1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. Greetings Guest!!

    In order to combat SPAM on the forums, all users are required to have a minimum of 2 posts before they can submit links in any post or thread.

    Dismiss Notice

Accounts security : why not use electronic keys code generators ?

Discussion in 'UHall' started by popps, Sep 22, 2010.

  1. popps

    popps Always Present
    Stratics Veteran Stratics Legend

    Joined:
    Feb 27, 2004
    Messages:
    13,445
    Likes Received:
    461
    Some banks, for online banking, alongside with internet login and passwords, also provide an electronic device which generates unique additional codes (single use per code generated) needed to log in.

    Unless someone enters the right unique code, after a few mistakes the account locks, for safety.

    Now, why don't game makers for online games use the same system ?

    It would make it almost impossible for anyone to log into a game account without having this electronic unique code generator.

    It could be included with the game box or mailed to players upon providing the proper account original registration code.

    Just a thought......
     
  2. Fink

    Fink Guest

    There aren't boxes for UO anymore.

    I wouldn't want to wait for a package to be mailed out before I can log in.

    What is the security issue at the moment?
     
  3. Nok

    Nok Lore Master
    Stratics Veteran

    Joined:
    May 12, 2008
    Messages:
    1,041
    Likes Received:
    33
    Blizzard already does for World of Warcraft.

    Would be good to see more publishers take more efforts in account security.
     
  4. Petra Fyde

    Petra Fyde Peerless Chatterbox
    Stratics Veteran Alumni Stratics Legend

    Joined:
    Jan 5, 2001
    Messages:
    30,881
    Likes Received:
    5,164
    The vast majority of account 'hacks', or more acurately, account thefts, are the result of:
    1. the owner trusting the wrong person with the account information.
    2. The owner being tricked into downloading a key logger
    Or
    3. a 'sold' account being reclaimed by the original owner.

    How will this idea address those?
     
  5. popps

    popps Always Present
    Stratics Veteran Stratics Legend

    Joined:
    Feb 27, 2004
    Messages:
    13,445
    Likes Received:
    461


    Because it is a "hardware" thing.

    That is, unless one has physically the electronic unique code generator in one's own hands, one would not be capable of entering the code online and, thus, login with that account.

    It is a small device with a button that when pushed, provides a unique code that can only be used once and when used is discarded by the system.

    So, whomever wants to login with an account using such an electronic key generator, would need to physically have it.

    Key loggers cannot do anything because the moment the unique code is used to login, it is discarded so even if the code is captured by the key logger, it will be unusable because the next login a new unique code will be needed.

    A friend or someone else "trusted" would need to physically have the electronic key generator to enter the account. Or, be in direct contact with the owner of the account who physically has the electronic unique code generator and the only one person who can comunicate it to the trusted person trying to login the account.
    This, would be needed for each and every login.

    Accounts sold would either have to have the key generator transferred physically, or be transferred using the official transfer program. At that point, the old key generator set of codes would be made unusable and a new electronic key generator would be provided and shipped to the buyer of the account.

    The old owner, even when having the original registration code could not open up the accounr either because the change of ownership was officially done or because the electronic unique code generator is no longer in their possession but in that of the purchaser of the account.

    That's at least how I understand they work and I assume that, if banks use them for something as important as online banking, they are quite a secure way to log in.....
     
  6. Blesh

    Blesh Sage
    Stratics Veteran

    Joined:
    May 12, 2008
    Messages:
    743
    Likes Received:
    6
    1. You would always know when said trusted person was on your account because you would have to give them the authenticator code each time. Nine times out of ten when a trusted person accesses and abuses the account they're logged in whithout the account holders consent. Granted it does nottotally fix the problem, it helps people stupid enough to hand out their account info.

    2. Can't log in without the authenticator. Keylogger is no longer a threat. On wow you can't even get into the account management without the authenticator.

    3. Don't even need the authenticator to avoid this dilemma. Use mythics account transfer option.

    Tada!
     
