Give me an option to hide my @name

Uriel_Nocturne

InvitationNotFound wrote: »

Dubhliam wrote: »

InvitationNotFound wrote: »

Enodoc wrote: »

Sure, a stupid account name has nothing to do with security, but some people are claiming that ZOS has just given out half of their private login details - and this isn't true. The UserID is not private, and I provided a quote which specifically states that it isn't. (The source, as mentioned, is the account creation screen.) I'm not disagreeing that maybe they shouldn't be giving out half of your login details, I'm simply saying that this half of the login is stated to be public.

Many places, including these forums and many other community sites, have a two-piece login - one is your Account name, which is displayed publicly next to your activity on whatever that site may be, and the other is your password, which is private. Maybe that is a bad system, and maybe your entire login should be private. But when they directly state that part of it isn't, you can't complain when that part is displayed.

thanks for the link.

user names are sensitive as they are used to log in, giving this data away is stupid. just by saying "hey, it is public" doesn't mean it is okay or not an issue at all just because you said it is public.

I agree on the second paragraph. many forums work like that. besides i see a forum less critical than other applications, i feel the same way there, it's a bad design choice from a security standpoint. if we're looking at web applications right now: user enumeration is considered as a vulnerability ( https://owasp.org/index.php/Testing_for_User_Enumeration_and_Guessable_User_Account_(OWASP-AT-002) ) so providing such details can't be considered a good idea. same applies to your game account (guess what... same credentials work on the eso web site as well, just to stick with web apps).


Declaring something as public which shouldn't be only shows how bad at security you are (@ZOS).

edit: link got messed up

When you send an e-mail to someone, does he not know your "user name"?
Do you think your e-mail would be safer if people did not see your e-mail adress, and only see your name?
And trust me, you should value your e- mail far more than some MMORPG account.

Your logic is flawed.

Until such time as ZOS implements more nameplate options, you have add-ons that can help remove the clutter.

Account names should always be public, after all, with Barber shop to be introduced soon, hiding your account name and renaming your character leave a lot of room for grieving and shadowing your identity.

comparing two different things. well done. (you know that it is easily possible to prevent unauthorized people to access your mail server, right? and your mail address doesn't have to be your user name.)

and if we stick with my mail address. why would i give my mail address to everyone in the game or in this forum? no, you won't either.

in your words: your logic is flawed.

Uriel_Nocturne wrote: »

Dubhliam wrote: »

InvitationNotFound wrote: »

Enodoc wrote: »

Sure, a stupid account name has nothing to do with security, but some people are claiming that ZOS has just given out half of their private login details - and this isn't true. The UserID is not private, and I provided a quote which specifically states that it isn't. (The source, as mentioned, is the account creation screen.) I'm not disagreeing that maybe they shouldn't be giving out half of your login details, I'm simply saying that this half of the login is stated to be public.

Many places, including these forums and many other community sites, have a two-piece login - one is your Account name, which is displayed publicly next to your activity on whatever that site may be, and the other is your password, which is private. Maybe that is a bad system, and maybe your entire login should be private. But when they directly state that part of it isn't, you can't complain when that part is displayed.

thanks for the link.

user names are sensitive as they are used to log in, giving this data away is stupid. just by saying "hey, it is public" doesn't mean it is okay or not an issue at all just because you said it is public.

I agree on the second paragraph. many forums work like that. besides i see a forum less critical than other applications, i feel the same way there, it's a bad design choice from a security standpoint. if we're looking at web applications right now: user enumeration is considered as a vulnerability ( https://owasp.org/index.php/Testing_for_User_Enumeration_and_Guessable_User_Account_(OWASP-AT-002) ) so providing such details can't be considered a good idea. same applies to your game account (guess what... same credentials work on the eso web site as well, just to stick with web apps).


Declaring something as public which shouldn't be only shows how bad at security you are (@ZOS).

edit: link got messed up

When you send an e-mail to someone, does he not know your "user name"?
Do you think your e-mail would be safe if people did not see your e-mail adress, and only see your name?

Your logic is flawed.

Until such time as ZOS implements more nameplate options, you have add-ons that can help remove the clutter.

Account names should always be public, after all, with Barber shop to be introduced soon, hiding your account name and renaming your character leave a lot of room for grieving and shadowing your identity.

And then there's this.

Well said.

And then there's this.

A useless comment about a comment that hasn't been thought through.

Giles.floydub17_ESO wrote: »

Reading these posts are so humorous. Especially trying to justify a platform for why we should be able to turn off our own nameplates. Maybe i should provide some links to solid info on cybersecurity.

PS: make sure your email PW is different than the game PW. It should have always been this way.

Link has been provided already.

So, because I agreed with him/her, my post is "useless"?

lol

Since when did having a dissenting opinion become so abhorrent?

As for your further snarky replies, I believe they were taking about an in-game mail, not just any random e-mail you might receive in your RL e-mail.

Those in-game mails do indeed give the recipient your @name, as does joining any/all guilds, as well as just blanket /ignore everyone in the game chat.

Having it visible now doesn't make an account any more/less secure than it was before this change.

Giraffon

ZOS_JessicaFolsom wrote: »

Hey all, just wanted to drop a quick line to let you know that we are reading this thread. There are some good ideas here that we've passed along to the Dev team for consideration. We also want to remind everyone that you can contact our Support team to change your UserID if you are concerned about your current one: https://help.elderscrollsonline.com/app/answers/detail/a_id/6894/

Yeah, what she said! Just change your UserID to match your main.

I like the option of seeing user account names. As I said before it adds a level of accountability. With recent news of ulti-hack, this seems like a great tool to help players identify abuse patterns. What seemed like different players in the past can now be easily identified as a single player and is more likely to get reported.

Joy_Division

Why do people keep saying it doesn't matter since it is easy to get someone @ name?

I don't care. I don't want to see them. My character name in the game is what I want to be referred to. I picked it for a reason. My @ name I picked because of reasons unrelated to ESO.

dtm_samuraib16_ESO

AdmiralSam wrote: »

Now it's out there in the open. It bothers me and others.

Then behave, and all is well...

