Maintenance for the week of February 23:
· [COMPLETE] NA megaservers for maintenance – February 23, 4:00AM EST (9:00 UTC) - 12:00PM EST (17:00 UTC)
· [COMPLETE] EU megaservers for maintenance – February 23, 9:00 UTC (4:00AM EST) - 17:00 UTC (12:00PM EST)
· [COMPLETE] ESO Store and Account System for maintenance – February 23, 4:00AM EST (9:00 UTC) - 12:00PM EST (17:00 UTC)

Account username as Contact name? Really?

  • Wreaken
    Wreaken
    ✭✭✭
    Gthirteen wrote: »
    That's all well and good but I should not have to put a ticket in to prevent people from seeing my account name in the game. This is a ridiculous policy and needs changed

    This is the internet of 2014.

    If you think keeping your account name secret is going to keep you safe, you are sorely mistaken.

    Think of it in terms of your immune system... Sure you could keep your body protected by hiding yourself from every possible bad thing out there.

    But clearly the better method is simply to keep yourself healthy, strong, and have regular checkups.

    Everything on the internet touches you, and has a chance to hurt you. Rather than hide from it, simply set yourself up to handle it.

    So using your failed logic and poor analogy, I can give you my social security details and my CC details as well because they are pin protected and I should set myself up to handle account fraud and possible bankruptcy due to having all my life savings exhausted from my account?

    Stupid is just stupid.

    You are correct about one thing, yes, it is 2014 and it is more important now then ever to keep this information a secret. Letting other people know 50% of your login information is a failure form the start.
    Edited by Wreaken on April 11, 2014 9:32PM

    Taemek Frozenberg, Leader of <Epoch Gaming>
    Oceanic - Australia
  • Firestar_
    Firestar_
    ✭✭✭
    I don't care if there are other "security measures" in place. This is 2014.

    I've received emails from Microsoft, Xbox live, Blizzard, Bioware, Ubisoft and a half dozen others telling me they've lost some of my information this year or the year prior. Anyone else?

    It's nice that you're putting some security features in to make it more difficult, but quite frankly, I don't give two whoots how secure you think your system is. This year, the question is not, "are you going to get hacked", the question is "when". All thanks to the list above.

    I don't want my cc info on your files. I'll be using game cards only.

    I don't want half my account info out for anyone to waltz up and take whenever they like. I don't care if it's my login name, password, where I live or my full name.

    Some of those are googlable. Including login name thankyouverymuch.

    ALL companies have security holes. And with heartbleed's nonsense going around the internet, the ONLY person that can be trusted to secure the information to the best of my ability is me and with that, I'd like to make putting this puzzle together as difficult as possible as far as getting enough info to totally screw my account.
    Edited by Firestar_ on April 11, 2014 9:41PM
    Firestar - Imperial Templar - Ebonheart Pact
    Reasons-For-War - Argonian Dragonknight - Ebonheart Pact
    Pearl Winterstone - Orc Sorcerer - Ebonheart Pact
    Jerro - Dunmer Nightblade - Daggerfall Covenant
  • Wreaken
    Wreaken
    ✭✭✭
    We understand everyone's concerns regarding this and want you to know that we take account security very seriously. Regarding the system we currently use, it is important to note that the process of getting personal information from a userID is extremely difficult, if not virtually impossible.

    To recover a userID associated with a specific e-mail address and password, you need the first name, last name, and e-mail address of the account owner. Provided that is correct, you are still required to answer a security question, provide the correct answer, and then be sent an e-mail with a reset link. Simply attempting to put the required information into the website will not give an attacker any information.

    There are quite a few layers of authentication, as well as the security of your trusted e-mail to protect you. This is all coupled with additional security not exposed to the player or potential hacker that protects you as well.

    We hope this helps assuage some concerns. If you ever feel your information has been compromised, our support team is always here to help.

    Not really does it help me to assuage some concerns because you never have that peace of mind in the back of your head when people know 50% of your login no matter how well you claim your security protocols to be.

    Companies out there use the same protocols and security systems that you have in place, you haven't invented anything new or technologically ground breaking in terms of account security and those games have not only had their archives breached and thousands of account information stolen but also, peoples accounts are still able to be stolen with all this in place.

    Claiming that we can simply change it does what? Nothing, because now they know the new one....

    Despite all that, the last thing I want to address is the fact that when you invite someone to the guild, you invite them based off their ingame *character* name, not their userID and then when they join the guild, you now see them as their userID in guild, not their Character name, your system is so backwards it is not funny, not to mention destroys the feeling of being lost in a virtual fantasy world when I am talking too @tesouserid_568.

