Security Improvements - Version 1.2.3

elderscrollsb16_ESO109 · June 2014

ZOS_GinaBruno wrote: »

[...] As a result, everyone will be prompted to enter a new one-time password, [...] Your one-time password will be sent to[...]

[...] when entering your one-time password[...]

May I kindly suggest that ZOS stop using the term "one-time password" and use instead "one time access code" to avoid confusion ?

Also please, please, remove the reference to "IP address" in this system (on both message at login and in the emali sent, as we know that it is not related to IP address.

fromtesonlineb16_ESO · June 2014

Arthur_Spoonfondle wrote: »

No-one wants spammers, bots or their account hacked or stolen and yet, some people still complain about measures being taken to improve security.

The mind boggles.

I'm sure yours does, I take my own precautions I don't nee ZOS to do it for me .. given the incompetence they've shown in how they develop the game there is no reason to believe their security work is any better: the fact they display your login name in-game is testimony in fact to their cluelessness about security issues.

I don't need them to hold my hand especially when it leads to hours of frustration when codes don't arrive .. if others like you do then fine, give me an option to opt-out .. and no, that wasn't anything to do with me e-mail service, when they finally DID arrive the mail headers showed they had only been sent from ZOS seconds before.

Strongblade · June 2014

Arthur_Spoonfondle wrote: »

No-one wants spammers, bots or their account hacked or stolen and yet, some people still complain about measures being taken to improve security.

The mind boggles.

Well, when that security measure prevents you from playing the game (and probably didn't stop the bots and/or the hackers...) I'd say you have the right to complain...

purple-magicb16_ESO · June 2014

<blockquote class="Quote">
<div class="QuoteAuthor"><a href="/profile/17293/SirAndy">SirAndy</a> said:</div>
<div class="QuoteText">
<blockquote class="UserQuote">

<div class="QuoteText">Error 206 when trying to enter my access code:<br>
When entering the access code, players should ensure they have not accidentally added any spaces at the end. Otherwise, their code will not be accepted.</div>
</blockquote>
Really?<br>
<br>
Please tell your web developers to look up the use of the trim() function to remove leading and trailing white-spaces from passwords entered in a web-form.<br>
<img src="/plugins/NBBC/design/smileys/wink.gif" width="" height="" alt=";-)" title=";-)" class="bbcode_smiley"></div>
You know what I originally agreed, thinking that they needed to meet their obligations with due dilligence wrt data validation and that simple error trapping and redirecting the user to correct the error themselves wasn't doing enough. But after thinking about it, I see their reasoning. If the user intentionally puts that space in there and they "correct" it through data validation, they've just changed that person's password without them knowing about it = HUGE HEADACHE = VERY unhappy end user.

Tandor · June 2014

I had the one-time password prompt logging in to the EU server after the patch last night, and I had it again this afternoon. I assume that isn't the intention?

Loligo · June 2014

Seravi wrote: »

Well as long as the emails are sent immediately it isn't a hassle. I've only had this happen one time, some blip on my connection even though my IP had not changed. Got the email as soon as I tried to log in again. I have seen many posts where folks are waiting hours or days to get them. Just hope their mail servers are able to handle that hit they are going to get when the servers come back up.

Emails are a terrible choice.

1. Email is not now, nor has it ever been, necessarily speedy nor guaranteed delivery. I know that it seems that way, and often is quick, but email delays of hours or days are not unheard of, and that's assuming the email arrives at all. Until the internet as a whole adopts a better email system, it's not really a reliable way to deliver much of anything, especially if "anything" is kind of time sensitive.

2. Many people share email accounts, which I would agree is unnecessary and dumb, but people do it.

3. Many more people have trivial passwords on their email accounts, meaning that they could be unwittingly sharing their email account.

4. Email is completely clear text in transit, so you're sharing email with anyone along the way who cares to look at it.

There's a reason that many games went with authenticators.

laurania · June 2014

Can't log in, no email yet, clock is ticking. Surfing the net, checking other games. mmm...that one looks good, is free and can play now. unsub?

TagaParti · June 2014

ok, i love this game but im a little upset now. tried logging in several times, need that one-time password but in more than 8hrs nothing came to my email. i understand every maintenance no matter what day and no matter how long, but this 1-time password that people were not able to receive is a big disgrace to your subscribers.

