user ID in chat, contacts and guild !

bochiraneb17_ESO

I know this issue has been raised a few times outside the official forums but maybe a post here will wake the devs up....

Showing your user ID in chat / contacts/ guild IS A BAD IDEA !
Not only is it extremly annoying that I see in my guild window a list of "@Supreme2345iamueber" and such, but it's potentialy dangerous to give anyone half of your login data.
I mean, REALLY ?! Is it so hard to be able to set a nickname on your account ? It's not like tons of other games had serious security issues when they allowed ID names to be seen public.

I can not understand for the love of god why such a simple matter has been overlooked.

When accounts will start to get hacked by the dozens, and the wrath of the community will fall on Zenimax, maybe then they will wake up and do things properly. It will be too late for those who have lost their accounts tho...

Please fix this issue asap.

Malicyn

Security Tip #1: Don't use the same password for a game account and email address.

Security Tip #2: Don't use the same userID and password from other game accounts. Most of the "hacks" are them just using past logins from other hacked databases (like forums) to access game accounts.

Security Tip #3: If your email offers it, which most do now. Setup 2-factor authentication.

If you do these three things, having the User ID does them no good.

infob16_ESO624

Security Tip #2: Don't use the same userID and password from other game accounts. Most of the "hacks" are them just using past logins from other hacked databases (like forums) to access game accounts.

That sucks you get known by a certain name and now i shouldnt use it in this game cause of security reasons?

bochiraneb17_ESO

I agree with those tips, but really...why does Zenimax make it easier for them. Is it really that complicated just to add an option where you can add a nickname to your ID ?
Not to mention the fact that I have to hover with my mouse over each ID in the guild window to see who it actually is as most people I know , I know them from the name of the toons they have not by the account id.

zbcole

Security relies on the user and the company taking reasonable precaution to maintain the privacy of both the user id and password. Gaining access to either information is detrimental to a security protocol.

That doesn't matter if you are an MMO franchise or a fortune 500 company.

Right now, with the guild spam invites, anyone could be joining guilds and building a list of account names. They have 50% of what they need-and scripting to do the rest.

2-Factor Authentication only makes things more difficult - not impossible. And this game doesn't truly integrate with that kind of authentication.

Relying on that kind of security for what is poor design and implementation is not a good thing though.

Edit: Who needs guild invites rather than just query the users on the forums.

There is a reason guys that most forums and others use a different name from the login id. This is a major disappointment and flaw with Zenimax at this stage to have that big of what most companies classify as a breach in security for something that offers a login through the internet.

bochiraneb17_ESO

What Zbcole said !

Wasted

They definitely need to let you have a different account name from your login. It just feels so lazy and uncaring on their behalf to be so casual with your login name.

Mosti

No definitely don't show your User ID instead of your character name, this isn't blizzard. ZoS wants to immerse you in the world around you with ESO, so how would you feel connected to the game when you see a bunch of players with @StupiduserID , the names definitely need to stay

Tusnelda

We already stated in the Beta that it is not possible to RP if you know your guild mates only as @rofluser33, @roxoooor33 or @anyuserid.
I myself want to be known by my char name with which I wanted to be merged in a beautiful fantasy world, not by a token which sounds like a facebook account.

KerinKor

Tusnelda wrote: »

We already stated in the Beta that it is not possible to RP if you know your guild mates only as @rofluser33, @roxoooor33 or @anyuserid.

While that's true, I hardly think you're going to get a happy RP experience with people who use stupid usernames as their logins, they clearly aren't serious RPers.

I totally don't agree with using login names, for many reasons, but this isn't one of them: it does of course mean 'hiding' on alts is more difficult.

Fay

I was quite disappointed to see that when you create a guild the name shows up in it's entirety in chat followed by the entire persons @ name making the guild chat almost ineligible to read.

Suggestions:

* Allow guild leaders to add an abbreviation that can be used in chat.
* Add an option in the settings to toggle between account and character name. With the character name being the default name shown.

lquach

Can't we just get a feature to set a nickname that would override what shows for friend/userid? Or something similar to this forum where we can change our forum handle?

I'm having trouble figuring out who my guild mates are in relation to their char names...

With this being an MMO remembering one list of names is enough without having to remember two sets and how each userid maps to a paritcular guildmates/friend character name as well...

This is the first ever MMO where I can't easily tell who is who in guild chat!!! I had to start keeping notes on my phone!

Dracovar

I agree. Using a player's User ID for in game identification is just plain dumb. If you want us to have a nickname/gamertag, then let us create one, don't use our login information!

gorathSheo

Of course it is not really a security issue if you are careful. But nevertheless it sucks.

zbcole

gorathSheo wrote: »

Of course it is not really a security issue if you are careful. But nevertheless it sucks.

There is no such thing in security as being careful-there are only risk factors. I work for a Fortune 100 company, albeit insurance. But-if we had an online domain for our users, and the account names were readily available for general consumption, it would be classified as a security breach.

Now, we have measures to guard against that:

1. Limited Login Attempts to block scripting
2. Most importantly, human monitoring that looks for irregular use

There is also the threat of criminal prosecution, and we employ former and retired FBI agents to assist us in tracking down would-be threats.

