PDA

View Full Version : Security of Accounts / Preventing Cheating :D



Blare731
05-10-2013, 05:45 PM
Hey guys I know that this is something that it very important to everyone and I have seen frequently mentioned around so I just wanted to make an "Official" Thread for it. I wanted to start off by asking the dev's:

1) What do you have planned for preventing people from phishing schemes or keyloggers and such. I know that many people didn't like it but, I loved WoW's and now Battle.net authenticator. I thought it was a great way to make sure people never got control of my account. I don't know what the copy rights are on an authenticator like way of protecting accounts but if possible, I would suggest something like this for people that really care about their accounts. Especially when I'm getting all these great exclusives from kickstarting.

2) I was curious if there are things out there looking for cheating. I honestly have never competed online tcg scene before but I would assume that there are people always trying. Is there anything you can tell us about how protected we are from dealing with these players / if it's possible?

Thanks a lot for your work guys and keep it up!

Shoubushi
05-10-2013, 05:48 PM
If we are allowed to openly trade between accounts, then I'd just like to stress that this openly encourages account theft. I'd very much like to have open trading between accounts, but I'd also like a good amount of protection behind it. And having had an account hacked before and "compensated" for my lost items and tainted character, I'm very cautious about account security.

Devaux
05-10-2013, 05:53 PM
There's been a lot of talk on other threads about the use of authenticators. I feel like a broken record but If we had them then it would increase my confidence in the game ten-fold.

Xenavire
05-10-2013, 05:56 PM
Agreed.

Fireblast
05-10-2013, 05:56 PM
+1

~

Blare731
05-10-2013, 05:57 PM
There's been a lot of talk on other threads about the use of authenticators. I feel like a broken record but If we had them then it would increase my confidence in the game ten-fold.

I just feel as though it is a fool proof way making sure things are secure. And it's so easy to make and it can be free on iOS and Android which are services that Hex is already side planning to being ported to. Which actually on second thought will be interesting how you go from one to the other really quick before the timer runs out. Good thing I can remember 9 numbers for the 13 seconds it takes to type them in again.

Socks4615
05-10-2013, 06:03 PM
I'd also breathe a lot easier with an authenticator set-up. +1

Daer
05-10-2013, 06:04 PM
+1 to an authenticator being a good idea. You could offer a physical one for a small price (or a stretch goal hint hint) and a free mobile one.

Boojum
05-10-2013, 06:05 PM
Agreed. It's such an obvious step for anything where you have a significant chunk of money invested into an account that I assumed it would already be in the works. It's making me a bit nervous that they haven't confirmed it yet, but I'm confident it will be in by launch.

Selfar
05-10-2013, 06:43 PM
I was thinking about this a lot. Especially with their being Real Money based in the Auction House...I'm sure most of us know how that went for Diablo III.
Though I'm scared this game will turn into a "Pay-to-Win" model, security needs to be looked as specifically for that reason.
Authenticators are a great idea. I would like to see PayPal as a payment option, mainly because if someone does steal an account PayPal will reimburse you 100% on money stolen through PayPal.
A friend of mine also came up with a good idea: Being able to link 1 payment option that's locked onto the account. The only problem with this is: people change banks etc...
But security will be needed for sure.

BirdieG
05-10-2013, 07:49 PM
For low price purchases Paysafe Card would work too

Socks4615
05-10-2013, 07:56 PM
Hopefully there's already a plan in place for something like "Hey, you're logging on from a vastly different IP than you usually do - Is this really you?" sort of email, like a lot of other games do.

WWKnight
05-10-2013, 09:02 PM
If we go to authenticators, Id like to see one included in the higher tier pledges. I am really breaking my back and being highly irresponsible with my pledge. I think $1000 for a hobby is enough of a yearly budget. Even if the cost is small and insignifcant, it'd still be too much for me at this point :-/

Having told my sob story, I do think authenticators would be a great step to take.

