test content
What is the Arc Client?
Install Arc

Suggestion For Security Improvement

nokie321nokie321 Member Posts: 14 Arc User
edited March 2014 in General Discussion (PC)
Having been recently hacked (feb 24-26, 2014) and lost 2m+ AD, hundreds of gold, 38k zen from AD (yes, I've been playing for a long time and farming A LOT), perfect vorpal, and everything valuable even bags and injury kits, I would like to suggest some improvements for our security as customers and as players.

No reply help from support for my lost zen --- probably still under investigation.

1) Give the players the option of creating passwords for:
-Bank access
-Inventory access
-Equipment, equipping, unequipped, etc etc password for that too
-Password before having the ability to trade anything

2) Give the players the option to "lock" their account for a certain set of time. In other games, you can fight and farm even when your account is locked for any other activity. Or lock and disable login unless the time is up, or give a password to open or unlock it.

3) Give us the ability to code lock our guild banks. (Edit: The hacker/s took vorpals from our guild bank ad 578+gold, and other items too)

These added layer of optional security can help preserve our accounts unharmed. And the moment we log off, it would be automatic or we can set it to automatically ask for the password for a certain action again.

Added note, with all the number hacked cases, please dear PWE and Cryptic, do something. My "hacked" post was immediately closed, but I hope SOMEONE would read this and pass this suggestion to the proper team.
Post edited by nokie321 on

Comments

  • mconosrepmconosrep Member Posts: 0 Arc User
    edited March 2014
    nokie321 wrote: »

    Added note, with all the number hacked cases, please dear PWE and Cryptic, do something. My "hacked" post was immediately closed, but I hope SOMEONE would read this and pass this suggestion to the proper team.

    BOT SCAM


    Oh the irony - the first response is a bot scam......

    More pertinently what about (optional) WOW-style account authenticators?
  • iambecks1iambecks1 Member Posts: 4,044 Arc User
    edited March 2014
    We had item locks in Grand fantasia and Eden eternal when I played those games, if nothing else it adds another level of security to your character and in a worst case scenario at least they haven't the ability to strip your gear and enchantments if your account gets compromised ( unless you locked your gear after you got keylogged ) , if the people who make those games can add such security then I can't see why Cryptic couldn't ,the only thing is that such a thing would probably be at the bottom of an already long 'to do ' list .
    *Idiot Nonsense Snipped*

    We seriously need some European/Asian mods to deal with toolbags like this guy/bot ( he replied in one thread so I have no idea what it is lol )
    YourSecretsAreOurSecrets.gif
  • veramis1veramis1 Banned Users Posts: 191 Bounty Hunter
    edited March 2014
    There are anti-keylogger software. Spyshelter is highly regarded but costs money for version that supports 64 bit os.
  • nokie321nokie321 Member Posts: 14 Arc User
    edited March 2014
    iambecks1 wrote: »
    We had item locks in Grand fantasia and Eden eternal when I played those games, if nothing else it adds another level of security to your character and in a worst case scenario at least they haven't the ability to strip your gear and enchantments if your account gets compromised ( unless you locked your gear after you got keylogged ) , if the people who make those games can add such security then I can't see why Cryptic couldn't ,the only thing is that such a thing would probably be at the bottom of an already long 'to do ' list .
    )

    Yes, I've played a lot of games that have this option too. Well, there are so many hacked cases now, if they put the security at the bottom of their to do list, who knows how many more players will they lose? I really hope they would increase the security. The game is fun to play, but what is fun if you feel unsafe and that things can disappear in a matter of hours.
  • nokie321nokie321 Member Posts: 14 Arc User
    edited March 2014
    Also, have a separate login for the forum and the game.
  • nokie321nokie321 Member Posts: 14 Arc User
    edited March 2014
    New hacked cases again, please tighten security.
  • lewstelamon01lewstelamon01 Member Posts: 7,415 Arc User
    edited March 2014
    Here is a general thread with some account security tips. Bottom line, though, is that the first, last, and best line of defense against hacking is the diligence you provide to your own computer security.
    ROLL TIDE ROLL

    Great Weapon Fighter: Because when is today not a good day to die?

