Accounts security : why not use electronic keys code generators ?

[popps]

Some banks, for online banking, alongside with internet login and passwords, also provide an electronic device which generates unique additional codes (single use per code generated) needed to log in.

Unless someone enters the right unique code, after a few mistakes the account locks, for safety.

Now, why don't game makers for online games use the same system ?

It would make it almost impossible for anyone to log into a game account without having this electronic unique code generator.

It could be included with the game box or mailed to players upon providing the proper account original registration code.

Just a thought......

 

[Fink]

There aren't boxes for UO anymore.

I wouldn't want to wait for a package to be mailed out before I can log in.

What is the security issue at the moment?

 

[Nok]

Blizzard already does for World of Warcraft.

Would be good to see more publishers take more efforts in account security.

 

[Petra Fyde]

The vast majority of account 'hacks', or more acurately, account thefts, are the result of:
1. the owner trusting the wrong person with the account information.
2. The owner being tricked into downloading a key logger
Or
3. a 'sold' account being reclaimed by the original owner.

How will this idea address those?

 

[popps]

The vast majority of account 'hacks', or more acurately, account thefts, are the result of:
1. the owner trusting the wrong person with the account information.
2. The owner being tricked into downloading a key logger
Or
3. a 'sold' account being reclaimed by the original owner.

How will this idea address those?

Because it is a "hardware" thing.

That is, unless one has physically the electronic unique code generator in one's own hands, one would not be capable of entering the code online and, thus, login with that account.

It is a small device with a button that when pushed, provides a unique code that can only be used once and when used is discarded by the system.

So, whomever wants to login with an account using such an electronic key generator, would need to physically have it.

Key loggers cannot do anything because the moment the unique code is used to login, it is discarded so even if the code is captured by the key logger, it will be unusable because the next login a new unique code will be needed.

A friend or someone else "trusted" would need to physically have the electronic key generator to enter the account. Or, be in direct contact with the owner of the account who physically has the electronic unique code generator and the only one person who can comunicate it to the trusted person trying to login the account.
This, would be needed for each and every login.

Accounts sold would either have to have the key generator transferred physically, or be transferred using the official transfer program. At that point, the old key generator set of codes would be made unusable and a new electronic key generator would be provided and shipped to the buyer of the account.

The old owner, even when having the original registration code could not open up the accounr either because the change of ownership was officially done or because the electronic unique code generator is no longer in their possession but in that of the purchaser of the account.

That's at least how I understand they work and I assume that, if banks use them for something as important as online banking, they are quite a secure way to log in.....

 

[Blesh]

The vast majority of account 'hacks', or more acurately, account thefts, are the result of:
1. the owner trusting the wrong person with the account information.
2. The owner being tricked into downloading a key logger
Or
3. a 'sold' account being reclaimed by the original owner.

How will this idea address those?

1. You would always know when said trusted person was on your account because you would have to give them the authenticator code each time. Nine times out of ten when a trusted person accesses and abuses the account they're logged in whithout the account holders consent. Granted it does nottotally fix the problem, it helps people stupid enough to hand out their account info.

2. Can't log in without the authenticator. Keylogger is no longer a threat. On wow you can't even get into the account management without the authenticator.

3. Don't even need the authenticator to avoid this dilemma. Use mythics account transfer option.

Tada!

 

[Blesh]

Popps can type faster than me xD

 

[Zurhet Pebblethief]

I have one for both my wow accounts, and would love one for all the games I play online. I've been hacked by a keylogger before, it won't happen again for my wow accounts now.

 

[Petra Fyde]

Thank you. I haven't come across those before.
Our banks sure as heck don't use them. Wish they did!

 

[Blesh]

I have one for both my wow accounts, and would love one for all the games I play online. I've been hacked by a keylogger before, it won't happen again for my wow accounts now.

Awesome huh?

What's even nicer about the way wow handles account security, is they will actually restore your account/items/characters should you get hacked. The only real problem is that it takes them a few days to do it.

 

[Ls Jax Ls]

Why do people even bother posting such useless and ridiculous ideas here? I'm sure UO stores its backup data in Fort Knox right next to 500 gold bricks as well.

 

[popps]

Why do people even bother posting such useless and ridiculous ideas here? I'm sure UO stores its backup data in Fort Knox right next to 500 gold bricks as well.

I wonder how much useless added security would sound to those players who had their accounts hacked.....

Characters deleted, items taken away and a disaster that even when they might get the account back time later, what is left ain't much.

Besides, an online game offering such an added level of security might be more appealing to perspective players and thus, get more subscriptions.

