Rift: Solution to hacked accounts

[vrumpt]

I really felt this needed its own thread, because i think this is pretty awesome what they are going to be doing here.

We are aware that there are still issues with some of you being hacked. This is a top priority for us here at Trion and the team has been working to address the situation. As we posted last week, there have already been a number of updates put in place. We are also introducing another function that should make it into the game early this week.

Coin Lock

Users will be coin locked if they log in from a significantly different location. When their account is coin locked, they will be sent an email to the address that they have on their account (their login email) with a code to enter into the game.

Users will see the Coin Locked icon in the spot where their tutorial button shows up. Deactivating the tutorial tips will not turn off the Coin Locked button.

While in a Coin Locked status, users will have the following limitations:
• No access to the auction house
• No ability to SEND mail. Users can still receive and view mail as well as remove items from mail
• No ability to SELL to vendors. Users can still purchase items from vendors
• No ability to salvage, runebreak or destroy items
• No ability to trade
• Users can continue to play and gain coin and items, but cannot get rid of them.

If you are Coin Locked, simply click on the Coin Locked icon and enter the code found in your email from Trion.

If you log in and your account is coin locked, check your email! Someone may have logged in from another location with your account.

If you do not receive the email, please click on the Coin Locked icon and click the “Resend” button to have the email resent to you.

If you cannot access your email or you are otherwise unable to change your Coin Locked status, please contact Customer Service.

We're also working on the addition of two-factor authentication at the login level, which will let you use an app or a cell phone as a way to ensure that you're the one logging on. (You may have heard of this in other products as a SecurID or an Authenticator.) We'll be sharing specifics on that as soon as we can as well.

If you have been hacked:

Contact Customer Support immediately. The CS Team is responding as quickly as possible to restore accounts for those who have been hit.

We assure you this matter is very important to us and we are doing everything we can to resolve your issues and safeguard your account.

thoughts? i think personally this is a genius move on their part.

[Kaylia]

It seem like a good idea, much better than what blizzard and everyone is is doing atm (lock you out of the game completely).

[Ksandra]

thank. god.

wish they did it sooner, but at least they are getting there. XD

[AidenCarby]

That's pretty cool lol, fuck charging for authenticators or security tokens.

[vrumpt]

i should point out the only flaw in this system is if people have the same PW for email and rift. With that said, if they aren't already different, make them different.

[shaddix]

Funny thing when I first signed up.
I tried to use my normal password that looks something like

%Qa(Ow^Nt9

But it doesn't allow all the special characters, but it still took the ones that weren't special.
So I ended up with something like %QaOwNt9. I tried to login and fail and so was like wtf. Luckily the reset password field where it wants the old password functioned the same way and filtered out the disallowed characters. So now my password is something shitty like uowx7pa2

[Katlan]

This is a really smart idea, I like it. better then any other approach ive seen other companies use

[Cjskater]

Since this has its own thread now:

I'm not sure on the truthiness of it, or if I can even post this pic, but I found this:
http://www1.picturepush.com/photo/a/.../SUPERSAFE.jpg Chinese version

Edit: Black-box'd it since I figured out you could google the names and find the full info.

[Ksandra]

ugh...

[edit] I was thinking about this last night, and thought of how the rmt could easily get around this idea they have with the code. couldn't they create fake IP accounts and keep logging you out and in using various IP areas until it no longer asks for a code? I wish they'd give more details on how far away the IP has to be.

[shaddix]

I understood it as if someone logs you in from somewhere else, it coin locks, and even if you log in in your normal location, you still have to unlock it via the email code.

[vrumpt]

ugh...

[edit] I was thinking about this last night, and thought of how the rmt could easily get around this idea they have with the code. couldn't they create fake IP accounts and keep logging you out and in using various IP areas until it no longer asks for a code? I wish they'd give more details on how far away the IP has to be.

yeah well this isn't 100% perfect, and i don't think its meant to be by the way they are handling security as a whole. They can't release that kind of information for security reasons (precisely for the scenario you described). Players knowing how far the boundary is a useless tidbit of information, but anybody who travels will be able to narrow down the range over time.

I was also thinking about it and it figures it just turns the keylogger game into finding the PW for the email as well. I don't know how keyloggers work exactly, in relation to programs that are open that is, so idk if it'll be incredibly easy for them to find out or not. Either way, this throws like 2 or 3 extra hoops hackers need to go through to successfully hack somebody, so i guess thats better than before.

[Ksandra]

That's true, I just wish they'd get those authenticators going, even if it was a phone app I'd trust it more than this idea. (even if it is better than what we've got)

[Kaylia]

Am I the only one who would rather get hacked than input that damn number manually every time I log on ff/wow/sc2/rift?

[Falisa]

As long as you arent constantly moving to different states multiple times a week, you won't have to.

[shaddix]

he's talking about the keyfobs lol

[Shnaklaha]

Wow.....I really really like this idea....actually, its borderline genius.....why doesn't wow have this?

[Kaylia]

As long as you arent constantly moving to different states multiple times a week, you won't have to.

Shaddix answered, but I'm talking about the security token or cellphone app.

[Eanae]

Works great till they just hack your email too. Authenticators or bust.

[Eaglestrike]

Works great till they just hack your email too. Authenticators or bust.

How are they going to manage to hack your e-mail too? That's really poor security on your part. I mean, I'm not saying it's not possible, but really...and authenticators have been hacked too.

[Eanae]

Because key loggers only log one thing right? Authenticators haven't been "hacked". There is no cracking them. They're called man in the middle attacks and they're very difficult and rare.