test content
What is the Arc Client?
Install Arc

Account securitey To gm's and/or Devs

SystemSystem Member, NoReporting Posts: 178,019 Arc User
edited March 2010 in The Academy
Hey guys just wanted to point this out before account security becomes an issue in game.
To successfully get in to someone’s game account you need 2 pieces of information
1.There "log in" username
2.There “password”

One of the things to me that is most over looked in this game is how easy it is to get someone’s log in user name because of the toon name@login name thing in chat and when recruiting for guild when sending mails and tells etcetc

This to me could turn in to a major issue
in other game I specifically keep my toon name different to my log in name to try and prevent people having 1/2 the work of taking an account done for them so why in this game is my login name blatantly given out every time I use the chat box

This to me is a massive over site in security measures on the design end of things and is something that needs to be addressed before account hacks become a major issue

One thing that could be put in let me choose the @name to make it different to my log in name if its a crit function with no way to work around using it

anyway this is just something ive noticed and am quiet shocked by as it could potentially mean 1/2 the work is done for a hacker

I have allot of ideas for increased security just another one off the top of my head
when logging in i believe the client should disable the keyboard and use its own "on screen" keyboard you hit with your mouse this would make keyloggers void

with an onscreen keyboard it should be randomised as to where it appears this would stop people login the x and y axes of the mouse to determine what you have clicked

there’s allot more but for now my biggest concern would be the displaying of the log-in name
Post edited by Unknown User on

Comments

  • Archived PostArchived Post Member Posts: 2,264,498 Arc User
    edited March 2010
    Welcome late the game. There have been several threads on this already. Baiscally when you created the account if you specified your log in credentails for the @ name its on you. The game allows you to put anyhting you want for the @ name.
  • Archived PostArchived Post Member Posts: 2,264,498 Arc User
    edited March 2010
    moordrake wrote: »
    Welcome late the game. There have been several threads on this already. Baiscally when you created the account if you specified your log in credentails for the @ name its on you. The game allows you to put anyhting you want for the @ name.

    Ah right and where does it let you put something in i havent seen it as of yet?and sorry if theres other threads i forgot to use the search function :-x shoot me now lol i may have missed it in my excitment to create a toon lol
  • Archived PostArchived Post Member Posts: 2,264,498 Arc User
    edited March 2010
    It explicitly tells you to make your forum handle different from your login name.
  • Archived PostArchived Post Member Posts: 2,264,498 Arc User
    edited March 2010
    stefman123 wrote: »
    Ah right and where does it let you put something in i havent seen it as of yet?and sorry if theres other threads i forgot to use the search function :-x shoot me now lol i may have missed it in my excitment to create a toon lol

    *TRIBBLE gun*

    You're the boss :)
  • Archived PostArchived Post Member Posts: 2,264,498 Arc User
    edited March 2010
    Naevius wrote:
    It explicitly tells you to make your forum handle different from your login name.

    Yeah, it does that NOW, didn't use to.
  • Archived PostArchived Post Member Posts: 2,264,498 Arc User
    edited March 2010
    older accounts dont have that option

    besides who would want to hack STO ? i can see somebody hacking it, then asking the origional owner to take it back hours later
  • Archived PostArchived Post Member Posts: 2,264,498 Arc User
    edited March 2010
    well mynes been hear since beta probs why i havent got that option just havent had chance to play allot up to now so didnt really reliase this issue
  • Archived PostArchived Post Member Posts: 2,264,498 Arc User
    edited March 2010
    Ankah wrote: »
    older accounts dont have that option

    besides who would want to hack STO ? i can see somebody hacking it, then asking the origional owner to take it back hours later

    Hell, I can just see the suicide rate in China going up...
  • Archived PostArchived Post Member Posts: 2,264,498 Arc User
    edited March 2010
    moordrake wrote: »
    Welcome late the game. There have been several threads on this already. Baiscally when you created the account if you specified your log in credentails for the @ name its on you. The game allows you to put anyhting you want for the @ name.

    I myself wasn't aware of this until after someone commented on it. I vaguely recall something saying, what do you want to be known as. So I entered Xrystal. Not realising that it must have triggered as both account and forum name at once. My forum/character names have alway been different from account log in with these type of games for this precise reason. Until now of course. And now of course the option isn't changeable. Hopefully Cryptic will allow this option at some point as it is clearly a problem for those of us that were not aware of this.

