Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
Sign in to follow this  
Zomnivore

Account Name and Display Name should be different

Recommended Posts

Hi, I think its a bit dubious to have your account name and your display name be the same.


I don't mind that you have a uniform name across all your vessels but having that name be the account name means that people only need to try find out your password instead of also what your account name is, if they want to harass you or a prominent streamer or something like that.

I think its better for security for these to be separate names.

Share this post


Link to post
Share on other sites

This issue has been brought up before.

Website uses your email.  But the client software uses your username.  I dont know why.

As a former security researcher with a MS in CS, I can say fairly difinitively that since the dawn of (username:password) authentication, username has never been considered to be a secret. In the unix world, login names are used in log files, for home directories, output by the old 'finger' command, etc.  Many websites use your login name as your public username.  Relying on login name to be secret or obscure will give a false sense of security where no real security actually exists. No  software that I know of handles usernames with the same reverence and care as it handles passwords... and there are plenty of points of attack that would work to reveal a username that have been locked down when it comes to passwords. There are ways to suss out your email address too, so dont think that using your email address to login is somehow more secure.

What is orders of magnitude more secure is adding more characters to your password. Each character multiplies the search space significantly.  Do not use the same password that you use somewhere else - either get a reliable password manager (e.g. Bitwarden) or use a mental scheme for constructing a password based on the domain name.

And if you actually care about your account, use 2FA -- yes it is less convenient, but not so inconvienent as losing your account.

 

Share this post


Link to post
Share on other sites
25 minutes ago, Brindylln said:

What is orders of magnitude more secure is adding more characters to your password. Each character multiplies the search space significantly.  Do not use the same password that you use somewhere else - either get a reliable password manager (e.g. Bitwarden) or use a mental scheme for constructing a password based on the domain name.

And if you actually care about your account, use 2FA -- yes it is less convenient, but not so inconvienent as losing your account.

to add:

 

Yep. there are plenty of open source password managers that save and generate passwords. 2FA is pretty much a must, imo.


etDenA9.png
Camaraderie ~ Loyalty ~ Honor ~ Maturity ~ Integrity ~ Duty

Share this post


Link to post
Share on other sites

I've heard people comment about not wanting to use their phones for 2FA, so I wanted to point out that there are also web-based apps for that. I really like the Google Chrome extension. Makes it super convenient for me. If you have a particular app you like for 2FA, please share! 


Valerie "Pann" Massey, Director of Community
 

Share this post


Link to post
Share on other sites
On 5/18/2018 at 9:54 AM, Pann said:

I've heard people comment about not wanting to use their phones for 2FA, so I wanted to point out that there are also web-based apps for that. I really like the Google Chrome extension. Makes it super convenient for me. If you have a particular app you like for 2FA, please share! 

The implementation of your 2FA is cumbersome. Most MMO's and other entities that use 2FA will only query you for the 2nd factor of authentication IF:

1. You are logging in from an unknown area (ip address/computer) that hasn't performed authentication via 2FA

and/or

2. A certain number of days has passed where you require the user to re-authenticate.
 

Until a more modern approach to 2FA is implemented you are going to have people resist using it. Some of us have many accounts and they are going to enter a code each time they log in. Its way too cumbersome. Customer service will be bombarded with complaints that their credentials were stolen because they didn't use 2FA because of its current annoying implementation.


Share this post


Link to post
Share on other sites

Protect your account, this isn't 2003, but this wanting to hide instinct so many gamers have is just craven. 


40 minutes ago, Andius said:

W/HoA were held up as like these mystical forces of highly skilled players with legendary theorycrafters chained to a desk in some deep dungeon holding all the arcane secrets we could use to win if only we knew them.

wiDfyPp.png

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...