  7. Blesh

    Blesh Sage
    Stratics Veteran

    Joined:
    May 12, 2008
    Messages:
    743
    Likes Received:
    6
    Popps can type faster than me xD
     
  8. Zurhet Pebblethief

    Zurhet Pebblethief Journeyman
    Stratics Veteran

    Joined:
    Jun 20, 2010
    Messages:
    147
    Likes Received:
    14
    I have one for both my wow accounts, and would love one for all the games I play online. I've been hacked by a keylogger before, it won't happen again for my wow accounts now.
     
  9. Petra Fyde

    Petra Fyde Peerless Chatterbox
    Stratics Veteran Alumni Stratics Legend

    Joined:
    Jan 5, 2001
    Messages:
    30,881
    Likes Received:
    5,164
    Thank you. I haven't come across those before.
    Our banks sure as heck don't use them. Wish they did!
     
  10. Blesh

    Blesh Sage
    Stratics Veteran

    Joined:
    May 12, 2008
    Messages:
    743
    Likes Received:
    6

    Awesome huh?

    What's even nicer about the way wow handles account security, is they will actually restore your account/items/characters should you get hacked. The only real problem is that it takes them a few days to do it.
     
  11. Ls Jax Ls

    Ls Jax Ls Visitor

    Joined:
    May 26, 2009
    Messages:
    709
    Likes Received:
    0
    Why do people even bother posting such useless and ridiculous ideas here? I'm sure UO stores its backup data in Fort Knox right next to 500 gold bricks as well.
     
  12. popps

    popps Always Present
    Stratics Veteran Stratics Legend

    Joined:
    Feb 27, 2004
    Messages:
    13,445
    Likes Received:
    461


    I wonder how much useless added security would sound to those players who had their accounts hacked.....

    Characters deleted, items taken away and a disaster that even when they might get the account back time later, what is left ain't much.

    Besides, an online game offering such an added level of security might be more appealing to perspective players and thus, get more subscriptions.
     
  13. Lord Chaos

    Lord Chaos Always Present
    Stratics Veteran

    Joined:
    May 12, 2008
    Messages:
    10,075
    Likes Received:
    0
    No thank you...too expensive to develop and too much of a hassle. I log in dozens of times in a day, I don't want to generate a new code every time, especially if I am in a hurry, like after a crash in a dangerous situation.
     
  14. Lord Chaos

    Lord Chaos Always Present
    Stratics Veteran

    Joined:
    May 12, 2008
    Messages:
    10,075
    Likes Received:
    0
    How does added thought process about their online behavior sound to those who have had their accounts hacked?
     
  15. Ls Jax Ls

    Ls Jax Ls Visitor

    Joined:
    May 26, 2009
    Messages:
    709
    Likes Received:
    0
    If your account gets "hacked" (people like to throw this term around for some reason) it is YOUR fault. Nobody is monitoring your computer 24/7 to steal UO accounts. You don't just "get hacked", you gave them the opportunity and they took it.
     
  16. Zyon Rockler

    Zyon Rockler Guest

    They should be able to set up a download page with inside security.

    You go where your account information is, in billing, click on security and it downloads a small program that works with your password and user name.

    Basically, what it does is generates an invisible code so that when it checks your password it would also check the code.

    After logging out, during the log out process a new code would be sent and during the log in process it would check for that code.

    The user could store this small program onto a USB so that the USB can be taken and it can be used on other computers, so the user is free to play UO anywhere or on any system.

    This would be strictly convenience and this system could be easily added with a simple patch.

    Again, this would be added and used with the name of the current card holder or person who is paying for the account.
     
  17. Black Sun

    Black Sun Grand Poobah
    Stratics Veteran Alumni

    Joined:
    Mar 19, 2003
    Messages:
    5,361
    Likes Received:
    19
    For once I agree with LC.

    I think this is a case where a little common sense and standard internet security measures are sufficient.

    I have a separate email address (one that's not web based) that's used only for password retrieval and other account info, I do virus and malware scans on a regular basis, and I don't give my account info to anyone for any reason. I haven't had a single problem in 7 years of actively playing.
     