We have the luxury in our business of not having to contend with Phishing scams, something that is rampant in online gaming.

All that said, Online Gaming has none of that going for them. In fact, if your account is hacked, you lose all your stuff - what are you going to do? Go report it to your local authorities and nothing will happen or come of it.

Which is why it is an important factor for this game/company to take more seriously.

Samoset

If your password is so simple that someone can get it with just your username, frankly you should be hacked. Sorry, just saying.

zbcole

RblSyndicateSamoset wrote: »

If your password is so simple that someone can get it with just your username, frankly you should be hacked. Sorry, just saying.

Ever heard of scripting? This isn't something where some toothless moron is making guesses and just happens to win the lottery one day.

I've seen it happen countless ways in online gaming.

Generally, the ones impacted the most are those that deal with currency dealers (funny how some people can be stupid enough to use the same account information between the game and the currency dealers website).

But I have also seen people who "did everything right" and had their account hacked.

Samoset

Well yeah. That's ESOs job to prevent, and I don't think user ids are the issue. But as far as the average account thief? That's the players responsibility.

myblackbox123

What's the point of naming your character if the majority of the people with whom you're supposed to social closely with (the guild) will know you as @lovechocolateinbed12344 ?

Talk about anti-immersion.

Samoset

I think they should keep userid, but make their chat name their character, and put the user id in the roster, separate from the name they are playing on.

Elember

Seems like all Mega server type games use this type of character ID in the in game chat.

Star Trek Online....same thing

Neverwinter Online....same thing

This sucks and needs to be changed or at the very least a way to HIDE your user ID. Displaying your user ID is a big problem and in a game like Elder Scrolls Online where symbols like @ are used when you are in RP is just ludicrous to say the least

However don't expect this to change its been that way in those other two games I just mentioned and the devs there just ignore any and all requests to change it.

zbcole

Neither of those games will garner the attention that this game will. Both in terms of player numbers and hack potential.

Elember

zbcole wrote: »

Neither of those games will garner the attention that this game will. Both in terms of player numbers and hack potential.

Yes I understand that completely however I was just reporting that it seems to be a thing with mega server technology because any MMO's I have played that use that type of sever tech have this problem in the in game chat.

Samoset

The way I see it is this: The account wide aspect of characters is awesome. If you have a strong password, you will be fine. If you get hacked with a strong password, ESO will be obligated to help you get your account back and restored exactly as it should be. Problem solved, because the only problem is the user using abcdefg as a password.

That being said, I do feel for the RPers. That is something that should be easily fixed, along with guild chat, etc.

zbcole

I think you are right to an extent that the mega server approach has spawned the problem, but a lack of ability or creativity of the development team has made choosing a characters name the most pointless part of an mmo.

That's a major problem when you are trying to create an immersive mmo.

The bigger issue I feel is the security threat because this genre has high hack potential and it is generally without repercussion - which should require the company to be more forthcoming in managing and taking their security seriously.

Elember

zbcole wrote: »

I think you are right to an extent that the mega server approach has spawned the problem, but a lack of ability or creativity of the development team has made choosing a characters name the most pointless part of an mmo.

That's a major problem when you are trying to create an immersive mmo.

The bigger issue I feel is the security threat because this genre has high hack potential and it is generally without repercussion - which should require the company to be more forthcoming in managing and taking their security seriously.

I totally agree. No one should know my user ID except me, period. It is just one more step a hacker does not have to go through to hack an account.

The RP issue is ludicrous as I said already in this thread and the devs in all mega server tech type MMO's completely ignore that.

In fact it Star Trek Online and in Neverwinter Online, you use the exact same user ID for both games because both games run on the same server. Therefore the hacker gets two game accounts for the price of one...

SeñorCinco

I don't care who has my username... now. I have three emails I created just for this purpose.

Every few weeks or so, I will contact Support to change them out. Along with an updated (complex max character ) password and new security question.

Every few days or so, you can go into your account settings and change the name on the account to reflect different phrases for the first and last name.

tengri

I am only waiting for the first "incident" where some lowlife manages to trick support to give away someone else's account (as in reset passwords/emails for the wrong person).

With such easy knowledge of ppls logins and a little social engineering to find out birthday and/or secret question it will happen rather sooner than later...

Elember

tengri wrote: »

I am only waiting for the first "incident" where some lowlife manages to trick support to give away someone else's account (as in reset passwords/emails for the wrong person).

With such easy knowledge of ppls logins and a little social engineering to find out birthday and/or secret question it will happen rather sooner than later...

All of these arguments have been done to death in STO and NWO forums and no action from the devs on it at all. I am guessing it is the way things are in a mega server MMO and no way to fix it....

stevenbennett_ESO

You all *do* realize that in addition to User ID and Password, ESO is checking your IP address as well? Every time I've changed IP address, they send me an email with a code to validate. It bites for me, because I change IP addresses frequently, but it does mean that it's very very difficult for someone to run an attack on your User ID without having access to your email as well.

tengri

As if spoofing one's IP addresses is that difficult - especially when support conversations take place over unsecure/unencryped email. I almost jumped up from my chair in disbelieve when someone asked earlier if a plain text email received from support demanding to know account details (security question/keys, etc) was legit... which it was.