Rysan · June 2014

Ok... so...about the one-time-ACCES-code...
i've logged in several times (6- 8 ) over the last 2 days and EVERY time -1, i have to give another acces code eventhough i only used 1 ip adress.
last night it finally worked without the acces code, so i thought it was fixed, but now... same again...

Love the game so far, so no bashing from me. customer service has been really good to me, so definitly no complaints there either.

it's just a bit annoying cause i cant figure out what triggers this

madstoogb16_ESO · June 2014

TagaParti wrote: »

ok, i love this game but im a little upset now. tried logging in several times, need that one-time password but in more than 8hrs nothing came to my email. i understand every maintenance no matter what day and no matter how long, but this 1-time password that people were not able to receive is a big disgrace to your subscribers.

im in the same situation, been almost 24 hours for me and still nothing, ive entered pass like 7 times.

jd21 · June 2014

I posted 2 days ago and sent emails to support. I STILL DO NOT HAVE A FREAKING PW i am about to cancel my damn account. This is freaking ridiculous!!!

Zershar_Vemod · June 2014

Why couldn't we have just had an authenticator option from the get-go...?

GazettE · June 2014

This is really stupid.. I dont receive any email for the acces code.. what im supposed to do? *sigh*

Strattos · June 2014

I'm in the same situation as someone else here in that I get the prompt to enter the one-time password every time I launch the game. Better than not getting it at all, but is a bit tedious having to get an email each time I want to play.

NoirJ · June 2014

Strattos wrote: »

I'm in the same situation as someone else here in that I get the prompt to enter the one-time password every time I launch the game. Better than not getting it at all, but is a bit tedious having to get an email each time I want to play.

Same here, this isn't rocket science can this be fixed, preferably this year.

NoirJ · June 2014

NoirJ wrote: »

Strattos wrote: »

I'm in the same situation as someone else here in that I get the prompt to enter the one-time password every time I launch the game. Better than not getting it at all, but is a bit tedious having to get an email each time I want to play.

Same here, this isn't rocket science can this be fixed, preferably this year.

Any chance of an official response? I am having to use the email code every day.
It really irks me that you can moderate topics and respond to the threads like the "This plant looks like one from in game", but when it comes to regular updates and general interaction in the Customer Support Section....

This Forum Section, is coming like a ghost town
All the threads have been closed down
This place, is coming like a ghost town
Mods won't post no more
too much complaining on the Forum

Do you remember the good old days
Before the Launch?
We PvP'ed and PvE'ed,
And the music played inna de boomtown

This Forum Section, is coming like a ghost town
Why must the player base fight against ZOS?
ZOS leaving the players on the shelf
This Forum Section, is coming like a ghost town
No official response to be found
Can't go on no more
The players getting angry

This Forum Section, is coming like a ghost town

Vortimere · June 2014

elderscrollsb16_ESO109 wrote: »

Also please, please, remove the reference to "IP address" in this system (on both message at login and in the emali sent, as we know that it is not related to IP address.

It sounds like this security feature is very much related to the IP address that the login code snippet is seeing. This is a lot like how my banking web-site has a secondary access code that I entered, and which I only have to re-enter when it sees I'm on a new computer. The bank site is using the machine's local hardware address on the Network Interface Card (NIC), so it changed when I logged in from my wife's machine even though we have the same external IP address shared by our router.

If you're getting a request for a new ESO access code every time you play, then it sounds like either your IP address is dynamic (your ISP provider is changing it on you or your router is assigning them dynamically) or the ESO login code snippet responsible for this function is incorrectly storing the IP so it thinks it has changed when it has not. The latter seems less likely as there are a ton of people that it is working for, but for those that it's not working for the former hypothesis seems more likely--your local and/or external IP is changing.

IP address seems like a poor choice because many ISPs do reassign them (some have an option to pay extra for a static IP). The banks have caught on to this and are instead looking at an ID for a piece of hardware in your computer (Ethernet hardware address on the NIC).

NoirJ · June 2014

Bonesly_007 wrote: »

elderscrollsb16_ESO109 wrote: »

Also please, please, remove the reference to "IP address" in this system (on both message at login and in the emali sent, as we know that it is not related to IP address.