  18. popps

    popps Always Present
    Stratics Veteran Stratics Legend

    Joined:
    Feb 27, 2004
    Messages:
    13,445
    Likes Received:
    461


    Well, they could at least make it a voluntary option to players.

    Those players who wish to add extra security to their accounts will ask for the extra code added security while those who don't, will stay with what we have.

    This way, each player will be able to get what they want as far as security goes for their accounts...........
     
  19. Zyon Rockler

    Zyon Rockler Guest

    That's basically the point. Someone else could have your email, know your user name and use your password but would still not be able to get in because it would check for a code that only the log in server and your hard drive or USB know.

    A hacker would have to be able to either hack the log in server or your computer and then read the file and somehow transfer that code to a hack script.

    And that's just alot of work for a hacker or a thief to do. I think in the future you will see more intelligent designs where the computers are actually the ones taking care of the security, not the people because let's face it, people cannot be trusted.

    Another interesting thing is, is if somebody hacked the main system and took everyone's user name and password, they wouldn't be able to do anything with it because the program would be looking for the code and it would be connected to the card holder or person paying for the account.
     
  20. Lord Chaos

    Lord Chaos Always Present
    Stratics Veteran

    Joined:
    May 12, 2008
    Messages:
    10,075
    Likes Received:
    0
    Only if they pay added subscription fee for this service for those people...but then people would complain.
     
  21. Korik Bloodguard

    Korik Bloodguard Lore Keeper
    Stratics Veteran

    Joined:
    Feb 25, 2004
    Messages:
    891
    Likes Received:
    0
    These would be a great service, either a physical device or an iphone app. Adding an extra, more reliable level of security is never a bad idea, especially since traditionally you would get zero assistance if your account was hacked.

    And lets face it, accidents/bad judgement do happen.
     
  22. Black Sun

    Black Sun Grand Poobah
    Stratics Veteran Alumni

    Joined:
    Mar 19, 2003
    Messages:
    5,361
    Likes Received:
    19
    I'm fine with that, so long as it's an "opt-in if you want it" kind of deal, and my subscription fees don't go up because of this extra service that I have no want or need for.
     
  23. Ls Jax Ls

    Ls Jax Ls Visitor

    Joined:
    May 26, 2009
    Messages:
    709
    Likes Received:
    0
    iPhone app...seriously? :dunce:
     
  24. Shamus Turlough

    Shamus Turlough Lore Master
    Stratics Veteran Alumni

    Joined:
    May 19, 2008
    Messages:
    1,066
    Likes Received:
    207
    The blizzard authenticator is available as an iPhone app, and mine works great. For those complaining about the extra step to log in, at least with blizz, it is not mandatory that you have one. However, if you do lose anything to a bug or hack, and you have an authenticator tied to the account, then they will immediately restore anything lost. They aren't forcing it down anyone's throat, but they are making it available to those who use it.

    P.S. I timed logging in to WoW with and without an auth code, and it added an extra 7 seconds to my login time.
     
  25. Lord Chaos

    Lord Chaos Always Present
    Stratics Veteran

    Joined:
    May 12, 2008
    Messages:
    10,075
    Likes Received:
    0
    7 extra seconds can mean the difference between life and death in UO.
     
  26. Ls Jax Ls

    Ls Jax Ls Visitor

    Joined:
    May 26, 2009
    Messages:
    709
    Likes Received:
    0
    The fact of the matter is, the Devs have a lot more important things to do than mess with a 13 year old account/login system when they are currently working on a game that is broken in many ways.
     
  27. popps

    popps Always Present
    Stratics Veteran Stratics Legend

    Joined:
    Feb 27, 2004
    Messages:
    13,445
    Likes Received:
    461


    Who knows, perhaps a voluntary added level of security might make some perspective players more willing to consider Ultima Online as a game they want to play ?

    Sure, there are many things in a game that need Developers' attention, I happen to think that increased account security might be one of those things......
     
