test content
Logo
What is the Arc Client?
Install Arc
Account Guard now in Testing
Archived Post
Member Posts: 2,264,498 Arc User
Hello Captains,
At Cryptic Studios, we take the security of your account very seriously. To further advance our security measures, we are happy to announce that we are beginning testing of a new security feature to be included in all Cryptic Studios games. Account Guard is a new feature which is intended to help secure your Star Trek Online and/or Champions Online account from those who may try to maliciously access it.
This feature is being enabled on Tribble today, and well be watching the forums closely for your feedback regarding this feature. Weve also provided a brief FAQ, which you can see below, to answer some of the questions we know youll have regarding this feature.
Cheers,
Brandon =/\=
At Cryptic Studios, we take the security of your account very seriously. To further advance our security measures, we are happy to announce that we are beginning testing of a new security feature to be included in all Cryptic Studios games. Account Guard is a new feature which is intended to help secure your Star Trek Online and/or Champions Online account from those who may try to maliciously access it.
This feature is being enabled on Tribble today, and well be watching the forums closely for your feedback regarding this feature. Weve also provided a brief FAQ, which you can see below, to answer some of the questions we know youll have regarding this feature.
Cheers,
Brandon =/\=
Post edited by Archived Post on
0
Comments
Q: What is Account Guard?
A: Account Guard is a system designed to protect the account you use to log into Cryptic games from unwanted access. It keeps track of the computers you have authorized on your account, and notifies you when your account is accessed from an unauthorized computer.
***
Q: How does Account Guard notify me when my account is accessed from an unauthorized computer?
A: Account Guard sends a notification to the email address associated with your account. This email details the time the account was accessed, and the IP address from which the access was attempted.
Your account will be inaccessible from that location until the Account Guard code delivered in the email is submitted to the game or website.
***
Q: What do I do if the login attempt in the notification is not mine?
A: Your account will be inaccessible from an unauthorized location without the Account Guard code that is sent to you. However, if you receive a notification for an authorization attempt that didn't come from you, change your password immediately.
***
Q: How do I authorize a computer using Account Guard?
A: When Account Guard notices your account has been accessed from a new location, it will prompt you for a special one-time code. That code will be delivered to the email address associated with your account. For this reason, we ask that you ensure the email address associated with your account is current; you can do so in the "Settings" tab of your "My Account" page on our website. To authorize that location for your account, just submit the code at the prompt.
Until you decide to de-authorize the computer, your will be able to access that account, from that computer, without interruption.
If you receive an Account Guard notification from a computer you don't recognize, we recommend you change your password immediately. Instructions and links will be included in the notification that is delivered to your email address.
***
Q: Account Guard references my "computer name". What is that?
A: Your computer is assigned a name when the operating system is installed. Account Guard automatically fills in this information. If you desire, you can also type a different name for that computer at the time you authorize it.
***
Q: Can I opt out of Account Guard?
A: Yes. At this time you will need to Contact Customer Support to opt out of Account Guard.
***
Q: Can I rename the computer name associated with my account?
A: If you de-authorize your computer, and log in again, you can re-name your computer at the Account Guard prompt.
***
Q: Do I have to authorize my computer with Account Guard for each game separately?
A: No. Account Guard functions across all Cryptic games. If you authorize your computer with one Cryptic game, it will be authorized with all Cryptic games.
***
Q: Will Account Guard work with my Perfect World account? Which games have Account Guard protection?
A: Account Guard is currently only available on Cryptic Games such as Star Trek Online and Champions Online, but Account Guard will protect your account whether you access those games using a Cryptic or Perfect World login.
***
Q: How often do I have to authorize my account through Account Guard?
A: Only as often as you change computers. If you remain on the same account and computer, and do not remove authorization, Account Guard will not prompt you again.
***
Q: I received a prompt to enter a code through Account Guard, but I never received an email. Help!
A: Make sure you're checking the email address associated with your account. Also, be sure to check your spam folder. If you still don't receive an email, contact Customer Support. You may also want to add donotreply@crypticstudios.com to your emails spam whitelist or address book.
***
Q: Can I generate a new authorization email if the first one doesn't show up?
A: If you log into your account again, another email will be sent to the address associated with your account.
***
Q: For how long does my authorization code last? Does the code expire if I don't use it?
A: The code will expire after a period of time, after which point it cannot be used. If your code expires, you can log into the game again, at which point a new code will be sent to the email address associated with your account.
***
Q: I logged into the game but wasn't prompted for an Account Guard code. Why wasn't a code sent to me?
A: If you've never logged into a Cryptic game before, you will not be prompted to enter a code the first time you log into your account.
***
Q: I already registered a computer with my account, but Account Guard is prompting me for a code. Is there a limit to how many computers I can authorize against my account?
A: Currently, only 10 computers can be remembered on your account at one time. If you go over your limit, the computer that you accessed least recently will be forgotten, and you will have to re-authorize it.
***
Q: I keep entering the wrong code, and now I can't get into my account. Help!
A: If you enter the wrong code too often, you may be locked out of your account. If this happens, wait a while before attempting to log in again. If you still can't log into your account, contact Customer Support.