    PC and PS4 player. Proud Guildmaster for PS4 Team Fencebane. Rank 5 Officer for PC Team Fencebane. Visit us at http://fencebane.shivtr.com
  • nokie321nokie321 Member Posts: 14 Arc User
    edited March 2014
    No offense meant and with all due respect but -> Neverwinter is not the first game I've played,
    neither is it the first Perfect World game I've played. I've been playing for more than a decade now.
    Please do not put the blame on players for this issue. <<Removed per section V of RoC>>
    There are A LOT of cases being reported. And there are also cases posted here,
    and there are other more cases not posted here. So the things we read and see are
    probably just half of the affected population. I spend on my pc's protection,
    I'm not using the free software and such, knowing that in this game
    is the only one thing breached in my system makes me believe that it's not my fault :)
    Please don't pull the "you visit this and this site or you didn't do this and that" old excuse.

    There are probably players hacked that were not cautious, but I am not the only
    cautious player that was hacked.
  • tcarncetcarnce Member, NW M9 Playtest Posts: 976 Arc User
    edited March 2014
    i don`t get how you get hacked with account guard on.
    they would need your pass,login name or emailadres but also to be able to see your emails.
    no protection against that if that happened to you ;p
    but i`d like to see more security as well if i hear it likethat.
    the things mentioned would be good.
  • nokie321nokie321 Member Posts: 14 Arc User
    edited March 2014
    I don't get it, too. I have the account guard on, like I've said NW is not my first game and I've been playing since my early high school years, and I'm an oldie now lol and I am cautious about these things. But I've talked with people with similar experiences trying to figure out how this happened. And most of them didn't have any anomaly in their email as well just like I did --- like everything else was bypassed. But some of the victims have had their email accessed from a certain country. Mine had no traces at all. I had my pc checked as well.
  • tcarncetcarnce Member, NW M9 Playtest Posts: 976 Arc User
    edited March 2014
    yes scary stuf if it realy isn`t done with loggers.
    with 38k zen you can`t realy exclude it`s a targeted thing, if someone knew.
    can`t trust anyone realy :D
    also with sending picture files or something through msn,skype whatever.
  • kattefjaeskattefjaes Neverwinter Beta Users, Neverwinter Hero Users Posts: 2,270 Bounty Hunter
    edited March 2014
    nokie321 wrote: »
    I had my pc checked as well.

    There's still something amiss, your posts seem to come out a hideous green colour.
  • nokie321nokie321 Member Posts: 14 Arc User
    edited March 2014
    kattefjaes wrote: »
    There's still something amiss, your posts seem to come out a hideous green colour.

    lol I thought it looks refreshing T_T
  • nokie321nokie321 Member Posts: 14 Arc User
    edited March 2014
    tcarnce wrote: »
    yes scary stuf if it realy isn`t done with loggers.
    with 38k zen you can`t realy exclude it`s a targeted thing, if someone knew.
    can`t trust anyone realy :D
    also with sending picture files or something through msn,skype whatever.

    I doubt that it was a specific target per se. The same exact situation with no traces of anomaly in e-mail happened to some victims I've talked to while trying to make a sense out of things. And read similar experiences online, too. They probably just got lucky on mine.
  • chrcorechrcore Member Posts: 329 Bounty Hunter
    edited March 2014
    It should be easy for support to tell if a "new" computer accessed the account recently. Any of that should have triggered account guard, but if they got the pw for both your account and email they could simply have deleted the account guard emails.
  • tcarncetcarnce Member, NW M9 Playtest Posts: 976 Arc User
    edited March 2014
    if no one accesed from another computer it could have been your brother,sister, babysitter or your mom making a quick buck.
    would make a nice youtube vid.
    or your kids or something :D
    we used to steal from our moms wallet, but with all this plastic credit stuf card kids go after zen now ;p
  • lewstelamon01lewstelamon01 Member Posts: 7,415 Arc User
    edited March 2014
    nokie321 wrote: »
    No offense meant and with all due respect but -> Neverwinter is not the first game I've played,
    neither is it the first Perfect World game I've played. I've been playing for more than a decade now.
    Please do not put the blame on players for this issue. <<Comment redacted per section V>>
    There are A LOT of cases being reported. And there are also cases posted here,
    and there are other more cases not posted here. So the things we read and see are
    probably just half of the affected population. I spend on my pc's protection,
    I'm not using the free software and such, knowing that in this game
    is the only one thing breached in my system makes me believe that it's not my fault :)
    Please don't pull the "you visit this and this site or you didn't do this and that" old excuse.