    So, Cryptic, please give us an option to change our account name and known as names with more clear and precise instructions as it seems some of us may have misunderstood your intentions at the time.
  • Archived PostArchived Post Member Posts: 2,264,498 Arc User
    edited March 2010
    My suggestion would be that you not give anyone your password.

    And by not give anyone your password I also mean: and keep your virus scan and spy-ware scan software up to date. Don't want to lose that password to keyloggers either.
  • Archived PostArchived Post Member Posts: 2,264,498 Arc User
    edited March 2010
    Xrystal wrote: »
    I myself wasn't aware of this until after someone commented on it. I vaguely recall something saying, what do you want to be known as. So I entered Xrystal. Not realising that it must have triggered as both account and forum name at once. My forum/character names have alway been different from account log in with these type of games for this precise reason. Until now of course. And now of course the option isn't changeable. Hopefully Cryptic will allow this option at some point as it is clearly a problem for those of us that were not aware of this.

    So, Cryptic, please give us an option to change our account name and known as names with more clear and precise instructions as it seems some of us may have misunderstood your intentions at the time.

    For both you and the OP, you can contact Billing/Support (I believe - one of the support departments at Cryptic, anyway) and, by all accounts, they're helpful and quick about changing it for you.
  • Archived PostArchived Post Member Posts: 2,264,498 Arc User
    edited March 2010
    Xrystal wrote: »
    I myself wasn't aware of this until after someone commented on it. I vaguely recall something saying, what do you want to be known as. So I entered Xrystal. Not realising that it must have triggered as both account and forum name at once. My forum/character names have alway been different from account log in with these type of games for this precise reason. Until now of course. And now of course the option isn't changeable. Hopefully Cryptic will allow this option at some point as it is clearly a problem for those of us that were not aware of this.

    So, Cryptic, please give us an option to change our account name and known as names with more clear and precise instructions as it seems some of us may have misunderstood your intentions at the time.

    Yeah, some of us didn't even get THAT option. However, if you truly feel unsafe, just send them a mail asking for a handle change and give them three options. They'll get back to you eventually.

    To be honest, I don't actually see a problem with this. You have my login? So what? Feel free to crack my 9-17 digit alphanumeric CaSe sensitive, p.un-ctu,a=tion filled password.
  • Archived PostArchived Post Member Posts: 2,264,498 Arc User
    edited March 2010
    For both you and the OP, you can contact Billing/Support (I believe - one of the support departments at Cryptic, anyway) and, by all accounts, they're helpful and quick about changing it for you.
    This right here... Maybe not the quick part but they will change your forum/char handle for you have a valid reason for it.
    And yes... Having identical log in and forum handle is a very much valid reason. :)
  • Archived PostArchived Post Member Posts: 2,264,498 Arc User
    edited March 2010
    To quote the Billing & Account Support page...
    Question: How do I Change my Online Handle?
    Answer: If your online Handle is the same as your Username we would be happy to change your display name! Please log in and send us a Billing Support ticket with the three names you would like, in order of preference, if your first choice is unavailable. Keep in mind that trademarked or copywritten names are not acceptable.
    Please read the Billing and Account Support FAQ located here... http://www.startrekonline.com/support/billing
  • Archived PostArchived Post Member Posts: 2,264,498 Arc User
    edited March 2010
    erztez wrote: »
    Yeah, it does that NOW, didn't use to.

    It did when I created my account in January.
  • Archived PostArchived Post Member Posts: 2,264,498 Arc User
    edited March 2010
    Pasquatic wrote:
    It did when I created my account in January.

    It didn't when I created mine in September...your point?
  • Archived PostArchived Post Member Posts: 2,264,498 Arc User
    edited March 2010
    For both you and the OP, you can contact Billing/Support (I believe - one of the support departments at Cryptic, anyway) and, by all accounts, they're helpful and quick about changing it for you.

    This. File a ticket with 'em and they'll get back to you. They took a couple weeks to answer mine, but they WILL change your forum / in-game name this way.

    Can't change your account login name though.
  • Archived PostArchived Post Member Posts: 2,264,498 Arc User
    edited March 2010
    Well it looks like the Engineering Report mentions work on allowing a change to the @ name. At least it goes some way into protecting yourself somewhat.

    After all I like Xrystal as my forum name but I would like my @name in game to be something different so I can call my character in game Xrystal rofl.