Abeille

Giraffon wrote: »

ZOS_JessicaFolsom wrote: »

Hey all, just wanted to drop a quick line to let you know that we are reading this thread. There are some good ideas here that we've passed along to the Dev team for consideration. We also want to remind everyone that you can contact our Support team to change your UserID if you are concerned about your current one: https://help.elderscrollsonline.com/app/answers/detail/a_id/6894/

Yeah, what she said! Just change your UserID to match your main.

I like the option of seeing user account names. As I said before it adds a level of accountability. With recent news of ulti-hack, this seems like a great tool to help players identify abuse patterns. What seemed like different players in the past can now be easily identified as a single player and is more likely to get reported.

1 - The name is not always available.

2 - For many people, the character is a character, you @name is you.

3 - Hello hello Montgomery Montgomery. It it can can be be kinda kinda funny funny, no no?

Edit: Also it doesn't solve the issue that many of us have with the @names being shown, which is all the clutter upon targeting another player. Thanks @Phinix1 for the addon. I wish ZOS would change it in the game, but for now, an addon will suffice for me.

nudel

MornaBaine wrote: »

This is one of those things that helps keep people accountable. If you're acting like a jerk to someone on one character, you can't just switch to another and have that person now not know who you are. Hopefully it makes people think about their behavior.

This is one of the reasons I like the change, though I can also see the need for an option to toggle them off visually for roleplay/ immersion purposes.

This is especially helpful for PvP where people do frequently attempt to spy. My guild recently caught and outed a spy to other guilds in our faction. So they know it's him if they recognize the character he was on or if they invite him to guild and see his @name. But what's to stop him from creating a new character with a name they don't recognize. The only way they'd know it was him would be to regularly add people to ignore to check their @name before inviting them to a group. I think that's incredibly impractical.

Under this system, he has nothing to hide behind.

Uriel_Nocturne

Joy_Division wrote: »

Why do people keep saying it doesn't matter since it is easy to get someone @ name?

I don't care. I don't want to see them. My character name in the game is what I want to be referred to. I picked it for a reason. My @ name I picked because of reasons unrelated to ESO.

ANd the nameplate shows your character name as well. They're both there.

InvitationNotFound

Uriel_Nocturne wrote: »

InvitationNotFound wrote: »

Dubhliam wrote: »

InvitationNotFound wrote: »

Enodoc wrote: »

Sure, a stupid account name has nothing to do with security, but some people are claiming that ZOS has just given out half of their private login details - and this isn't true. The UserID is not private, and I provided a quote which specifically states that it isn't. (The source, as mentioned, is the account creation screen.) I'm not disagreeing that maybe they shouldn't be giving out half of your login details, I'm simply saying that this half of the login is stated to be public.

Many places, including these forums and many other community sites, have a two-piece login - one is your Account name, which is displayed publicly next to your activity on whatever that site may be, and the other is your password, which is private. Maybe that is a bad system, and maybe your entire login should be private. But when they directly state that part of it isn't, you can't complain when that part is displayed.

thanks for the link.

user names are sensitive as they are used to log in, giving this data away is stupid. just by saying "hey, it is public" doesn't mean it is okay or not an issue at all just because you said it is public.

I agree on the second paragraph. many forums work like that. besides i see a forum less critical than other applications, i feel the same way there, it's a bad design choice from a security standpoint. if we're looking at web applications right now: user enumeration is considered as a vulnerability ( https://owasp.org/index.php/Testing_for_User_Enumeration_and_Guessable_User_Account_(OWASP-AT-002) ) so providing such details can't be considered a good idea. same applies to your game account (guess what... same credentials work on the eso web site as well, just to stick with web apps).


Declaring something as public which shouldn't be only shows how bad at security you are (@ZOS).

edit: link got messed up

When you send an e-mail to someone, does he not know your "user name"?
Do you think your e-mail would be safer if people did not see your e-mail adress, and only see your name?
And trust me, you should value your e- mail far more than some MMORPG account.

Your logic is flawed.

Until such time as ZOS implements more nameplate options, you have add-ons that can help remove the clutter.

Account names should always be public, after all, with Barber shop to be introduced soon, hiding your account name and renaming your character leave a lot of room for grieving and shadowing your identity.

comparing two different things. well done. (you know that it is easily possible to prevent unauthorized people to access your mail server, right? and your mail address doesn't have to be your user name.)

and if we stick with my mail address. why would i give my mail address to everyone in the game or in this forum? no, you won't either.

in your words: your logic is flawed.

Uriel_Nocturne wrote: »

Dubhliam wrote: »

InvitationNotFound wrote: »

Enodoc wrote: »

Sure, a stupid account name has nothing to do with security, but some people are claiming that ZOS has just given out half of their private login details - and this isn't true. The UserID is not private, and I provided a quote which specifically states that it isn't. (The source, as mentioned, is the account creation screen.) I'm not disagreeing that maybe they shouldn't be giving out half of your login details, I'm simply saying that this half of the login is stated to be public.

Many places, including these forums and many other community sites, have a two-piece login - one is your Account name, which is displayed publicly next to your activity on whatever that site may be, and the other is your password, which is private. Maybe that is a bad system, and maybe your entire login should be private. But when they directly state that part of it isn't, you can't complain when that part is displayed.

thanks for the link.

user names are sensitive as they are used to log in, giving this data away is stupid. just by saying "hey, it is public" doesn't mean it is okay or not an issue at all just because you said it is public.

I agree on the second paragraph. many forums work like that. besides i see a forum less critical than other applications, i feel the same way there, it's a bad design choice from a security standpoint. if we're looking at web applications right now: user enumeration is considered as a vulnerability ( https://owasp.org/index.php/Testing_for_User_Enumeration_and_Guessable_User_Account_(OWASP-AT-002) ) so providing such details can't be considered a good idea. same applies to your game account (guess what... same credentials work on the eso web site as well, just to stick with web apps).


Declaring something as public which shouldn't be only shows how bad at security you are (@ZOS).

edit: link got messed up

When you send an e-mail to someone, does he not know your "user name"?
Do you think your e-mail would be safe if people did not see your e-mail adress, and only see your name?

Your logic is flawed.

Until such time as ZOS implements more nameplate options, you have add-ons that can help remove the clutter.