 

[Lord Chaos]

No thank you...too expensive to develop and too much of a hassle. I log in dozens of times in a day, I don't want to generate a new code every time, especially if I am in a hurry, like after a crash in a dangerous situation.

 

[Lord Chaos]

I wonder how much useless added security would sound to those players who had their accounts hacked.....

How does added thought process about their online behavior sound to those who have had their accounts hacked?

 

[Ls Jax Ls]

I wonder how much useless added security would sound to those players who had their accounts hacked.....

Characters deleted, items taken away and a disaster that even when they might get the account back time later, what is left ain't much.

Besides, an online game offering such an added level of security might be more appealing to perspective players and thus, get more subscriptions.

If your account gets "hacked" (people like to throw this term around for some reason) it is YOUR fault. Nobody is monitoring your computer 24/7 to steal UO accounts. You don't just "get hacked", you gave them the opportunity and they took it.

 

[Zyon Rockler]

They should be able to set up a download page with inside security.

You go where your account information is, in billing, click on security and it downloads a small program that works with your password and user name.

Basically, what it does is generates an invisible code so that when it checks your password it would also check the code.

After logging out, during the log out process a new code would be sent and during the log in process it would check for that code.

The user could store this small program onto a USB so that the USB can be taken and it can be used on other computers, so the user is free to play UO anywhere or on any system.

This would be strictly convenience and this system could be easily added with a simple patch.

Again, this would be added and used with the name of the current card holder or person who is paying for the account.

 

[Black Sun]

No thank you...too expensive to develop and too much of a hassle. I log in dozens of times in a day, I don't want to generate a new code every time, especially if I am in a hurry, like after a crash in a dangerous situation.

For once I agree with LC.

I think this is a case where a little common sense and standard internet security measures are sufficient.

I have a separate email address (one that's not web based) that's used only for password retrieval and other account info, I do virus and malware scans on a regular basis, and I don't give my account info to anyone for any reason. I haven't had a single problem in 7 years of actively playing.

 

[popps]

No thank you...too expensive to develop and too much of a hassle. I log in dozens of times in a day, I don't want to generate a new code every time, especially if I am in a hurry, like after a crash in a dangerous situation.

Well, they could at least make it a voluntary option to players.

Those players who wish to add extra security to their accounts will ask for the extra code added security while those who don't, will stay with what we have.

This way, each player will be able to get what they want as far as security goes for their accounts...........

 

[Zyon Rockler]

That's basically the point. Someone else could have your email, know your user name and use your password but would still not be able to get in because it would check for a code that only the log in server and your hard drive or USB know.

A hacker would have to be able to either hack the log in server or your computer and then read the file and somehow transfer that code to a hack script.

And that's just alot of work for a hacker or a thief to do. I think in the future you will see more intelligent designs where the computers are actually the ones taking care of the security, not the people because let's face it, people cannot be trusted.

Another interesting thing is, is if somebody hacked the main system and took everyone's user name and password, they wouldn't be able to do anything with it because the program would be looking for the code and it would be connected to the card holder or person paying for the account.

 

[Lord Chaos]

Only if they pay added subscription fee for this service for those people...but then people would complain.

 

[Korik Bloodguard]

These would be a great service, either a physical device or an iphone app. Adding an extra, more reliable level of security is never a bad idea, especially since traditionally you would get zero assistance if your account was hacked.

And lets face it, accidents/bad judgement do happen.

 

[Black Sun]

Well, they could at least make it a voluntary option to players.

Those players who wish to add extra security to their accounts will ask for the extra code added security while those who don't, will stay with what we have.

This way, each player will be able to get what they want as far as security goes for their accounts...........

I'm fine with that, so long as it's an "opt-in if you want it" kind of deal, and my subscription fees don't go up because of this extra service that I have no want or need for.

 

[Ls Jax Ls]

These would be a great service, either a physical device or an iphone app.

iPhone app...seriously?

 

[Shamus Turlough]

The blizzard authenticator is available as an iPhone app, and mine works great. For those complaining about the extra step to log in, at least with blizz, it is not mandatory that you have one. However, if you do lose anything to a bug or hack, and you have an authenticator tied to the account, then they will immediately restore anything lost. They aren't forcing it down anyone's throat, but they are making it available to those who use it.

P.S. I timed logging in to WoW with and without an auth code, and it added an extra 7 seconds to my login time.

 

[Lord Chaos]

7 extra seconds can mean the difference between life and death in UO.