    There are probably players hacked that were not cautious, but I am not the only
    cautious player that was hacked.

    It still does not absolve players of the responsibility of making sure their own PCs are secure. That's something that Cryptic can't do anything about. Blaming the company for the issue isn't helpful either.

    As for your removed comment, please mind Rules of Conduct and discuss moderation issues via PM or the support webpage. Thank you.
    ROLL TIDE ROLL

    Great Weapon Fighter: Because when is today not a good day to die?

    PC and PS4 player. Proud Guildmaster for PS4 Team Fencebane. Rank 5 Officer for PC Team Fencebane. Visit us at http://fencebane.shivtr.com
  • icarius1icarius1 Member Posts: 1 Arc User
    edited March 2014
    I don't think account guard works for the game client, just for web portal and acc login on the web page?
  • tcarncetcarnce Member, NW M9 Playtest Posts: 976 Arc User
    edited March 2014
    icarius1 wrote: »
    I don't think account guard works for the game client, just for web portal and acc login on the web page?
    both gateway and game
  • benskix2benskix2 Member, NW M9 Playtest Posts: 674 Arc User
    edited March 2014
    I would be interested to see what percentage of the people being hacked had visited a 3rd party AD selling web site. I suspect there is a correlation.
  • the1tiggletthe1tigglet Member, Neverwinter Beta Users, Neverwinter Hero Users Posts: 1
    edited March 2014
    This wouldn't work because some of the easiest methods these hackers use to gain access to our accounts is via keylogger software which is installed in much the same way other malware, viruses are installed, behind closed doors in our browsers or network connections.

    So basically they can be watching you while you type in passwords for everything and gain access to all of those passwords to do anything they want before you remove the spyware.

    What I would suggest is this:

    A: Give us the same notification for the game that you do for the gateway so that if someone logs in from an IP address other than the one we locked when we login the first time, it will not only lock them out but it will also notify us of their attempt.

    B: Make darned sure that when logging into one game your login server absolutely at the very least logs us out of all other games. When I was hacked I was playing STO at the time, no email, no notification, nothing, while I was blowing up Voth in my Dyson Science ship they were going through my things on NWO and selling my Zen transfering as much AD out as possible.

    C: I'd also like to see an authenticator system. Between the Authenticator (which can be made into a free mobile app) and the IP lockout system that they use for Gateway it would make it very difficult for hackers to get into the game.
  • the1tiggletthe1tigglet Member, Neverwinter Beta Users, Neverwinter Hero Users Posts: 1
    edited March 2014
    nokie321 wrote: »
    Also, have a separate login for the forum and the game.

    Now this I totally agree with. I was so glad they did this in other game titles because it prevented the hackers from learning my login from keyloggers.
  • the1tiggletthe1tigglet Member, Neverwinter Beta Users, Neverwinter Hero Users Posts: 1
    edited March 2014
    Here is a general thread with some account security tips. Bottom line, though, is that the first, last, and best line of defense against hacking is the diligence you provide to your own computer security.

    That actually doesn't satisfy the problem. It's the responsibility of both parties to make sure. In my case, I wasn't hacked until 5 days after downloading and using ARC despite using all of the precautionary measures as a long time MMO gamer who knows the security problems that come with games like these.

    The hacking not only should not have occurred but it should not have occurred while I was logged into another game owned by PWE and developed by another branch of Cryptic. The responsibility is definitely NOT one sided and thus the need for these threads until proper security measures are developed and put in place by PWE/Cryptic.

