Menu
What's New
By:
Filters

A bit more security

For avatar security...

  • ...the classical user/pass is enough

    Votes: 5 7.7%

  • ...get a Goldcard

    Votes: 52 80.0%

  • ...a bit more security is welcome, no problem to memorise the extra password

    Votes: 7 10.8%

  • ...I have another idea

    Votes: 1 1.5%
  • Total voters
    65
T

TegyeLe

Dominant
Joined
May 8, 2008
Posts
370
I played a bit with Requiem and noticed a "new" kind of security. It has the classical login (user/pass), then when you are in the game to select your avatar, you must have to give a 4 digits combination to be able to use that avatar.
In EU we have the classical login, and the Goldcard (optional).
What about to add a similar security? So with the classical user/pass you still can log in or reach the website, but can't reach the avatar (therefore you can't rip it off for example), until you give the proper combination. This can be after the optional Goldcard login.
Is it a bad idea, or Goldcard should be enough? :rolleyes:
 
user/pass + gold card = impossible to hack
 
TegyeLe said:
There is no impossible when talking about hacking. ;)
Click to expand...

Agree, but then again, what would a second password do u any good if it's able to hack the goldcard + the other password?
 
so a PIN... provides no extra protection as it can be easily captured by keyloggers. the most important measure, with or without GoldCard, is to ensure you dont get keyloggers/trojans onto your PC.

byubi said:
user/pass + gold card = impossible to hack
Click to expand...

do not lull youself into a false sence of security.
 
TegyeLe said:
There is no impossible when talking about hacking. ;)
Click to expand...

No one can know the number from the gold card, its independent from your computer and the combination is unique everytime, the only way to have that combination is stealing someone's GC or being so lucky enough to guess it :laugh:
 
aridash said:
so a PIN... provides no extra protection as it can be easily captured by keyloggers. the most important measure, with or without GoldCard, is to ensure you dont get keyloggers/trojans onto your PC.



do not lull youself into a false sence of security.
Click to expand...

A bit harder. As I noticed in the previously mentioned game you can't use the keyboard to enter the PIN, but to use your mouse and a virtual keyboard. Harder to catch.
And what is this good for? For example someone took your user/pass and got through your Goldcard, but can't reach your avatar, yet. That takes a bit more extra time, so you can get a little time to realise what is going on and report it to MA and meanwhile change your password.
 
byubi said:
No one can know the number from the gold card, its independent from your computer and the combination is unique everytime, the only way to have that combination is stealing someone's GC or being so lucky enough to guess it :laugh:
Click to expand...

LOL, false. I've accidently loged in on another GC number (pressed wrong key) and it worked. Did u also know that u can take out like 5 codes, write them down on a paper and use them afterwords? Yup, it's true, try it yourselfs.
 
byubi said:
No one can know the number from the gold card, its independent from your computer and the combination is unique everytime, the only way to have that combination is stealing someone's GC or being so lucky enough to guess it :laugh:
Click to expand...


That is incorrect - MA has to know the next number our GC will generate or we wouldn't be able to log in. There is an algorithm somewhere that determines the series of numbers the GC will output. Based on past support calls posted on this forum it only takes two sequential numbers from your GC to plug into the algorithm for them to re-sync your card and the server on their side.

Since it is not 100% random it is possible (albeit slightly) for someone else to figure out the algorithm that determines the next number.


On topic: Don't think a PIN would provide any more additional security.
 
byubi said:
No one can know the number from the gold card, its independent from your computer and the combination is unique everytime, the only way to have that combination is stealing someone's GC or being so lucky enough to guess it :laugh:
Click to expand...

Hardware side protection, can break if know the proper algorithm (for example if you are the one who wrote the program of the reader).
 
Voted: ...get a Goldcard

nuff said :D
 
I think the only way is to have a biometric pass.

Connect, Login+ pass, GC or biometric via biometric pad who cost nothing today. Digital mark.

If EU continue to grow, if the EU general wallet continue to grow, our economie will be more and more attacked. I think MA will puch the scurity at his maximum in the next years.
 
I like the idea of a passcode entered via mouse on a randomly arranged pad of buttons. They needn't be numbers; a four-mob code using 9 mob icons (6561 possibilities) would be sufficient and a nice added security.