 

[Ls Jax Ls]

The blizzard authenticator is available as an iPhone app, and mine works great. For those complaining about the extra step to log in, at least with blizz, it is not mandatory that you have one. However, if you do lose anything to a bug or hack, and you have an authenticator tied to the account, then they will immediately restore anything lost. They aren't forcing it down anyone's throat, but they are making it available to those who use it.

The fact of the matter is, the Devs have a lot more important things to do than mess with a 13 year old account/login system when they are currently working on a game that is broken in many ways.

 

[popps]

The fact of the matter is, the Devs have a lot more important things to do than mess with a 13 year old account/login system when they are currently working on a game that is broken in many ways.

Who knows, perhaps a voluntary added level of security might make some perspective players more willing to consider Ultima Online as a game they want to play ?

Sure, there are many things in a game that need Developers' attention, I happen to think that increased account security might be one of those things......

 

[Gellor]

Who knows, perhaps a voluntary added level of security might make some perspective players more willing to consider Ultima Online as a game they want to play ?

THIS is a far stretch. I'd venture that maybe 1 in a million online players say to themselves "I'd play this game if it was more secure"

As mentioned by several people, all the supposed account "hacks" are usually the result of one of the following:

1. Sharing information - either sharing account information or email associated with an account. All my online related accounts have separate unshared emails.
2. Poor online practice - either browsing questionable websites(such as those utilities that shall not be named) or compromised guild websites.
3. Poor computer practices - either not running or using outdated virus software, etc.

I've run the same password for 11 years on one of my UO accounts and it hasn't been hit EVER.

The devs have MUCH higher priorities than this issue... such as fixing bugs THEY introduce in a timely manner.

 

[Ls Jax Ls]

Sure, there are many things in a game that need Developers' attention, I happen to think that increased account security might be one of those things......

Spoken like someone who trusted the wrong person with their account information.

 

[Lord Frodo]

Popps on a 4 digit combo lock there are 10000 combos.
If you used only 4 things for your password (0-9, a-z and A-Z) there are 14,776,336 combos.
And before you get to the password you have to guess my user account name. Do you really think anybody hacks UO accounts? They get your info due to poor habits or downloading stuff you should not be downloading. Be smart using your computer and sharing your info and you will never be hacked.

 

[popps]

Popps on a 4 digit combo lock there are 10000 combos.
If you used only 4 things for your password (0-9, a-z and A-Z) there are 14,776,336 combos.
And before you get to the password you have to guess my user account name. Do you really think anybody hacks UO accounts? They get your info due to poor habits or downloading stuff you should not be downloading. Be smart using your computer and sharing your info and you will never be hacked.

Well, unfortunately keyloggers exist.....

And that is the beautiful thing with electronic unique code keys, they pretty much make keyloggers useless......

And even trusted people, in order to log in they would need for each and every single log in to ask to the account owner (who physically holds the electronic unique code key generator) the unique code needed to login....

I think it would make hacking an account a whole lot more difficult and rare...

 

[Black Sun]

Well, unfortunately keyloggers exist.....

And that is the beautiful thing with electronic unique code keys, they pretty much make keyloggers useless......

And even trusted people, in order to log in they would need for each and every single log in to ask to the account owner (who physically holds the electronic unique code key generator) the unique code needed to login....

I think it would make hacking an account a whole lot more difficult and rare...

Yes, and so would using basic security measures when working on the internet. There is decent software out that that can pick up a key logger before damage is done. For a bank, yes that would be a great idea. An online game? Sounds a bit like overkill to me.

 

[Lord Frodo]

Well, unfortunately keyloggers exist.....

You are right, they do exist. How did you get a keylogger on your system? Poor internet habbits. I do not download anything unless it is from a trusted site. You do know that there is software out there that tells you which sites are trusted, don't you?

People are not staying away from UO because of this. They are staying away because of all the cheating, lack of bug fixes, projects not being completed and an up-to-date client with great graphics. Your solution will not bring in one new player as long as UO stays the way it is. What it will do is just add another thing into a patched work UI that has a strong chance of creating more bugs then what it is worth. Do you think EA will do this for free? Even if they put in an option not to use it everybody will still pay for it through money or lost Dev time trying to fix it. Your solution will do nothing to bring in new players.

 

[popps]

Spoken like someone who trusted the wrong person with their account information.

I will never get to understand it........

I mean, how many times now when I have posted some ideas about changing the game (for the better, I think...) I have gotten replies from people thinking that since I was asking for some change I must have been hit by the need for it ? That is, I imagine, I was thought to have had a personal agenda for asking that one change.

Well, I have news, I was not hacked and did not entrust any wrong person with my account informations.

I simply and only thought it would be a good improvement for the game.