Blare731
05-10-2013, 09:44 PM
If we go to authenticators, Id like to see one included in the higher tier pledges. I am really breaking my back and being highly irresponsible with my pledge. I think $1000 for a hobby is enough of a yearly budget. Even if the cost is small and insignifcant, it'd still be too much for me at this point :-/

Having told my sob story, I do think authenticators would be a great step to take.

Yeah like I said, I would prefer a free Android/iPhone version instead of a keychain attachable one. It's cheaper for the company and easier, in my opinion, to use.

Daer
05-10-2013, 10:12 PM
They will probably offer both (if they offer them at all), not everyone has a smartphone.

Travis
05-10-2013, 10:19 PM
If they are talking about real money hopefully they are way ahead of this but a dev comment would be great. An authenticator would be the best I feel as I have never heard of an issue with one of them.

Selfar
05-10-2013, 10:45 PM
For low price purchases Paysafe Card would work too

This is true...but if your account it stolen you still lose it and everything in it. Unless they have a REALLY good recovery system setup. Being that they are new to MMOs, Video Games in general...we'll see.


Yeah like I said, I would prefer a free Android/iPhone version instead of a keychain attachable one. It's cheaper for the company and easier, in my opinion, to use.

I agree, but like someone else said they'll most likely offer both.

Blare731
05-10-2013, 10:56 PM
Ok just to clarify, I said I would prefer the app.

I didn't mean, I prefer they only make the app, just that if they did make authenticators that hopefully they make a app for it. I just don't want people to keep quoting me on something I didn't really say or intend to say rather. But thank you for pointing it out as well.

Edit: after reading it when I posted, the start sounds hostile, I am sorry for that it's really late and I'm going to sleep and so words are not coming to me as easily as they should, ha ha. I don't mean to be hostile either =]

Selfar
05-11-2013, 12:23 AM
Ok just to clarify, I said I would prefer the app.

I didn't mean, I prefer they only make the app, just that if they did make authenticators that hopefully they make a app for it. I just don't want people to keep quoting me on something I didn't really say or intend to say rather. But thank you for pointing it out as well.

Edit: after reading it when I posted, the start sounds hostile, I am sorry for that it's really late and I'm going to sleep and so words are not coming to me as easily as they should, ha ha. I don't mean to be hostile either =]

Oh, I know and I didn't take it that way. Was just saying, that's all!

Thanisse
05-11-2013, 12:53 AM
they could just place in an option in your account that doesn't let you access account except your IP , or a set of IPs you activate as "home IPs"

I know this will limit mobility of the game for you , but it's better than having it stolen and ripped off of the cards you bought / earned etc . having my account hacked in wow was a very annoying experience ... hope they will have authenticator options that don't include doing stuff I might not be able to do at the moment x_X ... like the wow authenticator , which wasn't buyable in my country for a long time .

Blare731
05-11-2013, 01:01 AM
they could just place in an option in your account that doesn't let you access account except your IP , or a set of IPs you activate as "home IPs"

I know this will limit mobility of the game for you , but it's better than having it stolen and ripped off of the cards you bought / earned etc . having my account hacked in wow was a very annoying experience ... hope they will have authenticator options that don't include doing stuff I might not be able to do at the moment x_X ... like the wow authenticator , which wasn't buyable in my country for a long time .

That wouldn't really work for me and potentially a lot of people who have dynamically changing IPs. For instance I live on a campus 70% of the year so every time I access the wifi in a different location I have a different IP.

Socks4615
05-11-2013, 01:15 AM
they could just place in an option in your account that doesn't let you access account except your IP , or a set of IPs you activate as "home IPs"

I know this will limit mobility of the game for you , but it's better than having it stolen and ripped off of the cards you bought / earned etc . having my account hacked in wow was a very annoying experience ... hope they will have authenticator options that don't include doing stuff I might not be able to do at the moment x_X ... like the wow authenticator , which wasn't buyable in my country for a long time .