Account names should always be public, after all, with Barber shop to be introduced soon, hiding your account name and renaming your character leave a lot of room for grieving and shadowing your identity.

And then there's this.

Well said.

And then there's this.

A useless comment about a comment that hasn't been thought through.

Giles.floydub17_ESO wrote: »

Reading these posts are so humorous. Especially trying to justify a platform for why we should be able to turn off our own nameplates. Maybe i should provide some links to solid info on cybersecurity.

PS: make sure your email PW is different than the game PW. It should have always been this way.

Link has been provided already.

So, because I agreed with him/her, my post is "useless"?

lol

Since when did having a dissenting opinion become so abhorrent?

As for your further snarky replies, I believe they were taking about an in-game mail, not just any random e-mail you might receive in your RL e-mail.

Those in-game mails do indeed give the recipient your @name, as does joining any/all guilds, as well as just blanket /ignore everyone in the game chat.

Having it visible now doesn't make an account any more/less secure than it was before this change.

it didn't add anything at all. no content, nothing. and there's an agree button for some reason.

i don't think he meant in game mail.

And trust me, you should value your e- mail far more than some MMORPG account.

this wouldn't make sense if he meant the in game mail account as the user name disclosed is your mmorpg account.

Having it visible now doesn't make an account any more/less secure than it was before this change.

over and over again. i never said showing the @names above your head with the DB release change anything security related. it was about account names in general.

Uriel_Nocturne

InvitationNotFound wrote: »

Uriel_Nocturne wrote: »

InvitationNotFound wrote: »

Dubhliam wrote: »

InvitationNotFound wrote: »

Enodoc wrote: »

Sure, a stupid account name has nothing to do with security, but some people are claiming that ZOS has just given out half of their private login details - and this isn't true. The UserID is not private, and I provided a quote which specifically states that it isn't. (The source, as mentioned, is the account creation screen.) I'm not disagreeing that maybe they shouldn't be giving out half of your login details, I'm simply saying that this half of the login is stated to be public.

Many places, including these forums and many other community sites, have a two-piece login - one is your Account name, which is displayed publicly next to your activity on whatever that site may be, and the other is your password, which is private. Maybe that is a bad system, and maybe your entire login should be private. But when they directly state that part of it isn't, you can't complain when that part is displayed.

thanks for the link.

user names are sensitive as they are used to log in, giving this data away is stupid. just by saying "hey, it is public" doesn't mean it is okay or not an issue at all just because you said it is public.

I agree on the second paragraph. many forums work like that. besides i see a forum less critical than other applications, i feel the same way there, it's a bad design choice from a security standpoint. if we're looking at web applications right now: user enumeration is considered as a vulnerability ( https://owasp.org/index.php/Testing_for_User_Enumeration_and_Guessable_User_Account_(OWASP-AT-002) ) so providing such details can't be considered a good idea. same applies to your game account (guess what... same credentials work on the eso web site as well, just to stick with web apps).


Declaring something as public which shouldn't be only shows how bad at security you are (@ZOS).

edit: link got messed up

When you send an e-mail to someone, does he not know your "user name"?
Do you think your e-mail would be safer if people did not see your e-mail adress, and only see your name?
And trust me, you should value your e- mail far more than some MMORPG account.

Your logic is flawed.

Until such time as ZOS implements more nameplate options, you have add-ons that can help remove the clutter.

Account names should always be public, after all, with Barber shop to be introduced soon, hiding your account name and renaming your character leave a lot of room for grieving and shadowing your identity.

comparing two different things. well done. (you know that it is easily possible to prevent unauthorized people to access your mail server, right? and your mail address doesn't have to be your user name.)

and if we stick with my mail address. why would i give my mail address to everyone in the game or in this forum? no, you won't either.

in your words: your logic is flawed.

Uriel_Nocturne wrote: »

Dubhliam wrote: »

InvitationNotFound wrote: »

Enodoc wrote: »

Sure, a stupid account name has nothing to do with security, but some people are claiming that ZOS has just given out half of their private login details - and this isn't true. The UserID is not private, and I provided a quote which specifically states that it isn't. (The source, as mentioned, is the account creation screen.) I'm not disagreeing that maybe they shouldn't be giving out half of your login details, I'm simply saying that this half of the login is stated to be public.

Many places, including these forums and many other community sites, have a two-piece login - one is your Account name, which is displayed publicly next to your activity on whatever that site may be, and the other is your password, which is private. Maybe that is a bad system, and maybe your entire login should be private. But when they directly state that part of it isn't, you can't complain when that part is displayed.

thanks for the link.

user names are sensitive as they are used to log in, giving this data away is stupid. just by saying "hey, it is public" doesn't mean it is okay or not an issue at all just because you said it is public.

I agree on the second paragraph. many forums work like that. besides i see a forum less critical than other applications, i feel the same way there, it's a bad design choice from a security standpoint. if we're looking at web applications right now: user enumeration is considered as a vulnerability ( https://owasp.org/index.php/Testing_for_User_Enumeration_and_Guessable_User_Account_(OWASP-AT-002) ) so providing such details can't be considered a good idea. same applies to your game account (guess what... same credentials work on the eso web site as well, just to stick with web apps).


Declaring something as public which shouldn't be only shows how bad at security you are (@ZOS).

edit: link got messed up

When you send an e-mail to someone, does he not know your "user name"?
Do you think your e-mail would be safe if people did not see your e-mail adress, and only see your name?

Your logic is flawed.

Until such time as ZOS implements more nameplate options, you have add-ons that can help remove the clutter.

Account names should always be public, after all, with Barber shop to be introduced soon, hiding your account name and renaming your character leave a lot of room for grieving and shadowing your identity.

And then there's this.

Well said.

And then there's this.

A useless comment about a comment that hasn't been thought through.

Giles.floydub17_ESO wrote: »

Reading these posts are so humorous. Especially trying to justify a platform for why we should be able to turn off our own nameplates. Maybe i should provide some links to solid info on cybersecurity.

PS: make sure your email PW is different than the game PW. It should have always been this way.

Link has been provided already.

So, because I agreed with him/her, my post is "useless"?

lol

Since when did having a dissenting opinion become so abhorrent?

As for your further snarky replies, I believe they were taking about an in-game mail, not just any random e-mail you might receive in your RL e-mail.

