Suggestion: Add character name security for login as in GW1
in Suggestions
Posted by: Michael Fejervary.8576
Title says it all.
Why I have to stop and ask myself was that not also implemented as part of the required login information?
I understand that no system is 100% foolproof, but every little extra piece above a password and account name is extra protection.
While your eMail auth system may help stop instant login even it is not 100% foolproof alone.
I commend you Anet for working so hard to help get players accounts back, but had that one little extra piece beend there how many less would have been lost to begin with? How much time could have been focused on more than just lost accounts?
Seriously, you need to implement it along with the other.
I also ask that you step it up. Require a PIN # to be added to the account and asked for (along with at least one characters name on the account) at all times anything is changed that could result in an account being lost, or a login from someone who is actually not just the owner at a different IP location.
It leaves very little way for a person to do anything with the account even if they did know the login name and password.
That is unless you go around saying your character “imanidiot” belongs to “pleasestealmyaccount@imanidiot.com” then you really deserver to lose your account.
I just recieved after a little over a month my first email asking to approve a login attempt.
Which is really strange as I have never had issues with this account on GW1, and I do not download anything on my computer that is not from a company I that I do not do business with.
I always run an antivirus, firewall, etc while scanning everything before installs even from Anet, and to be honest in 20 years I have never had a virus, lost account, etc. I know the risks, and how to protect my information.
Nothing missing or whatever so I am guessing that the email auth actually blocked complete login.
The email I recieved was as follows;
A log-in attempt from the following location is currently awaiting your authorization.
Address: 27.188.67.1
City: Beijing
Region: 22
Country: CN
Despite the attempt claimed by the email the above attempted IP never appeared in the security portion of “My Account”. Now even though it was blocked the email suggests that the account was successfully logged into, and thus one would think that the IP would then appear in the security section.
Now I do know that your retainment of the information in that area is very poor and in its current implementation and state useless.
It will retain the last few of my login IP’s for a session, but afterwards it is wiped out all the way. I have seen this on my kids accounts, my wife, and my brothers. It just does not retain anything. What is the point then?
I suggest that you revamp that system to actually retain ALL LOGIN ATTEMPTS over the last 7 days by condensing all matching to a single line. Example;
WA, US (99.99.9.999) 5 minute(s) ago (6 logins over the last 7 days)
CHINA (11.11.1.111) 2 day(s) ago (3 logins over the last 7 days)
CHINA (33.33.3.333) 10 minute(s) ago (100 attempts to login over the last 7 days)
Good enough example?
Basically, let us really see what is going on so we can see the pattern as well.
Also, I wonder if its possible that these emails are not just scam ones spoofed to look official like the 20 Diablo3 ones I get about my account getting banned despite the fact that I do not have a Diablo3 account or those emails shared with blizzard (let alone anyone else).
Now I also hope that you are making sure your company is secure. Way to many of your competitors have had issues over the last 2 years alone with their servers being hacked into and account information stolen.
I’m sorry, but no company is “Someone Special” and/or immune.