55 replies to this topic

[Genghis Black Death Khan]

I don't know if this has been discussed or not, but with the recent increase in account hacking with games that deal in real life currency is a serious issue.

I was wondering if Pirahna had any plans to install any form of security via authenticator, whether it be key fob or phone application to ensure the security of our accounts?

[RG Notch]

Never used one, never been hacked. I don't know anyone who was hacked, unless they bought gold or went to some fishy site. Don't buy gold , don't look for cheats don't get hacked. Simple formula that has worked for me and everyone I know so far. If they want to sell one to dupes I say go for it and more money for development.

[AXE MURDERER]

My stance is that while hacking probably won't happen, it really really sucks when it does. It's worth your money to avoid it.

[Devilsjoy]

Don’t see a need, unless a system to transfer c-bills across accounts is implemented you shouldn’t have the issue other games had with currency. The bigger issue would be to make sure the payment system your using to buy your items for the game is secure, I am comfortable with PayPal route.

I guess you could hire someone to level your account but your giving someone control anyway. Probably deserve to have your account hijacked and sold off to someone else if you go that route. I just don’t see much of incentive to do this but could happen.

Edited by Devilsjoy, 03 August 2012 - 07:21 AM.

[Redshift2k5]

with no in-game trading or payer to player transactions, what would they do with your account if they did login? As long as the point of sale is secure (and authenticators don't cover point of sale) it should be fine.

[FoXabre]

Unless your credit info is saved I don't think there is a reason to have an authenticator. The most a hacker could do is sell your 'Mechs on you, Or if he/she were a nice hacker, they'd grind some C-Bills or XP for you. Maybe make some improvements on your 'Mechs.

[DeeSaster]

RG Notch, on 03 August 2012 - 07:02 AM, said:

Never used one, never been hacked. I don't know anyone who was hacked, unless they bought gold or went to some fishy site. Don't buy gold , don't look for cheats don't get hacked. Simple formula that has worked for me and everyone I know so far. If they want to sell one to dupes I say go for it and more money for development.

Two pretty close friends got hacked and looted clean in two different MMOs so far. We are close enough for them to tell me if they bought gold or checked out botting sites. Hacking happens and authenticators can help prevent it.

However especially after the insanity happening to Diablo 3 recently, authenticators aren't the solution to everything if the netcode sukks.

Also I agree to those people that ask for a use case. _IF_ there is no player to player trading possible (neither hard- nor softcash) in the final iteration of the game, hacking will probably not be a huge problem. It will then mainly get used to grief people and to keep players from being able to defend their territories in the clan war aspect of the game. Standard metagaming.

[Bitslizer]

Its not YOUR system that you have to worry about being hack

its OTHER WEBSITE with your username/password that get hack.

Games like Diablo3, majority of account hack are 3rd party website database getting hacked, then the hackers use login script to run through the list they stole to see which one work or don't work.

The worse are the website that store your password in plain text, you can tell those website when their password recovery/forget password actually send you your ACTUAL password back via email

Even encrypted/salted/hashed password are better but still can be brute forced, those are the website that ask you to set a new password when you forget password


That's a very good reason to not share password between different website/games.


As to if this game will be targted by hackers or not? that depends on if account selling will be profitable or not, since item are not trade able in game between palyers. If people are willing to pay real $ for high level account and its fairly common place, I can see account hacking being a problem

Edited by Bitslizer, 03 August 2012 - 07:46 AM.

[RG Notch]

DeeSaster, on 03 August 2012 - 07:45 AM, said:

Two pretty close friends got hacked and looted clean in two different MMOs so far. We are close enough for them to tell me if they bought gold or checked out botting sites. Hacking happens and authenticators can help prevent it.

However especially after the insanity happening to Diablo 3 recently, authenticators aren't the solution to everything if the netcode sukks.

Also I agree to those people that ask for a use case. _IF_ there is no player to player trading possible (neither hard- nor softcash) in the final iteration of the game, hacking will probably not be a huge problem. It will then mainly get used to grief people and to keep players from being able to defend their territories in the clan war aspect of the game. Standard metagaming.

So you don't actually have an example of some one who didn't buy gold or look for cheats then? Sorry stories about friends don't count.

[DeeSaster]

RG Notch, on 03 August 2012 - 08:32 AM, said:

So you don't actually have an example of some one who didn't buy gold or look for cheats then? Sorry stories about friends don't count.

If two close friends, that I played numerous MMOs with and that hang out on our mumble server don't count for you, I cannot help you...

//edited out a typo

Edited by DeeSaster, 03 August 2012 - 08:48 AM.

[Kartr]

Authenticators lead to laxity on both the companies end (Blizzard doesn't use case sensitivity on their passwords) and on the user end, by breeding a false sense of security. So no authenticator and require every password to be at least 16 characters long, 2 upper, 2 lower, 2 special and 2 numbers. And users should find some sort of phrase that makes it easy for them to remember the extremely long password. Mine is 20+ uses multiple case and character type changes and I can remember it with ease since its a ridiculous non-sense phrase I pieced together from random words. It's so hard to crack that password analyzers run out of room to display the number of days needed to crack it.

So no to authenticators, and everyone make better passwords and stop downloading ****!

[RG Notch]

DeeSaster, on 03 August 2012 - 08:47 AM, said:

If two close friends, that I played numerous MMOs with and that hang out on our mumble server don't count for you, I cannot help you...

//edited out a typo

Nope you can't.

[Jack Gallows]

I want one, I hope PGI implements them.

Kartr, on 03 August 2012 - 08:52 AM, said:

So no to authenticators, and everyone make better passwords and stop downloading ****!

How bout.....BOTH?