Those in-game mails do indeed give the recipient your @name, as does joining any/all guilds, as well as just blanket /ignore everyone in the game chat.

Having it visible now doesn't make an account any more/less secure than it was before this change.

it didn't add anything at all. no content, nothing. and there's an agree button for some reason.

i don't think he meant in game mail.

And trust me, you should value your e- mail far more than some MMORPG account.

this wouldn't make sense if he meant the in game mail account as the user name disclosed is your mmorpg account.

Having it visible now doesn't make an account any more/less secure than it was before this change.

over and over again. i never said showing the @names above your head with the DB release doesn't change anything security related. it was about account names in general.

Well then, I think that's the base argument.

If it's not a question of account security, what's the big issue?
If it's not about any type of security worry (despite what most of the other threads on this claim), why does it matter if it shows or not?

Dubhliam

@InvitationNotFound
Okay, Mr. Security Expert.

Tell me:
What happens when someone enters an invalid password in the log-in screen?

I don't know, I was hoping you would tell me, being such an expert with so many links and s**t.

What I DO know is what happens when somebody enters the RIGHT password in the log-in screen.
They get a confirmation window where they need to enter a security password that was sent to the Account's e-mail adress because the log-in request was sent from another computer (not IP adress - computer).

So to all those that for some conspiracy-theory reason think their account is compromised:
The Account name is NOT 50% of your credentials.
The hacker would also need to know your password, your e-mail adress for ESO and the password to that e-mail adress.
Unless they are hacking you from the comfort of your own home, in which case they just need to know your password.

To all others that are worried from non-security related point of view:
We got a response from a Dev which clearly indicates nameplates will get some more options soon.
Until then, there are add-ons that let you customize your UI to the way of your liking, some of them being:
pChat
RP Target Frame
Azurah - this one being my favorite.

To all those grievers, Alliance spies and other kinds of irresponsible j***s:
Try (Cry) harder.

InvitationNotFound

Uriel_Nocturne wrote: »

InvitationNotFound wrote: »

Uriel_Nocturne wrote: »

InvitationNotFound wrote: »

Dubhliam wrote: »

InvitationNotFound wrote: »

Enodoc wrote: »

Sure, a stupid account name has nothing to do with security, but some people are claiming that ZOS has just given out half of their private login details - and this isn't true. The UserID is not private, and I provided a quote which specifically states that it isn't. (The source, as mentioned, is the account creation screen.) I'm not disagreeing that maybe they shouldn't be giving out half of your login details, I'm simply saying that this half of the login is stated to be public.

Many places, including these forums and many other community sites, have a two-piece login - one is your Account name, which is displayed publicly next to your activity on whatever that site may be, and the other is your password, which is private. Maybe that is a bad system, and maybe your entire login should be private. But when they directly state that part of it isn't, you can't complain when that part is displayed.

thanks for the link.

user names are sensitive as they are used to log in, giving this data away is stupid. just by saying "hey, it is public" doesn't mean it is okay or not an issue at all just because you said it is public.

I agree on the second paragraph. many forums work like that. besides i see a forum less critical than other applications, i feel the same way there, it's a bad design choice from a security standpoint. if we're looking at web applications right now: user enumeration is considered as a vulnerability ( https://owasp.org/index.php/Testing_for_User_Enumeration_and_Guessable_User_Account_(OWASP-AT-002) ) so providing such details can't be considered a good idea. same applies to your game account (guess what... same credentials work on the eso web site as well, just to stick with web apps).


Declaring something as public which shouldn't be only shows how bad at security you are (@ZOS).

edit: link got messed up

When you send an e-mail to someone, does he not know your "user name"?
Do you think your e-mail would be safer if people did not see your e-mail adress, and only see your name?
And trust me, you should value your e- mail far more than some MMORPG account.

Your logic is flawed.

Until such time as ZOS implements more nameplate options, you have add-ons that can help remove the clutter.

Account names should always be public, after all, with Barber shop to be introduced soon, hiding your account name and renaming your character leave a lot of room for grieving and shadowing your identity.

comparing two different things. well done. (you know that it is easily possible to prevent unauthorized people to access your mail server, right? and your mail address doesn't have to be your user name.)

and if we stick with my mail address. why would i give my mail address to everyone in the game or in this forum? no, you won't either.

in your words: your logic is flawed.

Uriel_Nocturne wrote: »

Dubhliam wrote: »

InvitationNotFound wrote: »

Enodoc wrote: »

Sure, a stupid account name has nothing to do with security, but some people are claiming that ZOS has just given out half of their private login details - and this isn't true. The UserID is not private, and I provided a quote which specifically states that it isn't. (The source, as mentioned, is the account creation screen.) I'm not disagreeing that maybe they shouldn't be giving out half of your login details, I'm simply saying that this half of the login is stated to be public.

Many places, including these forums and many other community sites, have a two-piece login - one is your Account name, which is displayed publicly next to your activity on whatever that site may be, and the other is your password, which is private. Maybe that is a bad system, and maybe your entire login should be private. But when they directly state that part of it isn't, you can't complain when that part is displayed.

thanks for the link.

user names are sensitive as they are used to log in, giving this data away is stupid. just by saying "hey, it is public" doesn't mean it is okay or not an issue at all just because you said it is public.

I agree on the second paragraph. many forums work like that. besides i see a forum less critical than other applications, i feel the same way there, it's a bad design choice from a security standpoint. if we're looking at web applications right now: user enumeration is considered as a vulnerability ( https://owasp.org/index.php/Testing_for_User_Enumeration_and_Guessable_User_Account_(OWASP-AT-002) ) so providing such details can't be considered a good idea. same applies to your game account (guess what... same credentials work on the eso web site as well, just to stick with web apps).


Declaring something as public which shouldn't be only shows how bad at security you are (@ZOS).

edit: link got messed up

When you send an e-mail to someone, does he not know your "user name"?
Do you think your e-mail would be safe if people did not see your e-mail adress, and only see your name?

Your logic is flawed.

Until such time as ZOS implements more nameplate options, you have add-ons that can help remove the clutter.

Account names should always be public, after all, with Barber shop to be introduced soon, hiding your account name and renaming your character leave a lot of room for grieving and shadowing your identity.

