them ban just my WoW account since I never plan on playing it ever again, and I downloaded & synced my authenticator since I do play Starcraft 2 & Diablo 3.


I'd rather have an authenticator and not need it than need it and not have it.



*Yes I pay to use my phone, and in turn blizzard gets a cut from my service provider most likely so one could argue that it is not free, however the download did not cost me anything.

Edited by Iron Harlequin, 06 August 2012 - 12:56 PM.

[Hawg]

Everywhere, where I spend real money and are able to lose it through some croock cracking my account I want the necessary security that I don't have the damage e.g. losing values I spend real money for.

Having a secure password is one thing, but a keylogger is something else where the complexity of my password gets irrelevant. Time based token login fixes that and makes cracking an account much much harder.

If everything that can happen by selling my stuff is that I get the 100 percent virtual money back, then I think no authenticator is necessary. But in case I lose money I spend, then I think its a neccecary thing.

Edited by Hawg, 06 August 2012 - 01:13 PM.

[Deathz Jester]

Hawg, on 06 August 2012 - 01:12 PM, said:

Everywhere, where I spend real money and are able to lose it through some croock cracking my account I want the necessary security that I don't have the damage e.g. losing values I spend real money for.

Having a secure password is one thing, but a keylogger is something else where the complexity of my password gets irrelevant. Time based token login fixes that and makes cracking an account much much harder.

If everything that can happen by selling my stuff is that I get the 100 percent virtual money back, then I think no authenticator is necessary. But in case I lose money I spend, then I think its a neccecary thing.

Well as an example, say someone hacks your account.

You payed $60 for Elite Founder right?

now this is hypothetical

but say they log in with your account, and again I say hypothetically they can do this, they log in and then they Sell your founders mech, and use up all your ingame currency ($80) on pointless crap, and sell anything you had thus leaving your account broke.


You've now been robbed of atleast $80 worth of real money.

Edited by Iron Harlequin, 06 August 2012 - 01:26 PM.

[DFDelta]

Iron Harlequin, on 06 August 2012 - 12:53 PM, said:

I'd rather have an authenticator and not need it than need it and not have it.

I'd like to join in on this point.
My Diablo 3 account got hacked about 3 weeks ago, and it could not really be from a fault on my end.

- I did not play any bnet games for weeks before, so a recent not-yet-found keylogger can be ruled out.
- All my passwords are unique (as in I never use a pw for more then one thing. Except for that one pw that I use for any account that is not important and that does not contain any useful information),
- I do all the "fishy" things on an entirely different computer that is set up only for those things (it is not even connected to my Hamachi or oldschool LAN network)
- My computer reserved for gaming and important things runs several security programms.
- Goldsellers or other external sites that might require info on my game account are right out. Besides not being stupid enough to do it I'm also not a first gen gamer constantly complaining about modern games being to easy to go and buy myself an advantage for money.

And still my battlenet account somehow got hacked.
Started using Authentificators after this, and I really agree to the quote.

Edited by DFDelta, 06 August 2012 - 01:39 PM.

[R0AHN]

TL;DR version:

The likelihood of this kind of attack is a lot lower than you might think. There is always going to be someone who will try regardless, but unless PGI is absolutely a mess with their security most of these attacks will be prevented. Major breaches are like what happened with Sony, which was sheet sloppiness on their part.


Technical version:

In order for there to be any risk of an attack, there are a few things that need to be considered...

1. Vulnerability: In order for an attack to occur, there must be a vulnerability that can be exploited; in other words, there needs to be a crack in the wall. No system is perfect and there will *always* be a vulnerability somewhere. This is where regular patching comes into play, where known vulnerabilities are patched or otherwise mitigated.

2. Threat agents: These are the people who perpetrate the attack; these are your hackers and crackers. They can range in age and skill from simple "script kiddies" to actual "professionals".

3. Threat (a.k.a. motivation): Why does someone want to attack the system? In the case of MW:O some of the MMO motivations do not exist, such as tradeable items, gold, etc. Does this threat exist? Maybe. Everyone will find out eventually. A larger motivating factor is quite simple: money. Credit card information is very valuable to the right people. However, there are certain safeguards in place. For instance, PGI (or whatever third-party they may have that deals with payments) cannot process credit card transactions without obeying an industry standard known as PCI-DSS (http://en.wikipedia.org/wiki/PCI-DSS) whose qualifications vary based on how many transactions annually are processed. This helps ensure that certain safeguards are in-place anywhere that deals with credit card transactions. For a more secure payment method, PayPal is available so that you don't even give out your credit card information to more than one place.

4. Cost: Authenticators are a nice idea and they provide another layer of defense, but now you need to set up additional servers to handle the token requests (which is a *major* workload, considering how many people have already pre-ordered) and that will cost additional money both in the short- and long-term.

In order for something like this to be implemented, there needs to be a conclusively established risk. Moreover, the cost of implementing this kind of system needs to be justified - without that justification, it does not make business sense to apply it.

Also, running a "free" authenticator over your phone does not reduce risk of attack - it increases it, as you have just opened up another vector for attack via a networked device. And due to the nature of these kinds of "free" programs, they may not have been made by the creators of the game and are instead a piece of malware; some are crafted so close to the original it is extremely difficult to tell before use. There are individual RSA token generators that exist, but there is a cost to those that, when non-subsidized, can be a bit of an investment.

In summation: probably not.

[Wizywig]

Google Authenticator is a wonderful solution. And its free. Super easy to integrate (gimme an hour and the source code and I can probably hack it into the server) and available as tools for android/iphone. I use it for everything I can including LastPass/Gmail.

[Blackfire1]

NO! NO NO NO. Authenticators DON'T WORK! There are Millions of ways around them Authenticators was blizzards way of making more money.

Get a GOOD password and you'll be fine.

[Mota Prefect]

If people were just a bit smarter or actually used some common sense when making their passwords there would be no need for any type of special authenticator. So with that being said, make sure you're passwords are secure using numbers, letters, and upper/lower case with at least 12 characters. Using that simple pretext will make 99% or your passwords secure from hackers and protect your accounts and computers.