See, I'd rather they just log my usual IP and then, when I have to go on trips (which is at least twice a year, sometimes more) and I log in from a different spot, they'd send me an email that says "We have a login on your account from an unusual IP address and we need confirmation it's you." And then I send them some sort of confirmation, even just an email back that says, "Hey, yo, it's me." DONE.

WWKnight
05-11-2013, 01:28 AM
See, I'd rather they just log my usual IP and then, when I have to go on trips (which is at least twice a year, sometimes more) and I log in from a different spot, they'd send me an email that says "We have a login on your account from an unusual IP address and we need confirmation it's you." And then I send them some sort of confirmation, even just an email back that says, "Hey, yo, it's me." DONE.

Yep, tahts how I like it. I dont use mobile phones, and Id rather not have a silly little keyring (Its stressful enough when I lose my keys without the added terror of knowing ive lost access to my hobby too!)

Fool
05-11-2013, 02:11 AM
I'd just like to add my voice to those asking for authenticators - particularly as a mobile app I know it might not be ideal for everyone but its the best system i have seen so far (in my humble)

Daer
05-11-2013, 03:02 AM
they could just place in an option in your account that doesn't let you access account except your IP , or a set of IPs you activate as "home IPs"

I know this will limit mobility of the game for you , but it's better than having it stolen and ripped off of the cards you bought / earned etc . having my account hacked in wow was a very annoying experience ... hope they will have authenticator options that don't include doing stuff I might not be able to do at the moment x_X ... like the wow authenticator , which wasn't buyable in my country for a long time .

Yes it would be a good option to have this too.

It is like Steam's Steamguard. When you activate steamguard it emails you an access code that you type in to 'register' your computer. Then you can play as normal. If you log in from another computer it asks you for a code and emails you with a code for you to type in to 'register' that computer as well. So even if your account name and password are hacked the hacker can't log in, when they try you'll be emailed saying you are trying to access your account from another computer and have to enter the code. It is based by computer not IP address.

d00dz
05-11-2013, 03:57 AM
I wholeheartedly believe that some form of two-factor authentication is a must for games like these, whether in the form of authenticators or email confirmations or even both. Once this game becomes popular enough with a thriving market, phishers and hackers will come in droves.

Thanisse
05-11-2013, 04:38 AM
I wholeheartedly believe that some form of two-factor authentication is a must for games like these, whether in the form of authenticators or email confirmations or even both. Once this game becomes popular enough with a thriving market, phishers and hackers will come in droves.

sadly that will be the case , but I am sure CZE will do something against those .
no reason to let a lot of people's money go to waste.

Selfar
05-11-2013, 09:41 AM
Yep, tahts how I like it. I dont use mobile phones, and Id rather not have a silly little keyring (Its stressful enough when I lose my keys without the added terror of knowing ive lost access to my hobby too!)

This is why options are great. But like Blaze was saying, a lot of people, especially at schools and such have Dynamic IPs. They change all the time. They can get a general idea of where your IP is, but so could a hacker. Proxies can make IPs look like anything. I'm not saying it's common, but it's possible. I think there should be different options based on preference.

Blare731
05-11-2013, 09:50 AM
Yes it would be a good option to have this too.

It is like Steam's Steamguard. When you activate steamguard it emails you an access code that you type in to 'register' your computer. Then you can play as normal. If you log in from another computer it asks you for a code and emails you with a code for you to type in to 'register' that computer as well. So even if your account name and password are hacked the hacker can't log in, when they try you'll be emailed saying you are trying to access your account from another computer and have to enter the code. It is based by computer not IP address.

This is a great alternative and I'm sad I didn't think about it because I play steam games all the time and have been a member since counterstrike 1.6. The great thing about tracking computers and sending an email is that you can log in anywhere you want (even a public place) and register that computer. If you are never going to use it again aka like a public system you can then take that computer off. Or even hard reset all your known computers and start over authenticating your personal one.