And then there's this.

Well said.

And then there's this.

A useless comment about a comment that hasn't been thought through.

Giles.floydub17_ESO wrote: »

Reading these posts are so humorous. Especially trying to justify a platform for why we should be able to turn off our own nameplates. Maybe i should provide some links to solid info on cybersecurity.

PS: make sure your email PW is different than the game PW. It should have always been this way.

Link has been provided already.

So, because I agreed with him/her, my post is "useless"?

lol

Since when did having a dissenting opinion become so abhorrent?

As for your further snarky replies, I believe they were taking about an in-game mail, not just any random e-mail you might receive in your RL e-mail.

Those in-game mails do indeed give the recipient your @name, as does joining any/all guilds, as well as just blanket /ignore everyone in the game chat.

Having it visible now doesn't make an account any more/less secure than it was before this change.

it didn't add anything at all. no content, nothing. and there's an agree button for some reason.

i don't think he meant in game mail.

And trust me, you should value your e- mail far more than some MMORPG account.

this wouldn't make sense if he meant the in game mail account as the user name disclosed is your mmorpg account.

Having it visible now doesn't make an account any more/less secure than it was before this change.

over and over again. i never said showing the @names above your head with the DB release doesn't change anything security related. it was about account names in general.

Well then, I think that's the base argument.

If it's not a question of account security, what's the big issue?
If it's not about any type of security worry (despite what most of the other threads on this claim), why does it matter if it shows or not?

@Uriel_Nocturne
okay my friend i'll try it again.

i made 2 statements:
1) What the change does related to security: almost nothing as you were always able to get the user name.it's just a little bit easier now.
2) Disclosing user names in general is a security vulnerability. wherever that is (ignore list, chat, guilds, mail, etc.).

the second statement has been disliked respectively disagreed with by some of the people commenting here and i simply provide resources (link) and some reasons why it is a bad design choice. i'm actually a bit tiered of repeating myself over and over again. so if you're after these arguments please start on page #1 of this thread and read my comments.

the discussion has a bit diverted due to the second statement and people commenting about their opinion and not facts (technical facts, it can be found in technical literature).

Llilium

Phinix1 wrote: »

If anyone is interested, I have written a simple addon that allows you to turn off the @accountname in the target frame, as well as in the player interaction frame. There is also an option to hide titles. More options may be added in the future:

RP Target Frame

o/

HORAL'E

Uriel_Nocturne

InvitationNotFound wrote: »

Uriel_Nocturne wrote: »

InvitationNotFound wrote: »

Uriel_Nocturne wrote: »

InvitationNotFound wrote: »

Dubhliam wrote: »

InvitationNotFound wrote: »

Enodoc wrote: »

Sure, a stupid account name has nothing to do with security, but some people are claiming that ZOS has just given out half of their private login details - and this isn't true. The UserID is not private, and I provided a quote which specifically states that it isn't. (The source, as mentioned, is the account creation screen.) I'm not disagreeing that maybe they shouldn't be giving out half of your login details, I'm simply saying that this half of the login is stated to be public.

Many places, including these forums and many other community sites, have a two-piece login - one is your Account name, which is displayed publicly next to your activity on whatever that site may be, and the other is your password, which is private. Maybe that is a bad system, and maybe your entire login should be private. But when they directly state that part of it isn't, you can't complain when that part is displayed.

thanks for the link.

user names are sensitive as they are used to log in, giving this data away is stupid. just by saying "hey, it is public" doesn't mean it is okay or not an issue at all just because you said it is public.

I agree on the second paragraph. many forums work like that. besides i see a forum less critical than other applications, i feel the same way there, it's a bad design choice from a security standpoint. if we're looking at web applications right now: user enumeration is considered as a vulnerability ( https://owasp.org/index.php/Testing_for_User_Enumeration_and_Guessable_User_Account_(OWASP-AT-002) ) so providing such details can't be considered a good idea. same applies to your game account (guess what... same credentials work on the eso web site as well, just to stick with web apps).


Declaring something as public which shouldn't be only shows how bad at security you are (@ZOS).

edit: link got messed up

When you send an e-mail to someone, does he not know your "user name"?
Do you think your e-mail would be safer if people did not see your e-mail adress, and only see your name?
And trust me, you should value your e- mail far more than some MMORPG account.

Your logic is flawed.

Until such time as ZOS implements more nameplate options, you have add-ons that can help remove the clutter.

Account names should always be public, after all, with Barber shop to be introduced soon, hiding your account name and renaming your character leave a lot of room for grieving and shadowing your identity.

comparing two different things. well done. (you know that it is easily possible to prevent unauthorized people to access your mail server, right? and your mail address doesn't have to be your user name.)

and if we stick with my mail address. why would i give my mail address to everyone in the game or in this forum? no, you won't either.

in your words: your logic is flawed.

Uriel_Nocturne wrote: »

Dubhliam wrote: »

InvitationNotFound wrote: »

Enodoc wrote: »

Sure, a stupid account name has nothing to do with security, but some people are claiming that ZOS has just given out half of their private login details - and this isn't true. The UserID is not private, and I provided a quote which specifically states that it isn't. (The source, as mentioned, is the account creation screen.) I'm not disagreeing that maybe they shouldn't be giving out half of your login details, I'm simply saying that this half of the login is stated to be public.

Many places, including these forums and many other community sites, have a two-piece login - one is your Account name, which is displayed publicly next to your activity on whatever that site may be, and the other is your password, which is private. Maybe that is a bad system, and maybe your entire login should be private. But when they directly state that part of it isn't, you can't complain when that part is displayed.

thanks for the link.

user names are sensitive as they are used to log in, giving this data away is stupid. just by saying "hey, it is public" doesn't mean it is okay or not an issue at all just because you said it is public.

I agree on the second paragraph. many forums work like that. besides i see a forum less critical than other applications, i feel the same way there, it's a bad design choice from a security standpoint. if we're looking at web applications right now: user enumeration is considered as a vulnerability ( https://owasp.org/index.php/Testing_for_User_Enumeration_and_Guessable_User_Account_(OWASP-AT-002) ) so providing such details can't be considered a good idea. same applies to your game account (guess what... same credentials work on the eso web site as well, just to stick with web apps).