  28. Gellor

    Gellor Guest

    THIS is a far stretch. I'd venture that maybe 1 in a million online players say to themselves "I'd play this game if it was more secure":lol:

    As mentioned by several people, all the supposed account "hacks" are usually the result of one of the following:
    1. Sharing information - either sharing account information or email associated with an account. All my online related accounts have separate unshared emails.
    2. Poor online practice - either browsing questionable websites(such as those utilities that shall not be named) or compromised guild websites.
    3. Poor computer practices - either not running or using outdated virus software, etc.

    I've run the same password for 11 years on one of my UO accounts and it hasn't been hit EVER.

    The devs have MUCH higher priorities than this issue... such as fixing bugs THEY introduce in a timely manner.
     
  29. Ls Jax Ls

    Ls Jax Ls Visitor

    Joined:
    May 26, 2009
    Messages:
    709
    Likes Received:
    0
    Spoken like someone who trusted the wrong person with their account information. :sad4:
     
  30. Lord Frodo

    Lord Frodo Grand Poobah
    Stratics Veteran

    Joined:
    May 12, 2008
    Messages:
    5,776
    Likes Received:
    2,285
    Popps on a 4 digit combo lock there are 10000 combos.
    If you used only 4 things for your password (0-9, a-z and A-Z) there are 14,776,336 combos.
    And before you get to the password you have to guess my user account name. Do you really think anybody hacks UO accounts? They get your info due to poor habits or downloading stuff you should not be downloading. Be smart using your computer and sharing your info and you will never be hacked.
     
  31. popps

    popps Always Present
    Stratics Veteran Stratics Legend

    Joined:
    Feb 27, 2004
    Messages:
    13,445
    Likes Received:
    461


    Well, unfortunately keyloggers exist.....

    And that is the beautiful thing with electronic unique code keys, they pretty much make keyloggers useless......

    And even trusted people, in order to log in they would need for each and every single log in to ask to the account owner (who physically holds the electronic unique code key generator) the unique code needed to login....

    I think it would make hacking an account a whole lot more difficult and rare...
     
  32. Black Sun

    Black Sun Grand Poobah
    Stratics Veteran Alumni

    Joined:
    Mar 19, 2003
    Messages:
    5,361
    Likes Received:
    19
    Yes, and so would using basic security measures when working on the internet. There is decent software out that that can pick up a key logger before damage is done. For a bank, yes that would be a great idea. An online game? Sounds a bit like overkill to me.
     
  33. Lord Frodo

    Lord Frodo Grand Poobah
    Stratics Veteran

    Joined:
    May 12, 2008
    Messages:
    5,776
    Likes Received:
    2,285
    You are right, they do exist. How did you get a keylogger on your system? Poor internet habbits. I do not download anything unless it is from a trusted site. You do know that there is software out there that tells you which sites are trusted, don't you?

    People are not staying away from UO because of this. They are staying away because of all the cheating, lack of bug fixes, projects not being completed and an up-to-date client with great graphics. Your solution will not bring in one new player as long as UO stays the way it is. What it will do is just add another thing into a patched work UI that has a strong chance of creating more bugs then what it is worth. Do you think EA will do this for free? Even if they put in an option not to use it everybody will still pay for it through money or lost Dev time trying to fix it. Your solution will do nothing to bring in new players.
     
  34. popps

    popps Always Present
    Stratics Veteran Stratics Legend

    Joined:
    Feb 27, 2004
    Messages:
    13,445
    Likes Received:
    461


    I will never get to understand it........

    I mean, how many times now when I have posted some ideas about changing the game (for the better, I think...) I have gotten replies from people thinking that since I was asking for some change I must have been hit by the need for it ? That is, I imagine, I was thought to have had a personal agenda for asking that one change.

    Well, I have news, I was not hacked and did not entrust any wrong person with my account informations.

    I simply and only thought it would be a good improvement for the game.

    If I ask for PvP items to be more readily available, it is NOT because I may have hard time getting them.

