test content
Logo
What is the Arc Client?
Install Arc
Options
Suggestion For Security Improvement
nokie321
Member Posts: 14 Arc User
Having been recently hacked (feb 24-26, 2014) and lost 2m+ AD, hundreds of gold, 38k zen from AD (yes, I've been playing for a long time and farming A LOT), perfect vorpal, and everything valuable even bags and injury kits, I would like to suggest some improvements for our security as customers and as players.
No reply help from support for my lost zen --- probably still under investigation.
1) Give the players the option of creating passwords for:
-Bank access
-Inventory access
-Equipment, equipping, unequipped, etc etc password for that too
-Password before having the ability to trade anything
2) Give the players the option to "lock" their account for a certain set of time. In other games, you can fight and farm even when your account is locked for any other activity. Or lock and disable login unless the time is up, or give a password to open or unlock it.
3) Give us the ability to code lock our guild banks. (Edit: The hacker/s took vorpals from our guild bank ad 578+gold, and other items too)
These added layer of optional security can help preserve our accounts unharmed. And the moment we log off, it would be automatic or we can set it to automatically ask for the password for a certain action again.
Added note, with all the number hacked cases, please dear PWE and Cryptic, do something. My "hacked" post was immediately closed, but I hope SOMEONE would read this and pass this suggestion to the proper team.
No reply help from support for my lost zen --- probably still under investigation.
1) Give the players the option of creating passwords for:
-Bank access
-Inventory access
-Equipment, equipping, unequipped, etc etc password for that too
-Password before having the ability to trade anything
2) Give the players the option to "lock" their account for a certain set of time. In other games, you can fight and farm even when your account is locked for any other activity. Or lock and disable login unless the time is up, or give a password to open or unlock it.
3) Give us the ability to code lock our guild banks. (Edit: The hacker/s took vorpals from our guild bank ad 578+gold, and other items too)
These added layer of optional security can help preserve our accounts unharmed. And the moment we log off, it would be automatic or we can set it to automatically ask for the password for a certain action again.
Added note, with all the number hacked cases, please dear PWE and Cryptic, do something. My "hacked" post was immediately closed, but I hope SOMEONE would read this and pass this suggestion to the proper team.
Post edited by nokie321 on
0
This discussion has been closed.
Comments
Oh the irony - the first response is a bot scam......
More pertinently what about (optional) WOW-style account authenticators?
We seriously need some European/Asian mods to deal with toolbags like this guy/bot ( he replied in one thread so I have no idea what it is lol )
Yes, I've played a lot of games that have this option too. Well, there are so many hacked cases now, if they put the security at the bottom of their to do list, who knows how many more players will they lose? I really hope they would increase the security. The game is fun to play, but what is fun if you feel unsafe and that things can disappear in a matter of hours.
Great Weapon Fighter: Because when is today not a good day to die?
PC and PS4 player. Proud Guildmaster for PS4 Team Fencebane. Rank 5 Officer for PC Team Fencebane. Visit us at http://fencebane.shivtr.com
neither is it the first Perfect World game I've played. I've been playing for more than a decade now.
Please do not put the blame on players for this issue. <<Removed per section V of RoC>>
There are A LOT of cases being reported. And there are also cases posted here,
and there are other more cases not posted here. So the things we read and see are
probably just half of the affected population. I spend on my pc's protection,
I'm not using the free software and such, knowing that in this game
is the only one thing breached in my system makes me believe that it's not my fault
Please don't pull the "you visit this and this site or you didn't do this and that" old excuse.
There are probably players hacked that were not cautious, but I am not the only
cautious player that was hacked.
they would need your pass,login name or emailadres but also to be able to see your emails.
no protection against that if that happened to you ;p
but i`d like to see more security as well if i hear it likethat.
the things mentioned would be good.
with 38k zen you can`t realy exclude it`s a targeted thing, if someone knew.
can`t trust anyone realy
also with sending picture files or something through msn,skype whatever.
There's still something amiss, your posts seem to come out a hideous green colour.
lol I thought it looks refreshing T_T
I doubt that it was a specific target per se. The same exact situation with no traces of anomaly in e-mail happened to some victims I've talked to while trying to make a sense out of things. And read similar experiences online, too. They probably just got lucky on mine.
would make a nice youtube vid.
or your kids or something
we used to steal from our moms wallet, but with all this plastic credit stuf card kids go after zen now ;p
It still does not absolve players of the responsibility of making sure their own PCs are secure. That's something that Cryptic can't do anything about. Blaming the company for the issue isn't helpful either.
