user ID in chat, contacts and guild !

zbcole

And your IP address is easily obtained as well.

On the upside, it makes currency sites more of a risk-because you generally are giving them your account login and ip address. All they need to script attack your login.

Maybe that will discourage people from that unsavory side of online gaming. I'd just rather that not be the glass half full to a problem that is bad on many levels.

Malicyn

Except most ISP's use Ingress filtering and any packet that is received that doesn't match what is allocated to the downstream customer gets tossed. So IP Spoofing is more difficult than just changing the source Ip of the packet. Its also low yield and too time consuming to do correctly.

The majority of hacked accounts come from Phishing. Using email lists from hacked 3rd party forums and getting the user to enter their information. Since most people still use the same password as their email, they have now compromised both. I don't need your user ID to do it, making it irrelevant. Its high yield and requires little man power to accomplish. Using an email with two-factor authentication thwarts this and most free emails offer this now anyway.

This isn't the 90's, no ones doing Brute force attacks on your email or account password. Why? Its easily noticed and majority of companies have measures in place to prevent it and lock it down. If they are doing anything, its using tools to access core systems and pull out the info. Your thief is the needle in the needle stack. Its them getting into core systems through third party vendors and taking the data out quietly (Target).

Anyway, I get the argument from an RP perspective as well as that I don't want to see @lovemuffin in my chat constantly. But I think the way to get it changed is to make the case from the immersion perspective and not the security one. Because if im looking to compromise a lot of accounts and move gold, im not looking at your user id's, im using a mailing list and sending you all a phishing email.

Baraz

It's not a simple matter. They give it thought and decided, as other games have, that showing the account name was a better option due to abusers.
(Of course, if they can figure out passwords or secret questions [which are too limited], then that would be a true problem. Also, "brute force guessing" is, I presume, not possible.)

But, in the guild window and the likes, we should see character names also.

zbcole

Baraz wrote: »

It's not a simple matter. They give it thought and decided, as other games have, that showing the account name was a better option due to abusers. (Of course, if they can figure out passwords or secret questions, then that would be a true problem.)

But, in the guild window and the likes, we should see character names also.

I won't disagree that there is value in working at the account level (i.e. ignoring gold spammers). I just don't think theres a value in showing it on mass scale. Its great that the ignore ignores the account, but I don't need to know what the account is.

@Malicyn Most of what you say is true. Brute force attacks still occur. It's less of a threat than phishing, and the moment any of these players go on to a currency seller's website, they are much more likely to get hacked vs those that don't.

Using an email with two-factor authentication thwarts this and most free emails offer this now anyway.

Agree. But that is not the case here. And as such, I don't like the fact that items are readily available.

damanxeob16_ESO

I honestly think that Guild window should only show the character name. Why would I use guild chat and see a user ID and not know who i am talking with. Or at the very least put an option so the guild leader can change this setting because I have had several guild members ask this question. They have no idea who they are talking to in chat when a UserID shows up.

Tusnelda

To show up user IDs in a MMO is a bad habit of free to play and buy to play games, and not for a pay to play game like this one. I must admit that I was really shocked by this crap when I realized it the first time, that I thought about quiting ESO.

I thought this was a fantasy game - and I wanted to have my CHARACTERS in a guild of a fantasy world, and not to be known by another user name in a real world surroundings. My characters have no voice in the guild chat, where they would belong to, and they will remain soullessly.

Moobs

Please fix this, displaying your login name to anyone in your guilds is very poorly thought out security.

Edit. I'll be leaving my guilds until this is changed.

ahollander

Agree with this completely. I want my toon name; not my ID in chat.

Lox

Elember wrote: »

Seems like all Mega server type games use this type of character ID in the in game chat.

Star Trek Online....same thing

Neverwinter Online....same thing

This sucks and needs to be changed or at the very least a way to HIDE your user ID. Displaying your user ID is a big problem and in a game like Elder Scrolls Online where symbols like @ are used when you are in RP is just ludicrous to say the least

However don't expect this to change its been that way in those other two games I just mentioned and the devs there just ignore any and all requests to change it.

Neverwinters is similar but, to my knowledge, that is the only other game that does it this way (i.e using the actual account login as your ID).

Star Trek Online does have a similar thing (as do many many other games) where you are identified by a unique account ID, but that ID is not your actual account login name. Doing it that way is fine.

This has been raised on these forums on several occasions previously and in the beta forums, just one of them here. Take a look at ZOS Customer Service rep response in this thread, which in my opinion is almost laughable.

http://forums.elderscrollsonline.com/discussion/75786/account-username-as-contact-name-really/p2

Publicly distributing your account login ID is a security issue. As said before, account security is just a process of managing risk, you reduce the risks by incorporating many individual elements. Publicly distributing elements of account of information increases the risk of compromise, doing it at the developer level is a fundamental flaw, and from that I have to call into question all their security process! If they can't get the very basics right what chance do they have of getting more complex systems in place properly?

Lox

Samoset wrote: »

The way I see it is this: The account wide aspect of characters is awesome. If you have a strong password, you will be fine. If you get hacked with a strong password, ESO will be obligated to help you get your account back and restored exactly as it should be. Problem solved, because the only problem is the user using abcdefg as a password.

That being said, I do feel for the RPers. That is something that should be easily fixed, along with guild chat, etc.

Although I would would like to think they would do it anway, it depends entirely on how the account was hacked and who was at fault. In the most literal sense if the 'hack' occurs through no fault of ZOS then they are in no way 'obliged' to restore your account, regardless how simple your password was.

If your car gets stolen because you left the door unlocked, guess what, your insurance probably won't pay out and the car manafacturer / garage that sold it certainly won't replace it or repair it for nothing!