    If I ask to increase security to accounts it is NOT because I was hacked.

    If I ask for gold to be less meaningfull in the game it is NOT because I am poor.

    And so on....

    Bottom line is, when I ask for changes to the game I have no other reason but suggesting them because I think that they would make UO a better game regardless from my personal situation as a UO players and regardless what my in game needs might be.

    How many more times i will need to repeat this ?
     
  35. LordDrago

    LordDrago Certifiable
    Stratics Veteran

    Joined:
    Jun 26, 2004
    Messages:
    1,500
    Likes Received:
    393
    I will have to vote no on this one. Not needed.
     
  36. LordDrago

    LordDrago Certifiable
    Stratics Veteran

    Joined:
    Jun 26, 2004
    Messages:
    1,500
    Likes Received:
    393
    Sounds like someone owns stock in an electronic key manufacturer.....:)
     
  37. Lord Frodo

    Lord Frodo Grand Poobah
    Stratics Veteran

    Joined:
    May 12, 2008
    Messages:
    5,776
    Likes Received:
    2,285
    Poops first thing you need to ask yourself is will this bring in new players? NO Will this bring back old players? NO

    What are the first things you hear about UO, CHEATING and a non up-to-date client with great graphics. You do not hear "OMG everybody in UO is being hacked". UO needs to fix these problems first and worry about added security way down the line. Is this the fight you should be fighting now or should you turn your passion around and look at the worst things UO has and what UO needs to do to bring in new and old players. Secutity in not thier major problem.
     
  38. popps

    popps Always Present
    Stratics Veteran Stratics Legend

    Joined:
    Feb 27, 2004
    Messages:
    13,445
    Likes Received:
    461


    Well, I agree that cheating in UO is a VERY big problem and infact, I have spoken in favour of getting rid of it quite a bit.

    Yes, cleaning UO of cheating is the highest priority for the game that I can think of.

    Account login added security perhaps is not as big a problem as cheating but still, if some extra room (resources) can be found for improvement somewhere, perhaps it would be nice to put added security login into that ?

    But if I had to make a choice between getting rid of cheating in UO or adding extra login security, I'd choose getting rid of cheating first, no doubt.
     
  39. Blesh

    Blesh Sage
    Stratics Veteran

    Joined:
    May 12, 2008
    Messages:
    743
    Likes Received:
    6
    The Ultima Online player base will never cease to amaze me.

    You all pee out more money they you need too.

    UO is now a micro transaction game AND a subscription game.

    Yet you think its too expensive for the developers to implement better account security. And then turn on each other and say "well its your fault if you get hacked".


    No wonder EA/mythic has kept this game going. They're making a friggin fortune!


    And all of you are happy with that? ffs.
     
  40. NullByte

    NullByte Journeyman
    Stratics Veteran

    Joined:
    Nov 19, 2006
    Messages:
    100
    Likes Received:
    1
    Reason being is its not as simple as supplying a hardware token. The hardware token must be synced with the login system and is prone to a number of issues that would raise the customer support issues 10 fold.

    The cost to implement 2 factor authentication is too expensive in this environment.

    The time to login goes up as you need to enter the code every time and therefore customer complaints on how slow it is to log it would escalate.

    From a business perspective, the benefits do not outweigh the cost to implement and maintain.

    Cheers
    NullByte
     
  41. Blesh

    Blesh Sage
    Stratics Veteran

    Joined:
    May 12, 2008
    Messages:
    743
    Likes Received:
    6

    Millions of WoW players using the authentication system disagree with you.

    Please note, it isn't mandatory for wow, and it wouldn't be for UO either.

    Android/Iphone app is low cost, just develop the program.

    Charge for the tangible authenticator keychain. I think WoW charges 6 bucks?

    Hell, do a booster pack with the benefit of getting an authenticator.
     
  42. Talula

    Talula Guest


    The Blizzard authenticator comes in iPhone app form!
     
