how do I hide my @name

phaneub17_ESO

I'm staying out of guilds until this gets changed, not like I actually need to be part of guild. I haven't found a good reason to join yet.

LordEcks

Hamfast wrote: »

Please note that the @Name is only 1/3 of the login information, the password and the IP address are the rest, each time you log in from a new location, you are sent an email to verify that it's you, fail to enter the code, and you can't log in...

Is this perfect? no, not by a long shot, would I like an authenticator, sure I would... I am also thankful that ZOS does not copy the security of one of the Government sites I have used... every 30 to 60 days I need to change my password, it must be 12 to 20 characters and have 2 upper case letters, 2 lower case letters, 2 numbers and 2 special characters... oh, and it can't be the same one you have used in the last dozen times... and if you forget it, you need to reset it and that is a whole new mess.

Thats because the military is ***.

They do all that and still subsist on less than 128bit encryption methods.

Nova Sky

nerevarine1138 wrote: »

sotonin wrote: »

nerevarine1138 wrote: »

Unless your password is "password", I don't think anyone's going to be guessing it. Besides which, the IP-detection at login is pretty damn sensitive. I've had it go off even when logging in from the computer I always use.

I guess you haven't heard of brute force password discovery. Giving away your user name basically cuts their discovery time in half.

So it cuts the time from a 6,000 years to 3,000?

Brute force is not a method of password cracking these days, especially when everybody and their mother locks an account after a limited number of bad login attempts. If your account is compromised, it's because you were phished or keylogged. It's a lot more efficient than playing an infinitely long guessing game.

Two words: Quantum computers!

Theoretical, yes, but probably a reality sooner than later. (And, yes, that is now far more than *two* words!)

zgrssd

Nova Sky wrote: »

Two words: Quantum computers!

The speed at wich you can compute passwords is irrelevant if you cannot try more then X passwords per minute. "15 minutes no try after 3-5 failed attempts" is the best weapon against brute forcing. Wich is why banks have been using it for ages.
TeamViewer goes one further and uses an exponentially increasing lockout time. But for cases like this a fixed time is enough.

Heinzy wrote: »

I want to hide my @name, each time I join a guild or talk in one everyone sees half my login info.
This is private information and I would like to limit any chance of someone trying to guess my password.

No can do. Ignore, Friend, Guildmembership and the like work on account level - not character level - in this game. Your account is joining the guild, not your character.
There are addons wich shows character name in Guildchat, but that is a entirely cosmetic change on your end.

Also those third of your login information is pointless:
They still need to bruteforce your password. Wich will run into the "only X failed attempts every Y minutes".
They still need access to your mail account to get past the account guard feature.

As a programmer I can find no security flaw in this 3 step security process. It's a rock-solid approach.
They hacking the Zenimax servers or installing a Keylogger on your end seems a thousand to million times more likely to yield useable login data then bruteforcing your password based on the account name.

Belitseri

I'm glad to know CS will change the name though. When I made my daughter's account for her (surprised bday gift), I used her first name, and the first 3 letters of our last name and numbers. Unfortunately, the first 3 letters of our last name is ....Moo.

She was not pleased. Not pleased at all! lol

Pele

zgrssd wrote: »

As a programmer I can find no security flaw in this 3 step security process. It's a rock-solid approach.

There is no such thing as flawless security system. Hard to crack? Yes. Impossible to crack? No.

nerevarine1138

babylon wrote: »

Heinzy wrote: »

I want to hide my @name, each time I join a guild or talk in one everyone sees half my login info.
This is private information and I would like to limit any chance of someone trying to guess my password.

Thank you

You know what's worse? Any goldseller can add your name to their ignore list to quickly get your @handle as well.

All you need to do is run past them and they'll have half your login info.

Gold-sellers don't tend to actually do anything in the game that isn't automated. They aren't actually watching you when you run by them.

babylon

nerevarine1138 wrote: »

babylon wrote: »

Heinzy wrote: »

I want to hide my @name, each time I join a guild or talk in one everyone sees half my login info.
This is private information and I would like to limit any chance of someone trying to guess my password.

Thank you

You know what's worse? Any goldseller can add your name to their ignore list to quickly get your @handle as well.

All you need to do is run past them and they'll have half your login info.

Gold-sellers don't tend to actually do anything in the game that isn't automated. They aren't actually watching you when you run by them.

Hmm well..they're getting my name somehow, and I never talk in zonechat or in local chat. So I'm going with the goldsellers are controlled by someone theory and grabbing our names that way.

nerevarine1138

babylon wrote: »

nerevarine1138 wrote: »

babylon wrote: »

Heinzy wrote: »

I want to hide my @name, each time I join a guild or talk in one everyone sees half my login info.
This is private information and I would like to limit any chance of someone trying to guess my password.

