Had i known my login name would be used in guild chats.

scruffycavetroll · April 2014

HandofBane wrote: »

Schnizle wrote: »

Rhiven wrote: »

When you create your account it explicitly says that your UserID will be displayed to others in game.

So I don't know why anyone would create one that they don't want people to know.

Has it always said this? I chose my User ID along time ago, before beta.

I don't believe so. At least I don't recall it being there back in November when I got my first beta invite.

there is a lot that has been done after the fact.

remember when early access started? remember how thousands (including myself) deleted the promo items? Remember that message that came up telling people that they needed to bank them? well, that message came up later in the day AFTER most of the damage had been done.

So the track record so far is to add things after the fact.

Chomag · April 2014

ShinChuck wrote: »

revanghost wrote: »

Usually I'm one for being reasonable. But, I see your argument as "we should cater to human error" and businesses just can't realistically plan for that. I think a nice compromise is to make the ID changeable, but for a fee.

But it's fairly standard. They could have easily planned for this complaint, by simply acknowledging the standard practice and learning why it was done that way.

Making it changeable for a fee is an awful compromise. Just meet the MMO standard please, Zenimax! A toggle shouldn't be hard to do!

ZOS are epic amateurs at MMOs, stop giving them so much credit when they have no idea what they're doing.

Rhiven · April 2014

Schnizle wrote: »

Rhiven wrote: »

When you create your account it explicitly says that your UserID will be displayed to others in game.

So I don't know why anyone would create one that they don't want people to know.

Has it always said this? I chose my User ID along time ago, before beta.

HandofBane wrote: »

Schnizle wrote: »

Rhiven wrote: »

When you create your account it explicitly says that your UserID will be displayed to others in game.

So I don't know why anyone would create one that they don't want people to know.

Has it always said this? I chose my User ID along time ago, before beta.

I don't believe so. At least I don't recall it being there back in November when I got my first beta invite.

If it wasn't there at the time then I think it is completely understandable for people who were not informed about it to want to change their UserID.

jamesharv2005ub17_ESO · April 2014

Its always been there. When I signed up in beta it told me at least twice the name I chose would be what others saw me as in the game.

clocksstoppe · April 2014

i remember seeig that, didnt give it attention. Obviously it is our fault for that but at the same time it is indeed stupid for Zenimax to implement it in such a way that lets anyone see your login username

Etchesketch · April 2014

scruffycavetroll wrote: »

Etchesketch wrote: »

scruffycavetroll wrote: »

Aaron_Spellcaster wrote: »

@Riven: Your post have been reported. Take that kind of posting somewhere else please.

wow...just wow.

you reported for posting a pic of the info? wow.

SMW1980b14a_ESO wrote: »

CNDTrae wrote: »

Aaron_Spellcaster wrote: »

This is not a discussion.

Since when did you become an authority. Reporting your post for being disagreeable.

Personally, I looked at this post as a request and not an attempt at actual discussion.

then it should be taken up with support if it's gonna be one sided.

This is the "better" community some fans were promising. Instead we have a forum where you can't discuss anything without some weak/thin kneed/skinned person complaining to mommy.

Hopefully the mommies in control of forum content are better parents than the ones in the CSR house.

hey, i got banned for a day for referencing a drug...meanwhile in the game they talk about Skooma a hallucinogenic substance that npc's are addicted to, selling, and producing illegally.

makes no sense.

They seldom do..

HandofBane · April 2014

Rhiven wrote: »

Schnizle wrote: »

Rhiven wrote: »

When you create your account it explicitly says that your UserID will be displayed to others in game.

So I don't know why anyone would create one that they don't want people to know.

Has it always said this? I chose my User ID along time ago, before beta.

HandofBane wrote: »

Schnizle wrote: »

Rhiven wrote: »

When you create your account it explicitly says that your UserID will be displayed to others in game.

So I don't know why anyone would create one that they don't want people to know.

Has it always said this? I chose my User ID along time ago, before beta.

I don't believe so. At least I don't recall it being there back in November when I got my first beta invite.

If it wasn't there at the time then I think it is completely understandable for people who were not informed about it to want to change their UserID.

I know we used to be able to change our userID through the website ourselves. The original ID it had assigned me was also the forum ID it gave my by default - which was just my email address with the beta phase I joined added onto the end. This appears to still be how it shows many people today, as I see a few names still popping up on the forums with their beta phase appended to the end. Not very secure at all, there, making things even easier for anyone who realizes how to take advantage of it.

irreama · April 2014

Rhiven wrote: »

If it wasn't there at the time then I think it is completely understandable for people who were not informed about it to want to change their UserID.

Oh my gosh, Rhiv. Reported.

On topic, you should have read the fine print.

Kangas · April 2014

I pushed this name change very hard. Even insisting that since I had to create mine for early PTS access I should be able to change it.

The end was If I had bought from ZoS they can change it.

If you bought from a 3rd party there are some unfortunate linkages between names and databases that kept them from changing it.*

*Disclaimer: That policy *may* have changed since launch.

I ended up having to terminate my account just before launch and create a new one, adding the keys to the new one. Fortunately they saved forum progress. But my forum progress is now tied to that old defunct account. I hope that doesn't end up causing problems later.

Rhiven · April 2014

irreamab14_ESO wrote: »

Oh my gosh, Rhiv. Reported.

:P

Srugzal · April 2014

Rhiven wrote: »

When you create your account it explicitly says that your UserID will be displayed to others in game.

So I don't know why anyone would create one that they don't want people to know.

A lot of us, me included, chose our user ids during beta, long before the account interface had this little information bubble, or even looked anything like it does today. So your comment doesn't say anything constructive.