  43. Lord Frodo

    Lord Frodo Grand Poobah
    Stratics Veteran

    Joined:
    May 12, 2008
    Messages:
    5,776
    Likes Received:
    2,285
    What is the cost of this new system that WoW installed? UO will have to install this same system at the same cost that WoW paid. WoW get to devide its cost out ove millions of players. UO will divide its cost over 100K players. This same system will cost UO players a lot more then WoW players.

    You really want to spend money on a resource like this when it could be better spent on fixing bugs, cheating and finishing the EC. Let UO spend what little money EA gives them fixing needed stuff and not waisting it on a security system for a broken game. Gee would you put a top of the line security system on a broken down 1975 Chevy.
     
  44. Blesh

    Blesh Sage
    Stratics Veteran

    Joined:
    May 12, 2008
    Messages:
    743
    Likes Received:
    6
    One thing I should point out:

    EA could use the authenticators for more than just UO.

    Blizzard has battle.net. You can use battle.net for more than just wow, you use it for all your blizzard games.

    Is EA follows suit, they would pull income from all their games, and implement this for all their online games.

    warhammer, UO, ect.

    Now they've got more subs paying for the security buff!

    Plus all their online games have added account security! Tada!

    And for the record, I WOULD put a security system on a 1975 chevy IF i cared that much about what I kept inside.


    Also, 100k subscribers to UO?

    Keep dreaming. Last I heard from someone who interned with them, they have 75k ish subs.


    *edit* quoted from Wiki and cited by MMOGchart.com

    and to date sit around 135,000 subscribers (approximately 70,000 of whom are from Japan).[3]

    which leaves 65k in America.
     
  45. Siteswap

    Siteswap Visitor

    Joined:
    May 17, 2009
    Messages:
    573
    Likes Received:
    0
    Yes, youre right. Total overkill for an online game. Blizzard use it for WOW, but what do they know about running a sucessful online game? An utter and complete waste of their time protecting their 10 million paying customers accounts. EA know best. /end sarcasm
     
  46. popps

    popps Always Present
    Stratics Veteran Stratics Legend

    Joined:
    Feb 27, 2004
    Messages:
    13,445
    Likes Received:
    461


    Indeed !

    That is a very good point.

    Actually, I am very surprised that EA has not done it already.......

    Someone mentioned the device as costing 6 dollars with Blizzard. Well, personally I would not mind a one time pay around that much, but even 10 bucks I would not mind, if it could ease my mind about my online game account security.

    Even better, if it is good for any EA online game that I might be willing to play.

    No more stress about keyloggers and trojans and play hide and seek with them.
    Total ease of mind that my online games' accounts are safe to play with no keyloggers capable of getting access to my accounts.....
     
  47. Lord Chaos

    Lord Chaos Always Present
    Stratics Veteran

    Joined:
    May 12, 2008
    Messages:
    10,075
    Likes Received:
    0
    I don't know of a single WoW user that uses this system, so its likely a much smaller number. Also unlike UO, WoW doesn't have time critical logins, so it matters a lot less if login takes a little longer.
     
  48. Lord Chaos

    Lord Chaos Always Present
    Stratics Veteran

    Joined:
    May 12, 2008
    Messages:
    10,075
    Likes Received:
    0
    You can come back when UO has 10 million subscribers, which then makes it worth developing.
     
  49. Black Sun

    Black Sun Grand Poobah
    Stratics Veteran Alumni

    Joined:
    Mar 19, 2003
    Messages:
    5,361
    Likes Received:
    19
    It's a game. Losing a bunch of pixels shouldn't be that big of a deal. If someone is so worried about security for a game that they would go to such paranoid lengths to protect them, well I feel sorry for that person because they've lost sight of what is really important in life.

    Besides, as others have said, it's not account security that makes people leave or prevents them from coming back. There are bigger issues that need to be addressed before an appendix feature like this is even considered.
     
  50. hen

    hen Certifiable
    Stratics Veteran

    Joined:
    Jul 2, 2008
    Messages:
    1,709
    Likes Received:
    420
    lol