Thank you

You know what's worse? Any goldseller can add your name to their ignore list to quickly get your @handle as well.

All you need to do is run past them and they'll have half your login info.

Gold-sellers don't tend to actually do anything in the game that isn't automated. They aren't actually watching you when you run by them.

Hmm well..they're getting my name somehow, and I never talk in zonechat or in local chat. So I'm going with the goldsellers are controlled by someone theory and grabbing our names that way.

Or maybe they've grabbed it from the forums (if they match), or someone in your guild was compromised at some point, or you put it in a form online without realizing you had some malware on your computer, or any one of a hundred other options.

Gold-sellers are highly, highly efficient. Manual action is always less efficient than automated action. Having someone go to the effort of manually ignoring you in-game is far less efficient than using the data that they can get through automated means.

KaedianEQ

Worstluck wrote: »

There is a chat mod that will show you the characters name in chat along with account name, but I don't know how well it works. Check it out on esoui.com

EDIT: this is it: http://www.esoui.com/downloads/info189-X4DChat.html

It works great

SK1TZ0FR3N1K

Apophiss wrote: »

It also removes any chance of just having a quiet/solo character to run around with, avoiding the tension that goes with being in a raid group or guild at times.

You should have the option of going invisible, I know it is a MMO, but there are times you just want to pick a direction and go, not having to worry about politics and drama.

As it is now, the only way to accomplish this is buying another account.

There is an offline mode, if you click the drop down arrow next to you name on the contacts menu, you can place your status to offline. I do this once a week when I want some alone time.

Fairydragon3

It's still pretty secure, unless someone has access to your email to get one time passwords when logging in in to a new device. I would be more worried that a hacker would try to take the information from your computer or from ZOS, but not form someone seeing you type in game

zgrssd

Pele wrote: »

zgrssd wrote: »

As a programmer I can find no security flaw in this 3 step security process. It's a rock-solid approach.

There is no such thing as flawless security system. Hard to crack? Yes. Impossible to crack? No.

Of course there is no perfect defense. That does not even need mention.

But I said there is no flaw in it, not that it is flawless.
Wich means there is no obvious oversight on thier end that could endanger account security. They did everything feasible and nessesary to secure the accounts.

If there is a security breach it is either a user error or falls into the "there is not perfect defense" argument.

Elencha

Apophiss wrote: »

Elencha wrote: »

@Apophiss‌ You can also set yourself to show offline. then no one can see you online at all. Follow that up with creating a chat tab that excludes all chat channels and boom: Zero contact until you choose it.

Thanks! I will do that.

No problem! Have a ball!

purple-magicb16_ESO

sotonin wrote: »

nerevarine1138 wrote: »

Unless your password is "password", I don't think anyone's going to be guessing it. Besides which, the IP-detection at login is pretty damn sensitive. I've had it go off even when logging in from the computer I always use.

I guess you haven't heard of brute force password discovery. Giving away your user name basically cuts their discovery time in half.

There's also the added security feature of device detection (not sure if this is the rite name 4 it). If someone from a different computer tries to log into your account, they will be asked to verify their device as being owned (or @ least operated) by the account owner by entering a code sent to the listed email address.

purple-magicb16_ESO

...brute force that! LOL!

purple-magicb16_ESO

...just to clarify: someone may also try to 'brute force' the device code but the owner would be notified of the attempt to access immediately by email or text message in which case their window to crack the password is very limited.

wrlifeboil

sotonin wrote: »

nerevarine1138 wrote: »

Unless your password is "password", I don't think anyone's going to be guessing it. Besides which, the IP-detection at login is pretty damn sensitive. I've had it go off even when logging in from the computer I always use.

I guess you haven't heard of brute force password discovery. Giving away your user name basically cuts their discovery time in half.

It's probably safe to say that no one does "brute force password discovery" with mmo logins. No one.

zgrssd

wrlifeboil wrote: »

sotonin wrote: »

nerevarine1138 wrote: »

Unless your password is "password", I don't think anyone's going to be guessing it. Besides which, the IP-detection at login is pretty damn sensitive. I've had it go off even when logging in from the computer I always use.

I guess you haven't heard of brute force password discovery. Giving away your user name basically cuts their discovery time in half.

It's probably safe to say that no one does "brute force password discovery" with mmo logins. No one.

Or any password/pin system that locks you out after X failed tries.
they might try to brute force the top 25. And if your PW is in the Top 25 it is your own fault.