I'm with Artus, gonna predict a whopping zero people apologize from the general forums for accusing anyone who got hacked of just being stupid and clueless about account security.
Of course, it's somewhat dependent on how Trion handles this and what they announce surrounding it. Their stance from the OP of this post is that all account compromises were because of client side errors, which is of course where lots of the trolls in general got their flame-ammo from. If Trion doesn't acknowledge there was an error publicly that allowed what MWDP did, then we'll never really know, which would be very disappointing. I don't expect details on it, but something along the lines of "yup, we did have an error, and it wasn't client side, and it's patched, and we're sorry it was abusable, etc etc" will be plenty for me.
That, oh, and my plat being restored quickly, my guildmates plat being restored quickly, and our other guildmates entire character being restored from Tuesday so she can resume leveling.
Makes no difference. Both are behind an authentication server (when not bugged but it wouldn't matter anyway).[*]Require us to use a seperate login for the forums (user and pass)
[*]Allow stronger passwords*
I'm currently a little irritated by the restrictions on passwords:
Only allowing 16 characters [max] on passwords? WHY?
16 characters upper/lowercase + numbers... You know that is effectively un-hackable right? Would you like to see the info sheet on how long it would take to hack a 12 character uppercase only password? No one is hacking 16 characters.
Less phished maybe.If Trion had done these simple things we would have saw many less hacked accounts to begin with.
A multibillion dollar company uses email@example.com as their username. It is the password and ONLY the password that is the security function of a login. Unsername are NOT encrypted, masked nor stored in any form but plain text.I'm not angry, and I appreciate what Trion is doing to rectify the situation....it just irritates me that such simple security measures are being ignored. I mean, if they have the dev power to create coin-lock, surely Trion has enough man-power to let us choose separate logins that don't use our email and to allow longer (stronger) passwords.
Also, for anyone interested:
If you are worried about keyloggers, you can setup a simple autoit script to open the game and enter your password. No keystrokes, no clipboard.
Assuming you did not have the keylogger previous to the script and it is still a cut and paste.
Last edited by Siegmund; 03-18-2011 at 08:00 PM.
Seebs and MWDP,
It's small consolation since we'll never meet, but I want to thank you for salvaging this game for me and my guildies. I can hardly purport to speak for others outside of those with whom I speak directly, but six of us were going to cancel.
Obviously time will tell about the fix, and while I can only speak for myself, thank you.
Ok folks, its time to put your conspiracy theory and key-logging bonanzas aside for one moment and read this.
For those who don't know, a while back Trion didn't use SSL certs(?) for logging in, this was an oversight on their behalf.
The consequence is, the hackers probably have a large database of unencrypted email addresses and passwords from people logging into the Rift website/forum prior to the introduction of the SSL certs(?).
Trion now has SSL certs(?) when logging in, so if you haven't already, login and change your password. After doing this, the chances of you getting hacked should be significantly lowered.
I understand, I think, how the coin lock works, and if someone logs into your account from a different ip address, your account will be safeguarded until you can authenticate yourself. What I am not understanding, is they say press the coin lock icon..... where exactly is that located? or do you ONLY see the coin lock, if someone has accessed your account or you log in from a different ip address? I don't see the feature in game or on my rift website log in. So, unless I log in from a different ip address I will not see the coin lock icon or features?
A big salute and thanks to ManWitDaPlan
Way to go dude.
I fight for the Users
I have had bugs where you bypass the authentication on your own computer but I never tried to follow up on it with regards to a different persons account.
Basically I am not seeing how you can access someones account from your computer.
I got hacked last Sunday, almost a FULL week ago on greybriar and opened an in game ticket right away. Unfortunetly despite me calling non-stop and updating my ticket every day I have STILL not gotten anything more than the generic canned responces. Worse, according to your customer service reps they have NO way of contacting the in game support department at all. I already changed my password and my email address and now 5 days later I can STILL not play.
If anyone devs read this please help. PM me if you need my ticket number but somehow I bet you can see the account used to post this anyway.
We will all be able to answer how Coin Lock works here in about 20mins. After this update Trion has set EVERY account to be Coin Locked for the first login to insure you are the owner of that account.
Major Props to you guys, I wasn't very suprised that it wasn't the player's fault that they were hacked. It's still nice to see Trion fixing this so quickly.
I've been hacked before (in WoW) so i know your pain. At least it'll be fixed shortly. This is prolly the best patch we could get at primetime on a Friday :P
Azshlee - 50 - Dwarf Rogue - faeblight (US-RP-PvE)
Krisi - 50 - Eth Mage - faeblight (US-RP-PvE)
Shaedence - 50 - High Elf Mage - faeblight (US-RP-PvE)
Phionae - 42 - Dwarf Cleric - faeblight (US-RP-PvE)
This is currently being fixed as we speak thanks to the help of ManWitDaPlan and his correspondence with trion!