    Anyways, you guys have made your stance on the issue about this during beta when we raised it and now here during live release and you clearly don't care.
    Edited by Wreaken on April 11, 2014 9:48PM

    Taemek Frozenberg, Leader of <Epoch Gaming>
    Oceanic - Australia
  • CodingSquirrel
    Now all I need to do is figure out your passwords and get access to your email accounts, and you're all as good as hacked. Should be simple right.
  • Daggers
    Daggers
    ✭✭✭
    Hackers have to work hard to get what they want.

    heartbleed_explanation.png


    The best things in life make you sweaty.
    -Poe
  • Goibot
    Goibot
    ✭✭✭
    To recover a userID associated with a specific e-mail address and password, you need the first name, last name, and e-mail address of the account owner. Provided that is correct, you are still required to answer a security question, provide the correct answer, and then be sent an e-mail with a reset link. Simply attempting to put the required information into the website will not give an attacker any information.

    There are quite a few layers of authentication, as well as the security of your trusted e-mail to protect you. This is all coupled with additional security not exposed to the player or potential hacker that protects you as well.

    What you say is true except your policies further degrades your security system. Everyone who submits a ticket knows that they are going to be asked the exact information you are referring to in an email, even their super duper secret answer. This leaves your system wide open for phishing expeditions.

    Security is a gated process - if they get through the first gate they still have 5 more to go. Your first gate is open for the world, the next 3 are easy to obtain leaving only the last gate and it can be hacked. Kind of shooting yourself in the foot here. But hey, so far I've seen your company do even stupider things.

    You should be asking for an account name/password and a screen name (all tied to the users account). You should not be asking account info and secret answers in email.

  • alewis478b14_ESO
    alewis478b14_ESO
    ✭✭✭
    Regardless of security issues it's a stupid system. Who wants their name in guild chat to not match the character they are playing?

    Zenimax should have played an MMO before trying to make one.
  • NorieleMG
    NorieleMG
    ✭✭
    I hold on to hope that they'll reconsider what they've done with this. Currently waiting on my userid change (it's been 7 days!) and it's really starting to get annoying.
  • Lox
    Lox
    ✭✭✭
    My biggest concern is my forum name. It was assigned to me and I'd really rather not have it the way it is for obvious reasons.

    You should be able to change it in your profile as you appear to still have the default assigned one. You could before anyway.
  • Wreaken
    Wreaken
    ✭✭✭
    Heartbleed Bug hit the 6 o'clock news here today, so its safe to say, it is a pretty big issue if it is in the news.

    Taemek Frozenberg, Leader of <Epoch Gaming>
    Oceanic - Australia
  • Soliduparrow
    Soliduparrow
    ✭✭✭
    ZOS_JasonL wrote: »
    Hey there, @Gthirteen. If you do decide that you want to change your User ID to another name, our Support Team can assist you with that. We can also create a ticket for you if you'd like.

    I submitted a ticket 3 days ago # 140409-009047. There was a response asking for identity verification within a few minutes, but have received no response for 3 days after supply the info.

    There is literally zero chance that I or anyone else will pay $15 a month if this is the type of customer service you guys are supplying. Every free to play mmo Ive played has faster customer service than this and they also fix bugs instead of ignoring them for months.
  • RPGDad
    RPGDad
    ✭✭
    We understand everyone's concerns regarding this and want you to know that we take account security very seriously. Regarding the system we currently use, it is important to note that the process of getting personal information from a userID is extremely difficult, if not virtually impossible.

    To recover a userID associated with a specific e-mail address and password, you need the first name, last name, and e-mail address of the account owner. Provided that is correct, you are still required to answer a security question, provide the correct answer, and then be sent an e-mail with a reset link. Simply attempting to put the required information into the website will not give an attacker any information.

    There are quite a few layers of authentication, as well as the security of your trusted e-mail to protect you. This is all coupled with additional security not exposed to the player or potential hacker that protects you as well.

    We hope this helps assuage some concerns. If you ever feel your information has been compromised, our support team is always here to help.

    Which is something that Customer Support wants us to basically hand to hackers by asking for your Full Name, DOB AND your Account Name OVER E-MAIL! What company does this? Have you guys never heard of ITIL or "best practices"? If these issues aren't addressed and soon I cannot keep supporting this game even though I love it so.
  • Gthirteen
    Gthirteen
    Ok so I am resurrecting this now that a few days have gone by. ZO have you made any plans on changing this ridiculous policy, have the lightbulbs turned on there at all about what a stupid design and security breach this is?

    Also as of yet I have not heard back on the ticket I put in to change my userid, which was your big solution. Now I am curious if this really would do ANYTHING. Wouldn't your new UserID be broadcast just like the old one? How would this solve any security concerns?

    Would also like to say thanks again to everyone trying to help me draw attention to this issue!
  • Gthirteen
    Gthirteen
    Visibility bump
Sign In or Register to comment.