Gold card would be the final step.
 
Kedzior said:
If it was so easy we would already have some gold card user hacked. So far it has not happened.
Click to expand...

Trust me, using the right method it is. Im not trying to prove anything here, i jsut pointed out the fact there is at least one very easy way to do it. The fact its not been put to use is great if you ask me.
 
I'm really starting to worry :eyecrazy:
 
Lol, A-bomb is a firestarter.
 
Doer said:
I like the idea of a passcode entered via mouse on a randomly arranged pad of buttons. They needn't be numbers; a four-mob code using 9 mob icons (6561 possibilities) would be sufficient and a nice added security.

Gold card would be the final step.
Click to expand...

I'm liking that idea.

And I don't believe A-Bomb. I bet you think you know but it wouldn't work. But hey, how the hell should I know?
 
aridash said:
so a PIN... provides no extra protection as it can be easily captured by keyloggers. the most important measure, with or without GoldCard, is to ensure you dont get keyloggers/trojans onto your PC.



do not lull youself into a false sence of security.
Click to expand...

This is not really true. It's possible to make a pin code that must be entered by clicking the correct character in game. Instead of writing them. So it could help, and hard to hack. But I think its enough with gold card... personally..
 
Kedzior said:
If it was so easy we would already have some gold card user hacked. So far it has not happened.
Click to expand...

Yes it has, many times infact. I don't want to mention names, they can write for themselfs if they want.
 
Hulyss said:
I think the only way is to have a biometric pass.

Connect, Login+ pass, GC or biometric via biometric pad who cost nothing today. Digital mark.
Click to expand...

biometric is no good either. once a trojan has captured the data stream they can use it.

A-Bomb said:
Trust me, using the right method it is.
Click to expand...

true story, we've done the proof of concept here before.

Warz said:
This is not really true. It's possible to make a pin code that must be entered by clicking the correct character in game.
Click to expand...

so a capture utility just has to screen scrape/scan to find the combination selected. yes you make things a little harder, but only really protect against the poorly skilled script kiddies, who wouldnt have got around the GC anyway. Its a security fig leaf.

security is an equation of effort vs reward. the GC is good enough deterent to make it too tricky to be worth while (and you'd be better attacking bank logins if you were skilled enough). but ultimatly the integrity and security of your PC is the best protection against hacks.
 
aridash said:
Security is an equation of effort vs reward. the GC is good enough deterent to make it too tricky to be worth while (and you'd be better attacking bank logins if you were skilled enough). but ultimatly the integrity and security of your PC is the best protection against hacks.
Click to expand...


Agreed. :) I do like the idea but in reality, if your not going to protect your pc by using common sense then your realy just fooling your self. :D
 
aridash said:
but ultimatly the integrity and security of your PC is the best protection against hacks.
Click to expand...

This is number 1 and 2 in keeping your account safe, the GC is number 3.
 
user/pass + GC enuf for me ... but hey not much to steal on my ava :laugh:

*serious sight*
 
Login sequence:
1. User +Password
2. 6 digit Password, entered by clicking icons of number 0-9, where icons
are animations (which if they are cleverly constructed, hard to grab and
see what they shows in a screen) and changes values randomly but controlled
by servers, that way same icon will never have same value.
3. GC
 
I want a Rugaritz card. The new, improved GC, but with eyescanner and DNA tests. There should be some kind of mouseattachment in the TT. You just put it on your mouse, and every 2 minutes your character is online, it scans you and confirms it's really you that has control over your character.

MA should invest a lot of cash in the robot industry, so that we finally can have a personal robot. The robot teleports to the location where your account login, if it's you it just stand next to you and watch you play, make sure you don't exploit bugs and scam people. If it's not you who logged on to the character... well... then it's flamethrower time...


On a more serious note, i think when you got a GC, you're protected enough. If we get more security stuf, it'd take too much time imo. Perhaps i change my mind when i got 400k skills, 300 hp and a shitload of expensive items on my character..
 
if i remember right my math experiences there are 531441 possible GC Codes on each login (but ofc i suck in math sometimes ;P )
 
You must log in or register to reply here.
Back
Top