***
Q: How can I ensure the security of my account?
A: First of all, remember to change your password frequently! Also, make sure your password is secure and not easy to guess. For more information on generating secure passwords, follow this link:
http://www.microsoft.com/security/online-privacy/passwords-create.aspx
Keep your password unique. If you have multiple accounts, make sure they each have their own unique and secure password.
Yes in the redshirt forums
So, if we authorize a computer on Holodeck will we still need to authorize it on Tribble or vice versa?
indeed what he said.
If i go onto tribble now and do the authorization thing, when this goes to holodeck, will i have to do it again?
Because I see this happening:
1. I log into someone's account and get told to verify the computer. Now I know I have the right password.
2. I got startrekonline.com and login to their account. Now I change their email address so that emails goto my email.
3. I try logging in again, the code gets sent to MY email now. I authorize my computer, login, and wipe their fleet bank and personal bank out sending it all to some dummy account.
4. Rinse and Repeat.
We've heard that Cryptic will reimburse individual accounts as best they can but we also know by that same token that you have no desire to reimburse a FLEET for lost and/or stolen items. So if someone jacks my fleet leader's account and does the above they can then send all my fleet's items and money away and you won't do anything about it.
Now add in how much time and effort people will be investing in Starbases and the amount of resources being gathered for that and there's a whole new issue.
Sure the above procedure might assist in identifying the bad guys and all but then what? We MIGHT get everything back and we might not? The bad guy will get a ban? They email the stuff to a free account and disseminate it from there and there's no way you can ban/punish everyone that's touched that loot...
I'm just hoping this applies to both the My Account page and the Client otherwise it's only gonna stop the laziest of hackers.
Only if you log in from a different computer
Cheers,
Brandon =/\=
Indeed. Closing 1 door of 2 means hackers go for the one that's wide open and not booby-trapped. This, while easy to use, does not actually solve any fundamental account security problems at all. At best, it is poorly conceived. At worst, it is a red herring. It's like adding a lock to the glove box in your car to ensure your car isn't broken into.
It is just in testing now and Thanks for pointing this out to me the other day people do need to know about the threat is still there untill that 2nd door is shut.
Cheers.
Excuse the off topic but that made me giggle
.
What happens if like in my case where 3 brothers sharing the same computer and game and 3 different accounts, my question is to PWE_BranFlakes
1 lifetime account and 2 free to play
You want all items within our accounts in a single bank so hackers can cleanout an account even quicker, before extra security is added?
Offering such an ability in banking would probably encourage hacking big time. It would make it far more worth a hackers time and effort to hack someone they know is a vet with 10 characters. Especially one who brags about having a lot.
Security measure sounds alright and would be best being put in place before encouraging hackers. I do wonder how many hackers will also target someones emails.
Seems everyone's main concern is, if a hacker tries to access and account from the game client itself, then yeah, the system catches it. But there is a whole new problem. Now the hacker knows they have the right password. They can now, simply log into STO website, and change the password in there, and reroute all sto based emails, and then do what is necessary to get the prompt again, with a code containing email sent to them. From there they can remove the computer normally used from the access list, and make the account theirs in every sense of the word. So the concern being voiced here is, why block the in-game client at all if all that's going to do is make it so the hacker has to do a little password changing and email rerouting and be inconvenienced of about 5 minutes of their time.
But what I would like to say is, a half baked feature that has its other half in the works is better than no feature at all. If nothing else, since the majority of us have smartphones that notify us the instant we get an email, once we got the message, we simply beat the hacker to the punch, and tell cryptic what is going on so they can take over. After all, I am sure there is a computer somewhere that keeps a listing of all the accessing information on each account stored somewhere so that it can be used for investigative purposes, and even if there wasn't, all computers keep records of that type somewhere.
In short: most people here are saying its an excellent concept, it just has a major back door flaw. That flaw being the ability to, after confirming that the password is correct, simply using the website itself to finish the take over process. :eek:
Anyway, just wanted to put that out there, and basically give you a condensed version of what everyone here, aside from the guy talking about the account banking system., is saying. And what that is is: Nice car...now, can I also get locks for the rear passenger doors?
Furthermore, It would be really nice to visually see Log-In times, which could help us immediately recognize unauthorized accesses. As well as failed password attempts since you last sucessfully logged on.
Edit: Ok, one thing to remove from the "How many ways does this merger suck" list.
Re-edit: Wtf? Why didn't it return me to the thread? O_O
Re-re-edit: Ok, that's annoying.
Infinite possibilities have implications that could not be completely understood if you turned this entire universe into a giant supercomputer.
I don't like that.
Good. Can't stand all that security TRIBBLE.
So when do we need to contact customer support and how to contact them? Standard support ticket?
_____________________________________________________________
I've had my IP reset a couple of times since I originally posted that question on the forums... It doesn't seem to have made any difference at all, so I'm guessing that the whole thing about IP is either bugged or non-functioning, and if it's based on your computers name, well, that's just a little bit silly really isn't it?
A visual log of login times & failed password attempts is a great idea. I've seen it done on a number of banks online systems, never occured to me that it could be applied to games aswell.
Nes