jaye63 wrote: »

One of the very first things you learn in computer and IT classes is security. One of the legs of that security is your login. The other is your password. Who in their right mind uses that login as an ID EVERYONE can see in the game? ZOS gave up half of your security right out the door. And since getting that changed would be monumental... this is a note to say dont do it again. Seriously. In this day when everything can be and is being hacked, use a little common sense and remember your 101 classes.

Well there is that whole two factor authentication thing, and if someone gets into my email to access that I have bigger problems than my ESO account.

jaye63 wrote: »

One of the very first things you learn in computer and IT classes is security. One of the legs of that security is your login. The other is your password. Who in their right mind uses that login as an ID EVERYONE can see in the game? ZOS gave up half of your security right out the door. And since getting that changed would be monumental... this is a note to say dont do it again. Seriously. In this day when everything can be and is being hacked, use a little common sense and remember your 101 classes.

If someone can hack my complicatedly insane 200 character password... well then, I suppose changing it more than twice a week is in order.

Keeping in mind, of course, that any time there is an attempt to log into the game from an IP address that is not your 'usual' access locations, an email gets sent to the email associated with your account with a code that you have a very limited time to use (most times it barely gets there in time to use it).

I would like to see an option for duo authentication. SO if you login in I get a pop up on my phone asking to authorize the login. That way you can have my PW but it wont matter, plus I would know if my info got out.

paulsimonps wrote: »

Turelus wrote: »

jaye63 wrote: »

One of the very first things you learn in computer and IT classes is security. One of the legs of that security is your login. The other is your password. Who in their right mind uses that login as an ID EVERYONE can see in the game? ZOS gave up half of your security right out the door. And since getting that changed would be monumental... this is a note to say dont do it again. Seriously. In this day when everything can be and is being hacked, use a little common sense and remember your 101 classes.

Well there is that whole two factor authentication thing, and if someone gets into my email to access that I have bigger problems than my ESO account.

This! Also don't use the same password for your email as your ESO login and its better still. But yea if someone gets a hold of your email, which would be required to get access to your ESO, you have lots bigger problems than ESO.

Different passwords for everything, use more secure types of passwords (not words with numbers instead of letters or change in case), enable two factor authentication on everything.

interesting (and scary) videos.
To get my account currently.

Get my user ID (given)
Get my ESO password (not shared anywhere)
Get my email address (not hard)
Get my email password (not shared anywhere)
Get my phone (two factor auth)
Get my fingerprint (movies says this is easy) or my phone pin.

And if you get all that and the first thing you do is hack my ESO account, well I should be counting myself lucky.

So yeah... you're all welcome to know my user ID.

xRIVALENx wrote: »

Unless you are brute forcing passwords that login ID will not do you much good. You are correct though, a poor security decision.

We would also hope that ZOS would have someone noticing the brute force and do something.

I know CCP Games actually ban (lock) the account if it's under a brute force attack and then email to owner to let them know what's happening. Obviously with an unban and compensation (if required due to skillpoint loss).

That's why their security team was getting so frustrated so many people used out of date emails and they couldn't force two factor auth on for the game.

jaye63 wrote: »

One of the very first things you learn in computer and IT classes is security. One of the legs of that security is your login. The other is your password. Who in their right mind uses that login as an ID EVERYONE can see in the game? ZOS gave up half of your security right out the door. And since getting that changed would be monumental... this is a note to say dont do it again. Seriously. In this day when everything can be and is being hacked, use a little common sense and remember your 101 classes.

My forum name isn't the same as my in-game name and my in-game name isn't the name on my account. On either one of my two accounts, actually. My passwords are in the 40ish character long range. I'm not seeing the "ZOS gave up half my security" part.

jaye63 wrote: »

One of the very first things you learn in computer and IT classes is security. One of the legs of that security is your login. The other is your password. Who in their right mind uses that login as an ID EVERYONE can see in the game? ZOS gave up half of your security right out the door. And since getting that changed would be monumental... this is a note to say dont do it again. Seriously. In this day when everything can be and is being hacked, use a little common sense and remember your 101 classes.

Your "101 classes" are a poor reference when it comes to computer security. If they are actually saying this in those classes, then I feel sorry for the education that people are getting. Seriously.

The user ID and password security system is designed, from the very first implementation, around the principle that the user ID is public knowledge. It is a core part of the design, which is why it is commonly used when to users of the same system need to contact each other.

All of the security is in the password. Not half. Not 90%. Not 99.99999999%. All of it. This is how it is intended to be and this is what makes the user ID and password system work as it is intended.

Some companies attempt to add to the security by using "security through obscurity" and having aliases. These are primarily efforts to boost privacy, not security. It is important to remember the most important thing about a user ID and password system, and that is that all of the security is in the password.

Like all security measures, everythings has a proper place. User ID and password systems work well for email, forums, and games like ESO, where users interact and need to be able to contact each other. Understanding the limits of the system detemines whether a different system is needed, or supplemental security is needed. ZOS uses a supplemental system, in addition to the account password.

Pick a good password. Upper and lower case letters, numbers, and symbols, no shorter than 12 characters. Nothing that contains, references, or hints at the name or birthdate of anyone in your family, including pets, parents, uncles, aunts, etc., living or dead.