Edited by Jack Gallows, 03 August 2012 - 09:18 AM.

[Genghis Black Death Khan]

Back when I played World of Warcraft (the sorry days of my youth I try to forget), I was hacked numberous times. I never purchased gold, never used any forms of bots, and I'm EXTREMELY careful of what I click on regarding e-mails and website links.

As for this game, having your account hacked into and all of a sudden seeing a massive amount of money charged onto your credit card wouldn't exactly be the most ideal way to wake up in the morning. I know that some people say not to save your credit card information, which I do agree, but there are some that will since it is a bit of a hassle having to sometimes dig up that card. Same applies if you link your account to Paypal (if you can), that gives direct access to all sorts of information, including your bank account number.

Edited by Genghis Black Death Khan, 03 August 2012 - 09:23 AM.

[BJJKempoMan]

It's not just gold sites and cheating that are security breaches, it is also if you happen to use the same password (I personally don't, but some people do) for a fansite/clansite etc. I use an authenticator with Diablo III and Starcraft II. I use a free app on my phone that generates the number. It take about 10 extra seconds when I first log in to enter it.

[Rixx]

RG Notch, on 03 August 2012 - 07:02 AM, said:

Never used one, never been hacked. I don't know anyone who was hacked, unless they bought gold or went to some fishy site. Don't buy gold , don't look for cheats don't get hacked. Simple formula that has worked for me and everyone I know so far. If they want to sell one to dupes I say go for it and more money for development.

Gotta say, you're a tool.
I mean, I get it, it's easy to think this way, but it's wrong.
Just because it hasn't happened to you doesn't mean it's impossible.

I personally had an account hacked on a pc that I only used for 1 online game (and other single player games). I used other pcs for surfing the web. I had no add ons, no hacks, no cheats, no viruses, no malware, and had never purchased gold or shared my account details with anyone. My email hadn't been compromised (no password retrevial had been done on the account), I don't use the same passwords, and there should have been no viable way for someone to hack my account. But it happened anyways.

The only thing I can think of is some sort of security breach from the game company's side of things.

I had taken every precaution as I had been playing online games for eons.

I got an authenticator shortly after that event. Had a friend of mine who's account has hacked despite the authenticator. It's rare, but it can happen.

As for an authenticator for MWO....why?
Hacking in other games happens to steal stuff. They take in game credits and transfer them to other characters. Or they steal gear. Or they use your account for free to farm stuff to send to other accounts to make credits. All in an effort to then resell those credits to other people for real life cash.

MWO has no way to trade mechs, equipment or credits from account to account. There would be no gain from hacking an account. The worst they could do would be sell some stuff, but your account would get the credits. The absolute worst they could do would possibly be purchasing in game credits with your credit card if it's linked to the account, even then though, they'd need additional credit card info that isn't saved on the system. And in all those situations it would be easy enough for PGI to just reverse charges or reinstate the missing gear.

The fact that there is basically nothing to gain from hacking an account should keep the miscreants at bay.

[RG Notch]

Rixx, on 03 August 2012 - 10:47 AM, said:

Gotta say, you're a tool.
I mean, I get it, it's easy to think this way, but it's wrong.
Just because it hasn't happened to you doesn't mean it's impossible.

I personally had an account hacked on a pc that I only used for 1 online game (and other single player games). I used other pcs for surfing the web. I had no add ons, no hacks, no cheats, no viruses, no malware, and had never purchased gold or shared my account details with anyone. My email hadn't been compromised (no password retrevial had been done on the account), I don't use the same passwords, and there should have been no viable way for someone to hack my account. But it happened anyways.

The only thing I can think of is some sort of security breach from the game company's side of things.

I had taken every precaution as I had been playing online games for eons.

I got an authenticator shortly after that event. Had a friend of mine who's account has hacked despite the authenticator. It's rare, but it can happen.

As for an authenticator for MWO....why?
Hacking in other games happens to steal stuff. They take in game credits and transfer them to other characters. Or they steal gear. Or they use your account for free to farm stuff to send to other accounts to make credits. All in an effort to then resell those credits to other people for real life cash.

MWO has no way to trade mechs, equipment or credits from account to account. There would be no gain from hacking an account. The worst they could do would be sell some stuff, but your account would get the credits. The absolute worst they could do would possibly be purchasing in game credits with your credit card if it's linked to the account, even then though, they'd need additional credit card info that isn't saved on the system. And in all those situations it would be easy enough for PGI to just reverse charges or reinstate the missing gear.

The fact that there is basically nothing to gain from hacking an account should keep the miscreants at bay.

Just because it happened to you sans the usual routes doesn't mean it's likely. anything is possible. Like I said dupes and their money are parted every day far be it from me to stop someone from making a buck off of them. If it helps people feel the y are safe go for it, just don't try to act like it's any real danger, if you stay away from the obvious sources. Probability and possibility are two entirely different things. I didn't say it was impossible, I stated it never happened to me, nor anyone else I know (absent those who admitted to the actions I mentioned) in over a decade of online gaming. You draw your own conclusions for what you've experience and I from mine.

[Tomahawk1970]

Diablo 3 uses an authentication app that runs on my iPhone... it's free.

[Firemage]

I play SC2, wow, D3, a fair amount, and even with logging into other games, /cough, like Sins of a solar and others /cough, i find myself reaching for my authenticator token, i think they are wonderful tools.

Back when i played MUDs, someone who knew me tryed to hack my account but couldn't break my 16 chara password but it was a pain to remember that bloody thing.

[planetarian]

I think a system like SteamGuard is the best idea. TERA implemented this as well. If you log in from an unknown location, you have to verify it via a code sent to your email account.