The Elder Scrolls Online

Huge security issue: In-game handle was changed to login username upon launch

Leave a Reply
Bouvin
Bouvin
✭✭✭✭✭
My in-game name, which was @Khajit was changed to my login username upon launch.

This means that anyone can see my login username on the guild roster, guild chat, etc.

This is a huge security hole. I've put in a ticket a few days ago but haven't received any help yet.

This should probably get looked into right away.
Edited by Bouvin on April 5, 2014 11:09PM
  • Saerydoth
    Saerydoth
    ✭✭✭✭
    I think what they should do is change the login to use email address instead, and keep everything else the same.
  • Pang
    Pang
    ✭✭✭✭
    Working as intended. Everything is account based in the game. As far as security thats why there is email and IP authentication.
  • babylon
    babylon
    ✭✭✭✭✭
    ✭✭
    Lots of people have complained about this, but so far ZOS hasn't responded.

    Everyone's login names are visible in guild list and friends list etc, not just yours. This is how they set the game up.
  • Bouvin
    Bouvin
    ✭✭✭✭✭
    Saerydoth wrote: »
    I think what they should do is change the login to use email address instead, and keep everything else the same.

    I actually was that way in the early betas. Then they changed it...

  • darkkterror_ESO
    darkkterror_ESO
    ✭✭✭
    This is working as intended. However, I do agree that the in-game @handle should be a nickname or alias chosen by the player rather than the user account.
  • Bouvin
    Bouvin
    ✭✭✭✭✭
    babylon wrote: »
    Lots of people have complained about this, but so far ZOS hasn't responded.

    Everyone's login names are visible in guild list and friends list etc, not just yours. This is how they set the game up.

    Actually, during beta I had a different login name and in-game handle. Like I said my in-game handle was @Khajit so I don't understand why they couldn't just continue to do it that way.

    Exposing login names is a BAD idea as these are also your username for account access through the website.

    Also, IP authenticaton isn't bullet proof. A better solution would be 2 step authentication using a mobile app/authenticator.
  • Bouvin
    Bouvin
    ✭✭✭✭✭
    darkkterror_ESO wrote: »
    This is working as intended. However, I do agree that the in-game @handle should be a nickname or alias chosen by the player rather than the user account.

    Yep, that's exactly what I'm saying.
  • babylon
    babylon
    ✭✭✭✭✭
    ✭✭
    Bouvin wrote: »
    Exposing login names is a BAD idea as these are also your username for account access through the website.

    Also, IP authenticaton isn't bullet proof. A better solution would be 2 step authentication using a mobile app/authenticator.
    I agree. Lots of people have talked about this and requested it gets changed, but so far nada.
    Edited by babylon on April 5, 2014 11:23PM
  • Bouvin
    Bouvin
    ✭✭✭✭✭
    babylon wrote: »
    Bouvin wrote: »
    Exposing login names is a BAD idea as these are also your username for account access through the website.

    Also, IP authenticaton isn't bullet proof. A better solution would be 2 step authentication using a mobile app/authenticator.
    I agree. Lots of people have talked about this and requested it gets changed, but so far nada.

    Well, I guarantee they will take action after the first huge wave of accounts gets hacked. I've seen it before in several MMOs. The hackers sit on account info for months and months then hit them all at once.

    Also, if you have gold spammers (which ESO does already) you also have hacked accounts. They go hand-in-hand.
Sign In or Register to comment.