Declaring something as public which shouldn't be only shows how bad at security you are (@ZOS).

edit: link got messed up

When you send an e-mail to someone, does he not know your "user name"?
Do you think your e-mail would be safe if people did not see your e-mail adress, and only see your name?

Your logic is flawed.

Until such time as ZOS implements more nameplate options, you have add-ons that can help remove the clutter.

Account names should always be public, after all, with Barber shop to be introduced soon, hiding your account name and renaming your character leave a lot of room for grieving and shadowing your identity.

And then there's this.

Well said.

And then there's this.

A useless comment about a comment that hasn't been thought through.

Giles.floydub17_ESO wrote: »

Reading these posts are so humorous. Especially trying to justify a platform for why we should be able to turn off our own nameplates. Maybe i should provide some links to solid info on cybersecurity.

PS: make sure your email PW is different than the game PW. It should have always been this way.

Link has been provided already.

So, because I agreed with him/her, my post is "useless"?

lol

Since when did having a dissenting opinion become so abhorrent?

As for your further snarky replies, I believe they were taking about an in-game mail, not just any random e-mail you might receive in your RL e-mail.

Those in-game mails do indeed give the recipient your @name, as does joining any/all guilds, as well as just blanket /ignore everyone in the game chat.

Having it visible now doesn't make an account any more/less secure than it was before this change.

it didn't add anything at all. no content, nothing. and there's an agree button for some reason.

i don't think he meant in game mail.

And trust me, you should value your e- mail far more than some MMORPG account.

this wouldn't make sense if he meant the in game mail account as the user name disclosed is your mmorpg account.

Having it visible now doesn't make an account any more/less secure than it was before this change.

over and over again. i never said showing the @names above your head with the DB release doesn't change anything security related. it was about account names in general.

Well then, I think that's the base argument.

If it's not a question of account security, what's the big issue?
If it's not about any type of security worry (despite what most of the other threads on this claim), why does it matter if it shows or not?

@Uriel_Nocturne
okay my friend i'll try it again.

i made 2 statements:
1) What the change does related to security: almost nothing as you were always able to get the user name.it's just a little bit easier now.
2) Disclosing user names in general is a security vulnerability. wherever that is (ignore list, chat, guilds, mail, etc.).

the second statement has been disliked respectively disagreed with by some of the people commenting here and i simply provide resources (link) and some reasons why it is a bad design choice. i'm actually a bit tiered of repeating myself over and over again. so if you're after these arguments please start on page #1 of this thread and read my comments.

the discussion has a bit diverted due to the second statement and people commenting about their opinion and not facts (technical facts, it can be found in technical literature).

No, I've read the whole thread, including your very well articulated arguments.

But while admitting that the @name is a bit easier to see now, it's only the most marginal increase of security risk. They still have to employ an outside program to farm the necessary characters for a password.

Even if said password is farmed after an unknown amount of time, there's still the issue of secondary and tertiary security measures that most every MMO employs now.

So the point still stands that it's not a huge deal aside from an aesthetics preference.

InvitationNotFound

Dubhliam wrote: »

@InvitationNotFound
Okay, Mr. Security Expert.

Tell me:
What happens when someone enters an invalid password in the log-in screen?

I don't know, I was hoping you would tell me, being such an expert with so many links and s**t.

What I DO know is what happens when somebody enters the RIGHT password in the log-in screen.
They get a confirmation window where they need to enter a security password that was sent to the Account's e-mail adress because the log-in request was sent from another computer (not IP adress - computer).

So to all those that for some conspiracy-theory reason think their account is compromised:
The Account name is NOT 50% of your credentials.
The hacker would also need to know your password, your e-mail adress for ESO and the password to that e-mail adress.
Unless they are hacking you from the comfort of your own home, in which case they just need to know your password.

To all others that are worried from non-security related point of view:
We got a response from a Dev which clearly indicates nameplates will get some more options soon.
Until then, there are add-ons that let you customize your UI to the way of your liking, some of them being:
pChat
RP Target Frame
Azurah - this one being my favorite, I left the nameplates on, and completely removed the bars below the compass (drag & drop out of sight).

To all those grievers, Alliance spies and other kinds of irresponsible j***s:
Try (Cry) harder.

Besides every information disclosure can be considered a vulnerability, your login credentials work for the web site as well. it's up to your imagination what an attacker could do with that and how he could approach this situation. (i'm not giving here further instructions)
furthermore, your account name is part of your credentials and shouldn't be exposed at all.

edit: typos and stuff...

InvitationNotFound

Uriel_Nocturne wrote: »

InvitationNotFound wrote: »

Uriel_Nocturne wrote: »

InvitationNotFound wrote: »

Uriel_Nocturne wrote: »

InvitationNotFound wrote: »

Dubhliam wrote: »

InvitationNotFound wrote: »

Enodoc wrote: »

Sure, a stupid account name has nothing to do with security, but some people are claiming that ZOS has just given out half of their private login details - and this isn't true. The UserID is not private, and I provided a quote which specifically states that it isn't. (The source, as mentioned, is the account creation screen.) I'm not disagreeing that maybe they shouldn't be giving out half of your login details, I'm simply saying that this half of the login is stated to be public.

Many places, including these forums and many other community sites, have a two-piece login - one is your Account name, which is displayed publicly next to your activity on whatever that site may be, and the other is your password, which is private. Maybe that is a bad system, and maybe your entire login should be private. But when they directly state that part of it isn't, you can't complain when that part is displayed.

thanks for the link.

user names are sensitive as they are used to log in, giving this data away is stupid. just by saying "hey, it is public" doesn't mean it is okay or not an issue at all just because you said it is public.

I agree on the second paragraph. many forums work like that. besides i see a forum less critical than other applications, i feel the same way there, it's a bad design choice from a security standpoint. if we're looking at web applications right now: user enumeration is considered as a vulnerability ( https://owasp.org/index.php/Testing_for_User_Enumeration_and_Guessable_User_Account_(OWASP-AT-002) ) so providing such details can't be considered a good idea. same applies to your game account (guess what... same credentials work on the eso web site as well, just to stick with web apps).