    After all name@Xrystal doesn't sound quite right. Whereas Xrystal@StarfleetMedicalCenter rofl would be so much better but unlikely to be possible if it is still your account name. And then I could go on with Chantelle@StarfleetEngineeringCore. And my little baby Adelle@StarfleetTacticalSquad. But I digress. Will be wonderful to see how that new change will work though.
  • Archived PostArchived Post Member Posts: 2,264,498 Arc User
    edited March 2010
    thanks for the responsis guys sorry i took so long to reply im going to submit a ticket nowmy password is very long and i tend to use onscreen keyboard when entering passes as its harder to track mouse clicks than a keyboard so i should be safe i just guess im paranoid lol
  • Archived PostArchived Post Member Posts: 2,264,498 Arc User
    edited March 2010
    Pasquatic wrote:
    It did when I created my account in January.

    I dont reecall seeing it then. Also, if you change it, what happens to your friends list? Will they still be able to contact you? What about mail you sent under the old @(name), but havent picked up before changing it?
  • Archived PostArchived Post Member Posts: 2,264,498 Arc User
    edited March 2010
    If you want to make it simple, just submit a ticket here http://forums.startrekonline.com/sendmessage.php (or in game).

    Just say you would like to change your @name because if it currently the same as your forum login/account handle and then provide 3 names you would like (in priority order).

    The 3 names help expedite the process if the name you would like is already taken.

    I did mine back during Champions times so they were pretty quick about it...not sure how long it'll take, but they'll normally send you an email or PM when they do it.
  • Archived PostArchived Post Member Posts: 2,264,498 Arc User
    edited March 2010
    stefman123 wrote: »

    with an onscreen keyboard it should be randomised as to where it appears this would stop people login the x and y axes of the mouse to determine what you have clicked

    Have seen that work in free to play games - good idea.
    moordrake wrote: »
    Welcome late the game. There have been several threads on this already. Baiscally when you created the account if you specified your log in credentails for the @ name its on you. The game allows you to put anyhting you want for the @ name.

    Maybe you got to choose a different name - not all of us did. Cryptic are aware of problem and its is mentioned in the engineering reports.
    My suggestion would be that you not give anyone your password.

    And by not give anyone your password I also mean: and keep your virus scan and spy-ware scan software up to date. Don't want to lose that password to keyloggers either.

    Usually sound advice, but with @Login it may be possible to set up a program to automate log in and try many different codes. Doing so may take a long time, but simple password evaluation rules could be used. Not talented enough or inclined to do that myself, but some one - such as a gold spammer / farmer will be - selling online currency for real cash is big business.
    erztez wrote: »
    Yeah, some of us didn't even get THAT option. However, if you truly feel unsafe, just send them a mail asking for a handle change and give them three options. They'll get back to you eventually.

    To be honest, I don't actually see a problem with this. You have my login? So what? Feel free to crack my 9-17 digit alphanumeric CaSe sensitive, p.un-ctu,a=tion filled password.

    LOL on the password / encryption - kinda puts my last point down - but someone is bound to try it - if they have not already.

    As for the advice to put a mail / ticket in, I did that as soon as I realised how @Login worked during open beta and again at launch - still waiting for anything other than a standard 'Your .....' reply.


    I do think th OP has a good point. I also know this has been discussed many times on the forums. I'm just glad Cryptic are looking into it.
  • Archived PostArchived Post Member Posts: 2,264,498 Arc User
    edited March 2010
    there have been servial threads about this but ill clear this up again you have two names you account name and your account handle

    example my account name is **********

    but my handle is @Captain Butters

    there different you just need to read carefully when you create a account

    the devs have said that if security is a issue you can message them 3 alternate account names to log in with and they will chose one

    you can still keep your account handle or @name that players will see

    hope this helped

    Butters
  • Archived PostArchived Post Member Posts: 2,264,498 Arc User
    edited March 2010
    there have been servial threads about this but ill clear this up again you have two names you account name and your account handle

    example my account name is **********

    but my handle is @Captain Butters

    there different you just need to read carefully when you create a account

    If you care to read carefully the previous posts, you will see that not everyone got the naming option you describe and that the naming options have changed. I mean no offence to you, but do no put others down!

    the devs have said that if security is a issue you can message them 3 alternate account names to log in with and they will chose one

    Fair point. Though I can tell you I messaged them during OB and after launch on this issue and was kind enough to give them multiple choices - more than three. I am still waiting for anything but a standard computer generated reply.


    you can still keep your account handle or @name that players will see

    hope this helped

    No it did not and the general tone seemed to infer that people with this problem are illiterate morons - we are not.


    Butters

    Again - no offence meant to you.
Sign In or Register to comment.