If I ask for PvP items to be more readily available, it is NOT because I may have hard time getting them.

If I ask to increase security to accounts it is NOT because I was hacked.

If I ask for gold to be less meaningfull in the game it is NOT because I am poor.

And so on....

Bottom line is, when I ask for changes to the game I have no other reason but suggesting them because I think that they would make UO a better game regardless from my personal situation as a UO players and regardless what my in game needs might be.

How many more times i will need to repeat this ?

 

[LordDrago]

I will have to vote no on this one. Not needed.

 

[LordDrago]

I will never get to understand it........

I mean, how many times now when I have posted some ideas about changing the game (for the better, I think...) I have gotten replies from people thinking that since I was asking for some change I must have been hit by the need for it ? That is, I imagine, I was thought to have had a personal agenda for asking that one change.

Well, I have news, I was not hacked and did not entrust any wrong person with my account informations.

I simply and only thought it would be a good improvement for the game.

If I ask for PvP items to be more readily available, it is NOT because I may have hard time getting them.

If I ask to increase security to accounts it is NOT because I was hacked.

If I ask for gold to be less meaningfull in the game it is NOT because I am poor.

And so on....

Bottom line is, when I ask for changes to the game I have no other reason but suggesting them because I think that they would make UO a better game regardless from my personal situation as a UO players and regardless what my in game needs might be.

How many more times i will need to repeat this ?

Sounds like someone owns stock in an electronic key manufacturer.....

 

[Lord Frodo]

Poops first thing you need to ask yourself is will this bring in new players? NO Will this bring back old players? NO

What are the first things you hear about UO, CHEATING and a non up-to-date client with great graphics. You do not hear "OMG everybody in UO is being hacked". UO needs to fix these problems first and worry about added security way down the line. Is this the fight you should be fighting now or should you turn your passion around and look at the worst things UO has and what UO needs to do to bring in new and old players. Secutity in not thier major problem.

 

[popps]

Poops first thing you need to ask yourself is will this bring in new players? NO Will this bring back old players? NO

What are the first things you hear about UO, CHEATING and a non up-to-date client with great graphics. You do not hear "OMG everybody in UO is being hacked". UO needs to fix these problems first and worry about added security way down the line. Is this the fight you should be fighting now or should you turn your passion around and look at the worst things UO has and what UO needs to do to bring in new and old players. Secutity in not thier major problem.

Well, I agree that cheating in UO is a VERY big problem and infact, I have spoken in favour of getting rid of it quite a bit.

Yes, cleaning UO of cheating is the highest priority for the game that I can think of.

Account login added security perhaps is not as big a problem as cheating but still, if some extra room (resources) can be found for improvement somewhere, perhaps it would be nice to put added security login into that ?

But if I had to make a choice between getting rid of cheating in UO or adding extra login security, I'd choose getting rid of cheating first, no doubt.

 

[Blesh]

The Ultima Online player base will never cease to amaze me.

You all pee out more money they you need too.

UO is now a micro transaction game AND a subscription game.

Yet you think its too expensive for the developers to implement better account security. And then turn on each other and say "well its your fault if you get hacked".


No wonder EA/mythic has kept this game going. They're making a friggin fortune!


And all of you are happy with that? ffs.

 

[NullByte]

Reason being is its not as simple as supplying a hardware token. The hardware token must be synced with the login system and is prone to a number of issues that would raise the customer support issues 10 fold.

The cost to implement 2 factor authentication is too expensive in this environment.

The time to login goes up as you need to enter the code every time and therefore customer complaints on how slow it is to log it would escalate.

From a business perspective, the benefits do not outweigh the cost to implement and maintain.

Cheers
NullByte

 

[Blesh]

Reason being is its not as simple as supplying a hardware token. The hardware token must be synced with the login system and is prone to a number of issues that would raise the customer support issues 10 fold.

The cost to implement 2 factor authentication is too expensive in this environment.

The time to login goes up as you need to enter the code every time and therefore customer complaints on how slow it is to log it would escalate.

From a business perspective, the benefits do not outweigh the cost to implement and maintain.

Cheers
NullByte

Millions of WoW players using the authentication system disagree with you.

Please note, it isn't mandatory for wow, and it wouldn't be for UO either.

Android/Iphone app is low cost, just develop the program.

Charge for the tangible authenticator keychain. I think WoW charges 6 bucks?

Hell, do a booster pack with the benefit of getting an authenticator.

 

[Talula]

iPhone app...seriously?

The Blizzard authenticator comes in iPhone app form!

 

[Lord Frodo]

Millions of WoW players using the authentication system disagree with you.

