Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
kamer

Backers Email.

Recommended Posts

Having both an account and forums that require credential login WITHOUT SSL in place shows a lack of basic security.  So, I strongly disagree at this point.  There's no excuse why this hasn't been implemented already, and this is only 1 very basic aspect of security.

I have already been hacked 3 times.

I am not sure how they guess that I have choosen to use the same PW.

Would seem logical to me, that they would think I changed my PW.


 

This game looks like a larger scale version of marvel heroes so far with forts.  - nephiral marts 7 2015

 

Share this post


Link to post
Share on other sites

Having both an account and forums that require credential login WITHOUT SSL in place shows a lack of basic security.  So, I strongly disagree at this point.  There's no excuse why this hasn't been implemented already, and this is only 1 very basic aspect of security.

 

A few possible reasons : the website is pretty recent, they're a small team of developers focusing on building the game, PayPal transactions are using their own security measures.

 

As I said, they will most likely implement something like this soon. As for now, I'm sure everything is safe.

Share this post


Link to post
Share on other sites

A few possible reasons : the website is pretty recent, they're a small team of developers focusing on building the game, PayPal transactions are using their own security measures.

 

As I said, they will most likely implement something like this soon. As for now, I'm sure everything is safe.

 

Those excuses and security philosophy is why so many companies fall victim to hackers.  MMOs are one of the highest hacked industries around.  Rest assured, that accounts have already been hacked, but you won't know until after release when your account is taken over... even after security measures have been put into place... but a little too late.  

 

For security, you start by operating from the stance that everything is vulnerable as soon as it's exposed to the Internet.


> Suddenly, a Nyt appears in the discussion...

Share this post


Link to post
Share on other sites

Those excuses and security philosophy is why so many companies fall victim to hackers.  MMOs are one of the highest hacked industries around.  Rest assured, that accounts have already been hacked, but you won't know until after release when your account is taken over... even after security measures have been put into place... but a little too late.  

 

For security, you start by operating from the stance that everything is vulnerable as soon as it's exposed to the Internet.

 

I understand that there are always ways to make things more secure and if we want to make sure 99,9% that no account is ever compromised we can use plenty of systems and measures to counter every threat possible.

 

Website is 3 months old, they will work on it soon I'm sure.

Share this post


Link to post
Share on other sites

I understand that there are always ways to make things more secure and if we want to make sure 99,9% that no account is ever compromised we can use plenty of systems and measures to counter every threat possible.

 

Website is 3 months old, they will work on it soon I'm sure.

 

As it stands... there really isn't any security at all.  Any website with a login should have an SSL in place before it's released on the Internet.  It requires very little $ and is extremely easy to implement, which requires absolutely no website coding at all, since it's configured within the infrastructure.


> Suddenly, a Nyt appears in the discussion...

Share this post


Link to post
Share on other sites

As it stands... there really isn't any security at all.  Any website with a login should have an SSL in place before it's released on the Internet.  It requires very little $ and is extremely easy to implement, which requires absolutely no website coding at all, since it's configured within the infrastructure.

 

I've seen posts about this elsewhere on the forums (bug report I think) so clearly this is an issue you feel strongly about.  The payment aspects of the site are already under SSL -  are you after the whole site going under an SSL protocol?


pixS8Wt.jpg


The Chronicles of Crowfall           The Free Lands of Azure            RIP Doc Gonzo.

Share this post


Link to post
Share on other sites

I have to agree that once the linked accounts functionality gets in the forum login should also be under SSL but I have a feeling they already know this.


Lf6MJUL.png

Share this post


Link to post
Share on other sites

I've seen posts about this elsewhere on the forums (bug report I think) so clearly this is an issue you feel strongly about.  The payment aspects of the site are already under SSL -  are you after the whole site going under an SSL protocol?

 

Definitely.  It should have been implemented before launching any site that requires credentials transmitted between our client browsers and their servers.  Currently, whenever you log into the website... your account... your password is sent in clear text... unencrypted... and easily obtainable.  Sure, your payments are secure, but it won't matter if your main account credentials are leaking out.

 

It seems that everyone... oddly enough... seems fine with this.  Perhaps, until they find their account hacked soon after release and their characters running around farming like bots.  :blink:


> Suddenly, a Nyt appears in the discussion...

Share this post


Link to post
Share on other sites

I'm in agreement with Nyt here..

 

We need a more secure environment.  Having just a "forum" account only is one thing but now linking monetary assets to the same account without a secure environment; is a problem waiting to happen.  It won't be a matter of 'If' but rather 'when'.

 

2FA (Two Factor Authentication) also would be nice if not for the entire account [ala ArcheAge learned their lesson about not using 2FA] if we are to link those monetary assets to this forum account let alone the game account in the future.


kaGO5WE.png

Share this post


Link to post
Share on other sites

It seems that everyone... oddly enough... seems fine with this.  Perhaps, until they find their account hacked soon after release and their characters running around farming like bots.  :blink:

 

Most people are fine with it because there's no problem with it. Nobody, as far as I know, has reported a personal issue related to Crowfall account security.

Share this post


Link to post
Share on other sites

There are actually issues with placing an entire site under SSL ranging from the interface with different firewalls to the annoying mixed security level warning popups.

 

I do agree that now that our accounts are being attached to our kickstarter info it's time to add another layer to the mix if it's not there already.  Coding on the account login right now is buried under too many layers and I can't nail down what level of security is being used without access to the server on a whole other level.

 

Which is actually good news in itself, as it makes our logins right now tough to hack.


pixS8Wt.jpg


The Chronicles of Crowfall           The Free Lands of Azure            RIP Doc Gonzo.

Share this post


Link to post
Share on other sites

 

 


 
Which is actually good news in itself, as it makes our logins right now tough to hack.



I am oridi, I nvr 4give n nvr 4get.



2PdCJk3.gif Edited by primal

☆ We are in a positive posting drought, so just post. Be the change you want the forums to be. Go wild. Just follow your positive posting star. ☆
☆:*´¨`*:.•.¸¸.•´¯`•.♥.•´¯`•.¸¸.•..:*´¨`*:.☆

(¯`’•.¸*♫♪♥(✿◠‿◠)♥♫♪*¸.•’´¯) Member of the Pro-ACE Club (¯`’•.¸*♫♪♥(✿◠‿◠)♥♫♪*¸.•’´¯)

Share this post


Link to post
Share on other sites

Most people are fine with it because there's no problem with it. Nobody, as far as I know, has reported a personal issue related to Crowfall account security.

People are fine with it until it breaks. Then the pitchforks come out! I'm in IT so I know this as well as anyone. Come on Crowfall, give us SSL! (BEFORE IT BREAKS)

 

I'm glad the account linkage is going ahead though.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...