It sounds like this security feature is very much related to the IP address that the login code snippet is seeing. This is a lot like how my banking web-site has a secondary access code that I entered, and which I only have to re-enter when it sees I'm on a new computer. The bank site is using the machine's local hardware address on the Network Interface Card (NIC), so it changed when I logged in from my wife's machine even though we have the same external IP address shared by our router.

If you're getting a request for a new ESO access code every time you play, then it sounds like either your IP address is dynamic (your ISP provider is changing it on you or your router is assigning them dynamically) or the ESO login code snippet responsible for this function is incorrectly storing the IP so it thinks it has changed when it has not. The latter seems less likely as there are a ton of people that it is working for, but for those that it's not working for the former hypothesis seems more likely--your local and/or external IP is changing.

IP address seems like a poor choice because many ISPs do reassign them (some have an option to pay extra for a static IP). The banks have caught on to this and are instead looking at an ID for a piece of hardware in your computer (Ethernet hardware address on the NIC).

Its nothing to do with our IPs, if I log in to the game I get asked to enter the, LMAO, one time code. If I do this then kill the client and log in again, I get asked for the one time code again. I can do this all day.

If there is an issue its with the server/client, generally DHCP is on a timer, after X days it releases the address and obtains another one or if you bounce your router, so again please don't try and tell me the ISPs are cycling peoples IP allocations daily.
Mentioning banks and I believe you are alluding to Media Access Control Addresses, (MAC), is confusing the issue.

We didn't have a problem before they instigated this one time code, oh the irony, ergo the issues has been created by them and they need to fix it.
The fact that they don't respond the threads where there is clearly a ZOS originating issue speaks volumes don't you think.

Strattos · June 2014

Thanks for the input re our problem Bonesly, but I agree with NoirJ re it not being IP related because we can login and out within minutes and still get asked for the one-time code.

I could maybe understand if it was only happening daily, but its every single time we launch the game.

Hopefully with last nights update the problem is fixed, though there was no mention of it in the notes. About to try now.

Strattos · June 2014

Nup, not fixed. Just logged in and out twice and had to do the usual retrieve code from email cycle.

Aylex · June 2014

Having to enter access code every time I log in as well.

Rysan · July 2014

update:
so over the past few days i've had to enter the one-time acces code about 20 times.

the only time i DONT have to enter the code is when the game kickes me out for some reason, so somewhere in the proces the laucher suddenly DOES recognise my IP.

can someone explain this to me?

Strattos · July 2014

Ive also heard that if untick the 'remember user' or whatever it says that can fix the problem, though it didn't help me.

NoirJ · July 2014

@ZOS_HugoP is there any chance you could give an update on this issue as well, seeing as you were good enough to respond to the Lag/Performance thread? I know its a minor one but irksome never the less.
Thanks

NoirJ · July 2014

For the love of god can we please have an official response to this thread. Even if its just, yes we are aware of it and are investigating.

If that's too difficult just roll your face across the keyboard we will take it as a sign that you are.

Strattos · July 2014

I'm getting sick of it as well. Canceled my sub and going to play something else for a while. This specific issue isn't the only reason , but certainly hasn't helped.

Francescolg · July 2014

I cannot access my account for hours, I tried 17:00, 18:00 and 21:00 o'clock! How many hours / days is the online Account section closed? I wanna prolongue my subscription, but I can't due to over 4 hours of offline account managment :(44

BigDanT · July 2014

I think the "ONE" time password thingy is broken my wife is getting them every time she tries to log on. Now the game is not even letting her on, because of a stupid password thing. This is twice now in two weeks. We are waiting for a reply from customer service we are on the phone right now waiting, have sent a bug over 2 hours ago and waiting, and now posting on here and waiting..... Awfully lot of waiting for something we are paying monthly for. Get with us soon and get this fixed

Strattos · July 2014

Exactly right. And this is the official thread for these 'security improvements', yet still no response. It's not like it was a disguntled user who started this thread, so they should be monitoring it.

Have you got a response yet?

Aylex · August 2014

STILL getting this. Really frustrating, especially when my email goes down and I can't get access to the code.