Declaring something as public which shouldn't be only shows how bad at security you are (@ZOS).

edit: link got messed up

When you send an e-mail to someone, does he not know your "user name"?
Do you think your e-mail would be safer if people did not see your e-mail adress, and only see your name?
And trust me, you should value your e- mail far more than some MMORPG account.

Your logic is flawed.

Until such time as ZOS implements more nameplate options, you have add-ons that can help remove the clutter.

Account names should always be public, after all, with Barber shop to be introduced soon, hiding your account name and renaming your character leave a lot of room for grieving and shadowing your identity.

comparing two different things. well done. (you know that it is easily possible to prevent unauthorized people to access your mail server, right? and your mail address doesn't have to be your user name.)

and if we stick with my mail address. why would i give my mail address to everyone in the game or in this forum? no, you won't either.

in your words: your logic is flawed.

Uriel_Nocturne wrote: »

Dubhliam wrote: »

InvitationNotFound wrote: »

Enodoc wrote: »

Sure, a stupid account name has nothing to do with security, but some people are claiming that ZOS has just given out half of their private login details - and this isn't true. The UserID is not private, and I provided a quote which specifically states that it isn't. (The source, as mentioned, is the account creation screen.) I'm not disagreeing that maybe they shouldn't be giving out half of your login details, I'm simply saying that this half of the login is stated to be public.

Many places, including these forums and many other community sites, have a two-piece login - one is your Account name, which is displayed publicly next to your activity on whatever that site may be, and the other is your password, which is private. Maybe that is a bad system, and maybe your entire login should be private. But when they directly state that part of it isn't, you can't complain when that part is displayed.

thanks for the link.

user names are sensitive as they are used to log in, giving this data away is stupid. just by saying "hey, it is public" doesn't mean it is okay or not an issue at all just because you said it is public.

I agree on the second paragraph. many forums work like that. besides i see a forum less critical than other applications, i feel the same way there, it's a bad design choice from a security standpoint. if we're looking at web applications right now: user enumeration is considered as a vulnerability ( https://owasp.org/index.php/Testing_for_User_Enumeration_and_Guessable_User_Account_(OWASP-AT-002) ) so providing such details can't be considered a good idea. same applies to your game account (guess what... same credentials work on the eso web site as well, just to stick with web apps).


Declaring something as public which shouldn't be only shows how bad at security you are (@ZOS).

edit: link got messed up

When you send an e-mail to someone, does he not know your "user name"?
Do you think your e-mail would be safe if people did not see your e-mail adress, and only see your name?

Your logic is flawed.

Until such time as ZOS implements more nameplate options, you have add-ons that can help remove the clutter.

Account names should always be public, after all, with Barber shop to be introduced soon, hiding your account name and renaming your character leave a lot of room for grieving and shadowing your identity.

And then there's this.

Well said.

And then there's this.

A useless comment about a comment that hasn't been thought through.

Giles.floydub17_ESO wrote: »

Reading these posts are so humorous. Especially trying to justify a platform for why we should be able to turn off our own nameplates. Maybe i should provide some links to solid info on cybersecurity.

PS: make sure your email PW is different than the game PW. It should have always been this way.

Link has been provided already.

So, because I agreed with him/her, my post is "useless"?

lol

Since when did having a dissenting opinion become so abhorrent?

As for your further snarky replies, I believe they were taking about an in-game mail, not just any random e-mail you might receive in your RL e-mail.

Those in-game mails do indeed give the recipient your @name, as does joining any/all guilds, as well as just blanket /ignore everyone in the game chat.

Having it visible now doesn't make an account any more/less secure than it was before this change.

it didn't add anything at all. no content, nothing. and there's an agree button for some reason.

i don't think he meant in game mail.

And trust me, you should value your e- mail far more than some MMORPG account.

this wouldn't make sense if he meant the in game mail account as the user name disclosed is your mmorpg account.

Having it visible now doesn't make an account any more/less secure than it was before this change.

over and over again. i never said showing the @names above your head with the DB release doesn't change anything security related. it was about account names in general.

Well then, I think that's the base argument.

If it's not a question of account security, what's the big issue?
If it's not about any type of security worry (despite what most of the other threads on this claim), why does it matter if it shows or not?

@Uriel_Nocturne
okay my friend i'll try it again.

i made 2 statements:
1) What the change does related to security: almost nothing as you were always able to get the user name.it's just a little bit easier now.
2) Disclosing user names in general is a security vulnerability. wherever that is (ignore list, chat, guilds, mail, etc.).

the second statement has been disliked respectively disagreed with by some of the people commenting here and i simply provide resources (link) and some reasons why it is a bad design choice. i'm actually a bit tiered of repeating myself over and over again. so if you're after these arguments please start on page #1 of this thread and read my comments.

the discussion has a bit diverted due to the second statement and people commenting about their opinion and not facts (technical facts, it can be found in technical literature).

No, I've read the whole thread, including your very well articulated arguments.

But while admitting that the @name is a bit easier to see now, it's only the most marginal increase of security risk. They still have to employ an outside program to farm the necessary characters for a password.

Even if said password is farmed after an unknown amount of time, there's still the issue of secondary and tertiary security measures that most every MMO employs now.

So the point still stands that it's not a huge deal aside from an aesthetics preference.

I'm a bit confused as you bring up the things regarding my first statement, which i don't see any reason why to discuss or mention it. could be a simple misunderstanding.

But while admitting that the @name is a bit easier to see now, it's only the most marginal increase of security risk. They still have to employ an outside program to farm the necessary characters for a password.

that's about my first statement from above. i don't disagree, i never did. there's no reason to talk with me about this. quoting me and talking about this feels strange to me as it wasn't ever anything to discuss (or at least i don't see a reason to).

Even if said password is farmed after an unknown amount of time, there's still the issue of secondary and tertiary security measures that most every MMO employs now.

here we are at the second statement. that hasn't changed. we can discuss this and this was i tried to discuss the whole time. actually i didn't want to discuss this as i didn't see here much to discuss either, but i was overwhelmed with false arguments, assumptions and so forth.