    They have one of the successful tools already being used in Gateway, it's not that difficult to port this system with an IP blocker setup to their games, only to be unlocked by using the pin sent via email. Nor is it difficult to make sure their login servers actually prevent logins from happening in other game titles while you're logged into another title by the same company.
  • heyrogersheyrogers Member, Cryptic Developer Posts: 180 Cryptic Developer
    edited March 2014
    There are some interesting suggestions in this thread. I'll forward them to the devs and we can look into how feasible some of them would be to implement.
  • melodywhrmelodywhr Member Posts: 4,220 Arc User
    edited March 2014
    adding additional logins to in-game accesses like my bank storage, etc in my opinion is overkill.

    getting hacked isn't a matter of someone isolating your IP and invading your firewall. to access your systems, they need to somehow insert a back door or get access to your login information. they do that by either tricking you into clicking on something or installing something that will grant them access to your passwords. these people are usually pretty smart and they know about the account guard process and if they can get your game password, they can also get your email passwords. they can log into your accounts and change your email or do whatever necessary in a short amount of time to get what they're after. so your best defense is to:
    1. stay away from questionable websites
    2. be mindful of what links you're clicking on - some software can be installed by way of javascript
    3. keep your OS up to date with security patches
    4. use up to date anti-virus software and anti-spyware software
    5. trust no one! your friends can have their email accounts hacked so it looks like they're sending you links that can compromise your own security.
    6. make sure neverwinter links you click on are from arcgames.com or neverwinter.com or perfectworld.com - if it has extra dots and extensions on it, it's not real and is likely a phishing site.


    while adding additional security options in-game may make it more difficult to access your items, if a keylogger is being used or some other method of extracting your keystrokes then it doesn't matter where the security points are. you can still have your account compromised if you're not careful. this is your responsibility. PWE offers KB articles that can assist you in keeping your account information safe and secure, however it is not their responsibility to monitor your online activities. that is well beyond their scope.
  • macaran5123macaran5123 Member Posts: 122 Arc User
    edited March 2014
    I'd just like to see an option to use a time based verification code on each login. A large number of people have cell phones and I know android has a free google app that you just scan a bar code and you're set up. I'm sure iOS has something similar. I personally love the android app and I currently have 3 accounts listed in it, all set up with a quick picture of my computer screen.

    Time based verification codes are virtually impossible to hack without compromising both devices. All the keylogging in the world won't help you if you don't know the key for generating the codes, stored on ones mobile phone. Cheap standardized key-chain version are available for those without smart phones.

    It's an easy to implement, very secure, solution.
  • killerellakillerella Member Posts: 215 Arc User
    edited March 2014
    nokie321 wrote: »


    1) Give the players the option of creating passwords for:
    -Bank access
    -Inventory access
    -Equipment, equipping, unequipped, etc etc password for that too
    -Password before having the ability to trade anything

    I would like to add that when you go to the in-game bank, the Banker says: "Manycoins Bank! Know your valuables are safe and sound!" ..and yet offers no way to actually make it safe.
  • jazharajazhara Member, Neverwinter Beta Users Posts: 0 Arc User
    edited March 2014
    melodywhr wrote: »
    while adding additional security options in-game may make it more difficult to access your items, if a keylogger is being used or some other method of extracting your keystrokes then it doesn't matter where the security points are. you can still have your account compromised if you're not careful. this is your responsibility.

    check out Requiem Bloodymare make an acct, you have to use an onscreen key pad to put in your acct pen number, the numbers move each time you click one, this makes a key logger utterly useless.

    yes players need to take security seriously, but so do developers, the game i mentioned in my other post took it overboard using an onscreen keyboard that did the same thing as the number pad and it got REALLY old REALLY fast.....(specially with the password being at least 16chars long and a mix of numbers letters and ascii......)

    I think an optional pen number system like this would be good at least for bank access and transfers of ad/zen/ect...sure it would be anoying at times but, hell you could just have it ask once per game session/login or the option to do it per item/instance.
  • lewstelamon01lewstelamon01 Member Posts: 7,415 Arc User
    edited March 2014
    Okay, I think this thread has run its course and needs to be closed down because it's going to keep going back and forth, "no, it's YOUR fault, not OURS...."

    Again, ultimately it is the responsibility of the player to keep their accounts secure. Cryptic does offer Account Guard to help cut down on the risk of being hacked. However, there are so many other avenues to being hacked that have absolutely NOTHING to do with PWE or Cryptic, and there is a limit to what Cryptic can do.
    ROLL TIDE ROLL

    Great Weapon Fighter: Because when is today not a good day to die?

    PC and PS4 player. Proud Guildmaster for PS4 Team Fencebane. Rank 5 Officer for PC Team Fencebane. Visit us at http://fencebane.shivtr.com
This discussion has been closed.