As for your removed comment, please mind Rules of Conduct and discuss moderation issues via PM or the support webpage. Thank you.
Great Weapon Fighter: Because when is today not a good day to die?
PC and PS4 player. Proud Guildmaster for PS4 Team Fencebane. Rank 5 Officer for PC Team Fencebane. Visit us at http://fencebane.shivtr.com
So basically they can be watching you while you type in passwords for everything and gain access to all of those passwords to do anything they want before you remove the spyware.
What I would suggest is this:
A: Give us the same notification for the game that you do for the gateway so that if someone logs in from an IP address other than the one we locked when we login the first time, it will not only lock them out but it will also notify us of their attempt.
B: Make darned sure that when logging into one game your login server absolutely at the very least logs us out of all other games. When I was hacked I was playing STO at the time, no email, no notification, nothing, while I was blowing up Voth in my Dyson Science ship they were going through my things on NWO and selling my Zen transfering as much AD out as possible.
C: I'd also like to see an authenticator system. Between the Authenticator (which can be made into a free mobile app) and the IP lockout system that they use for Gateway it would make it very difficult for hackers to get into the game.
Now this I totally agree with. I was so glad they did this in other game titles because it prevented the hackers from learning my login from keyloggers.
That actually doesn't satisfy the problem. It's the responsibility of both parties to make sure. In my case, I wasn't hacked until 5 days after downloading and using ARC despite using all of the precautionary measures as a long time MMO gamer who knows the security problems that come with games like these.
The hacking not only should not have occurred but it should not have occurred while I was logged into another game owned by PWE and developed by another branch of Cryptic. The responsibility is definitely NOT one sided and thus the need for these threads until proper security measures are developed and put in place by PWE/Cryptic.
They have one of the successful tools already being used in Gateway, it's not that difficult to port this system with an IP blocker setup to their games, only to be unlocked by using the pin sent via email. Nor is it difficult to make sure their login servers actually prevent logins from happening in other game titles while you're logged into another title by the same company.
getting hacked isn't a matter of someone isolating your IP and invading your firewall. to access your systems, they need to somehow insert a back door or get access to your login information. they do that by either tricking you into clicking on something or installing something that will grant them access to your passwords. these people are usually pretty smart and they know about the account guard process and if they can get your game password, they can also get your email passwords. they can log into your accounts and change your email or do whatever necessary in a short amount of time to get what they're after. so your best defense is to:
while adding additional security options in-game may make it more difficult to access your items, if a keylogger is being used or some other method of extracting your keystrokes then it doesn't matter where the security points are. you can still have your account compromised if you're not careful. this is your responsibility. PWE offers KB articles that can assist you in keeping your account information safe and secure, however it is not their responsibility to monitor your online activities. that is well beyond their scope.
Time based verification codes are virtually impossible to hack without compromising both devices. All the keylogging in the world won't help you if you don't know the key for generating the codes, stored on ones mobile phone. Cheap standardized key-chain version are available for those without smart phones.
It's an easy to implement, very secure, solution.
I would like to add that when you go to the in-game bank, the Banker says: "Manycoins Bank! Know your valuables are safe and sound!" ..and yet offers no way to actually make it safe.
check out Requiem Bloodymare make an acct, you have to use an onscreen key pad to put in your acct pen number, the numbers move each time you click one, this makes a key logger utterly useless.
yes players need to take security seriously, but so do developers, the game i mentioned in my other post took it overboard using an onscreen keyboard that did the same thing as the number pad and it got REALLY old REALLY fast.....(specially with the password being at least 16chars long and a mix of numbers letters and ascii......)
I think an optional pen number system like this would be good at least for bank access and transfers of ad/zen/ect...sure it would be anoying at times but, hell you could just have it ask once per game session/login or the option to do it per item/instance.
Again, ultimately it is the responsibility of the player to keep their accounts secure. Cryptic does offer Account Guard to help cut down on the risk of being hacked. However, there are so many other avenues to being hacked that have absolutely NOTHING to do with PWE or Cryptic, and there is a limit to what Cryptic can do.
Great Weapon Fighter: Because when is today not a good day to die?
PC and PS4 player. Proud Guildmaster for PS4 Team Fencebane. Rank 5 Officer for PC Team Fencebane. Visit us at http://fencebane.shivtr.com