We can take a look at the second statement again as well as your scenario (and please ignore the first one for the moment):

So let's say you have different security measures in place (which you have no idea about how they work or if the can be bypassed), decreasing the security of one level makes it easier to bypass this level. so you're a step further, aren't you? so why shouldn't that have weakened the security of the system?

A simple question at that point: would you give your user name, password of your e-banking (incl. the e-banking url) to strangers just because you have a PIN in addition to enter?

Additional, as mentioned twice in this thread, you have a web application as well. Do you think it has the same measurements in place?

sirinsidiator

I also updated Medic just now and added 2 options to hide the display name and the player character icon.

notimetocare

AdmiralSam wrote: »

I don't like people knowing it. I see no reason why that should be public. It is half of my log-in info, after all. It's bad enough that guildmates can see it, but now everyone?

All they have to do is see you speak, put you on ignore, and they have your @name. Guess you are screwed anyways eh?

Brightxdawn

Not happy about this as are lots of other people

Pheefs

I don't mind that people can see what mine is, but I do not like seeing the @ on my screen all the time... its icky!

Joy_Division wrote: »

I don't want to see them. My character name in the game is what I want to be referred to. I picked it for a reason. My @ name I picked because of reasons unrelated to ESO.

YES! & good point, Rolf Stoneheaver @ princessbannanahammock really loses its mystique.

Annra

notimetocare wrote: »

AdmiralSam wrote: »

I don't like people knowing it. I see no reason why that should be public. It is half of my log-in info, after all. It's bad enough that guildmates can see it, but now everyone?

All they have to do is see you speak, put you on ignore, and they have your @name. Guess you are screwed anyways eh?

Yes. It is and was ever a huge design flaw. No one has to know someones account name!
But it makes a huge difference, if someone has to do some effort to retrieve your account name, or if your account name will be presented to everyone on a silver plate.

baratron

The irony is, while enforcing @name display on everyone through the Heads Up Display, ZoS have gone and done the opposite with in-game mail.

Yep, all mail now is sent from a character name, and you only see the @name when you mouse over the character name.

It's very confusing! I know the @names of all the officers in the Guilds I belong to, but I only know a small handful of their character names.

Tandor

What beats me is why, if multiple addon authors could provide an option to hide @accountname within a matter of hours of this change coming in, ZOS couldn't have included such a simple option in the first place?

While it's great that they're reading this thread, and I hope it leads to a swift change, I'd still like to hear an explanation from them as to why they made a change that no-one had asked for and hardly anybody wants. I'd also love them to confirm that in future any UI changes will be made optional from the outset. Such a confirmation would represent a massive step forward in my view.

Enodoc

Tandor wrote: »

I'd still like to hear an explanation from them as to why they made a change that no-one had asked for and hardly anybody wants.

I imagine it's for parity with Gamepad mode / consoles. They have been seeing only account names since launch, and were repeatedly asking for character names. Now with this change, all platforms see both account name and character name, and there is no more disparity.

Tandor

Enodoc wrote: »

Tandor wrote: »

I'd still like to hear an explanation from them as to why they made a change that no-one had asked for and hardly anybody wants.

I imagine it's for parity with Gamepad mode / consoles. They have been seeing only account names since launch, and were repeatedly asking for character names. Now with this change, all platforms see both account name and character name, and there is no more disparity.

That may or may not be it, but given that no PC players asked for it, and few PC players consider it to be an advantage to emulate something that console users had no option but to use while they were asking for the character name display that PC players have, it's difficult to see the reasoning for it - and there's certainly no reason for making it mandatory rather than optional.

Apoxsee

I am all for someone being able to hide the@names if they so choose, however I for one want to see those at names so if I have to report a player I have the @name so I can make sure ZOS know exactly who I am complaining about.

It has to be frustrating for ZOS to deal with reports of cheats, abuse, etc when people have to get the name just right or ZOS will have no idea who to go after.

Some may see harryballsck doing some ner-do-well act in a quick glance of their name but in actuality it was härrybällsck. Thus they report the work person or no person at all.

Given our current issues with third party program issues I want name plates!

Tandor

Apoxsee wrote: »

I am all for someone being able to hide the@names if they so choose, however I for one want to see those at names so if I have to report a player I have the @name so I can make sure ZOS know exactly who I am complaining about.

It has to be frustrating for ZOS to deal with reports of cheats, abuse, etc when people have to get the name just right or ZOS will have no idea who to go after.

Some may see harryballsck doing some ner-do-well act in a quick glance of their name but in actuality it was härrybällsck. Thus they report the work person or no person at all.

Given our current issues with third party program issues I want name plates!

If you give the character name and server there's no reason why ZOS won't be able to handle the report.

Glaiceana

baratron wrote: »

The irony is, while enforcing @name display on everyone through the Heads Up Display, ZoS have gone and done the opposite with in-game mail.

Yep, all mail now is sent from a character name, and you only see the @name when you mouse over the character name.

It's very confusing! I know the @names of all the officers in the Guilds I belong to, but I only know a small handful of their character names.

@baratron you can change that in the settings. If you say you prefer @names then they will appear as the mail senders This obviously will make account names show before character names above players though.

mustang27501_ESO

I agree with the OP.

Having the @name displayed everywhere really kills immersion in this game. I LOVE the addition of character names above the head and guilds/titles/etc. It's a HUGE step in the right direction. The killer right now is your @name automatically displayed in guild chat. Guild chat should display character name just like it does in all other forms of chat.

There's nothing worse than joining a guild or talking in guild chat with @cliffjdiver125 @comegetsome435 and @brendasmithh23. (Random names) Hell I don't even like seeing mine @mustang27501 in chat. All chat should ALWAYS be character names. It just KILL immersion the other way. Still don't understand why this was done to begin with this way.

At least this last patch was a huge step in the right direction with names/nameplates/etc.

bedlom

+1 to hide @names.

Elvent

I understand ESO is trying to be different but showing our @names isn't the answer. The CP point number isn't really, either.

In a Role Playing Game all I expect and want to see is a character name and their level. CP doesn't matter and neither does real names or account names. Please make it how it used to be, this was unnecessary.

Keep the CP count if you like but it just looks silly seeing all these numbers everywhere but please get rid of the account names. If it's a console change great, I don't play console, keep it for consoles but remove from PC version or at least make it an option to show others our account names.