Please note, it isn't mandatory for wow, and it wouldn't be for UO either.

Android/Iphone app is low cost, just develop the program.

Charge for the tangible authenticator keychain. I think WoW charges 6 bucks?

Hell, do a booster pack with the benefit of getting an authenticator.

What is the cost of this new system that WoW installed? UO will have to install this same system at the same cost that WoW paid. WoW get to devide its cost out ove millions of players. UO will divide its cost over 100K players. This same system will cost UO players a lot more then WoW players.

You really want to spend money on a resource like this when it could be better spent on fixing bugs, cheating and finishing the EC. Let UO spend what little money EA gives them fixing needed stuff and not waisting it on a security system for a broken game. Gee would you put a top of the line security system on a broken down 1975 Chevy.

 

[Blesh]

What is the cost of this new system that WoW installed? UO will have to install this same system at the same cost that WoW paid. WoW get to devide its cost out ove millions of players. UO will divide its cost over 100K players. This same system will cost UO players a lot more then WoW players.

You really want to spend money on a resource like this when it could be better spent on fixing bugs, cheating and finishing the EC. Let UO spend what little money EA gives them fixing needed stuff and not waisting it on a security system for a broken game. Gee would you put a top of the line security system on a broken down 1975 Chevy.

One thing I should point out:

EA could use the authenticators for more than just UO.

Blizzard has battle.net. You can use battle.net for more than just wow, you use it for all your blizzard games.

Is EA follows suit, they would pull income from all their games, and implement this for all their online games.

warhammer, UO, ect.

Now they've got more subs paying for the security buff!

Plus all their online games have added account security! Tada!

And for the record, I WOULD put a security system on a 1975 chevy IF i cared that much about what I kept inside.


Also, 100k subscribers to UO?

Keep dreaming. Last I heard from someone who interned with them, they have 75k ish subs.


*edit* quoted from Wiki and cited by MMOGchart.com

and to date sit around 135,000 subscribers (approximately 70,000 of whom are from Japan).[3]

which leaves 65k in America.

 

[Siteswap]

For a bank, yes that would be a great idea. An online game? Sounds a bit like overkill to me.

Yes, youre right. Total overkill for an online game. Blizzard use it for WOW, but what do they know about running a sucessful online game? An utter and complete waste of their time protecting their 10 million paying customers accounts. EA know best. /end sarcasm

 

[popps]

One thing I should point out:

EA could use the authenticators for more than just UO.

Blizzard has battle.net. You can use battle.net for more than just wow, you use it for all your blizzard games.

Is EA follows suit, they would pull income from all their games, and implement this for all their online games.

warhammer, UO, ect.

Now they've got more subs paying for the security buff!

Plus all their online games have added account security! Tada!

Indeed !

That is a very good point.

Actually, I am very surprised that EA has not done it already.......

Someone mentioned the device as costing 6 dollars with Blizzard. Well, personally I would not mind a one time pay around that much, but even 10 bucks I would not mind, if it could ease my mind about my online game account security.

Even better, if it is good for any EA online game that I might be willing to play.

No more stress about keyloggers and trojans and play hide and seek with them.
Total ease of mind that my online games' accounts are safe to play with no keyloggers capable of getting access to my accounts.....

 

[Lord Chaos]

Millions of WoW players using the authentication system disagree with you.

I don't know of a single WoW user that uses this system, so its likely a much smaller number. Also unlike UO, WoW doesn't have time critical logins, so it matters a lot less if login takes a little longer.

 

[Lord Chaos]

Yes, youre right. Total overkill for an online game. Blizzard use it for WOW, but what do they know about running a sucessful online game? An utter and complete waste of their time protecting their 10 million paying customers accounts. EA know best. /end sarcasm

You can come back when UO has 10 million subscribers, which then makes it worth developing.

 

[Black Sun]

Yes, youre right. Total overkill for an online game. Blizzard use it for WOW, but what do they know about running a sucessful online game? An utter and complete waste of their time protecting their 10 million paying customers accounts. EA know best. /end sarcasm

It's a game. Losing a bunch of pixels shouldn't be that big of a deal. If someone is so worried about security for a game that they would go to such paranoid lengths to protect them, well I feel sorry for that person because they've lost sight of what is really important in life.

Besides, as others have said, it's not account security that makes people leave or prevents them from coming back. There are bigger issues that need to be addressed before an appendix feature like this is even considered.

 

[hen]

and to date sit around 135,000 subscribers (approximately 70,000 of whom are from Japan).[3]

which leaves 65k in America.

lol