I recently changed my in-game userid. The procedure is the following:

1. Submit a ticket saying you want to change your account username.
2. Respond correctly to the authentication email.
3. Submit three choices for the new userid
4. ...wait for it to be done.

You can also use phone support, which is a lot quicker. However I realize that this is not an option for some people.

Realize too that when you change your name a) your addons will probably revert to default settings, and b) you may have to reset your password to be able to login.

Once I called, it was a pretty smooth experience.

Rhiven · April 2014

Srugzal wrote: »

Rhiven wrote: »

When you create your account it explicitly says that your UserID will be displayed to others in game.

So I don't know why anyone would create one that they don't want people to know.

A lot of us, me included, chose our user ids during beta, long before the account interface had this little information bubble, or even looked anything like it does today. So your comment doesn't say anything constructive.

Somebody said it was available during the betas (at least the later ones), but I agree that if people created their UserIDs prior to it being there then they are not at fault at all.

HandofBane · April 2014

Also worth mentioning related to the name change - since I saw it posted elsewhere back closer to launch - you may need to clear your friends list/guild membership for it to update properly. This may or may not have changed in the past week or so, but as of right after launch it was an issue for some folks.

jamesharv2005ub17_ESO · April 2014

Absolutely was during the beta. It was very clear the name you chose would be displayed to others on the forums and in the game.

magic_is_might · April 2014

Rhiven wrote: »

When you create your account it explicitly says that your UserID will be displayed to others in game.

So I don't know why anyone would create one that they don't want people to know.

Ha, expecting people to read... C'mon now.

HandofBane wrote: »

Rhiven wrote: »

So I don't know why anyone would create one that they don't want people to know.

And everyone reads the full EULA/TOS before signing up to any game service, too, right? Some people get excited and want to hurry through the process so they can get ingame, and just use something they know and can remember easily as their login/password. People can go on about "weak passwords" and "terrible security habits" all day, but that won't actually make most people actually pay attention beforehand and suddenly develop safer/more secure habits overnight. This is the primary weakness in the current system displaying @userIDs - humans being humans.

That's not Zenimax's problem. That's the customer's issue. Reminds me of when I worked retail and customers came in with coupons without actually reading the whole coupon, and get mad at the store because they didn't read the coupon correctly or read what they wanted to read...

And yes, I remember it being there in the earliest available beta.

ShinChuck · April 2014

magic_is_might wrote: »

That's not Zenimax's problem. That's the customer's issue.

But we're customers, and we have a right to complain/ask for improvements, whether it's housing, new content, a bank fix, or whatever. This isn't different.

HandofBane · April 2014

jamesharv2005ub17_ESO wrote: »

Absolutely was during the beta. It was very clear the name you chose would be displayed to others on the forums and in the game.

Ready for a magic trick? Your forum ID likely matches your original user ID. ub17 means you joined in the beta during the January-March phases (likely the later ones) as that was the 0.17 test stage. Going to go out on a limb and say your email address is jamesharv2005 at whatever email provider you use. Safest bets are live, yahoo, hotmail, and gmail.

So how's that security working for you?

Edit: me spel gud.

Gillysan · April 2014

Rhiven wrote: »

When you create your account it explicitly says that your UserID will be displayed to others in game.

So I don't know why anyone would create one that they don't want people to know.

I saw that and my opinion is the UserID and Login Credentials should have been two separate items.

Understand? Two....separate...items...for security reasons.

jamesharv2005ub17_ESO · April 2014

HandofBane wrote: »

jamesharv2005ub17_ESO wrote: »

Absolutely was during the beta. It was very clear the name you chose would be displayed to others on the forums and in the game.

Ready for a magic trick? Your forum ID likely matches your original user ID. ub17 means you joined in the beta during the January-March phases (likely the later ones) as that was the 0.17 test stage. Going to go out on a limb and say your email address is jameshav2005 at whatever email provider you use. Safest bets are live, yahoo, hotmail, and gmail.

So how's that security working for you?

Working very well. What diff does it make if you know what the first part of my email address is? You will not be able to login my account unless you live at my house or have access to said email address. Again this is a non-issue.

HandofBane · April 2014

jamesharv2005ub17_ESO wrote: »

HandofBane wrote: »

jamesharv2005ub17_ESO wrote: »

Absolutely was during the beta. It was very clear the name you chose would be displayed to others on the forums and in the game.

Ready for a magic trick? Your forum ID likely matches your original user ID. ub17 means you joined in the beta during the January-March phases (likely the later ones) as that was the 0.17 test stage. Going to go out on a limb and say your email address is jameshav2005 at whatever email provider you use. Safest bets are live, yahoo, hotmail, and gmail.

So how's that security working for you?

Working very well. What diff does it make if you know what the first part of my email address is? You will not be able to login my account unless you live at my house or have access to said email address. Again this is a non-issue.

You personally? Maybe, maybe not. Other folks who don't realize this kind of issue exists, and use the same password/login ID for everything? Absolutely. Anyone who refuses to account for those people in their security setup as a business is putting themselves at risk of loss of time/money due to their CS staff being tied up with preventable issues, and putting their customer base at risk of suffering losses to their own time/effort when guild banks get robbed because of compromised accounts (thanks for that non-existent withdrawal limit, guys!).

Your reply here is "well you should only give permission to people you trust!" To which I say "sure, let me get right on confirming every single member of my guilds has a secure password by having them send me a screenshot of it to make certain it isn't the same as their email."

Edit: Also you may have missed the part earlier where some people were able to get around the "email for an untrusted machine" thing by simply waiting 10 minutes then trying again. This has not worked for everyone, but enough people that it was reported quite a few times last week here.

SeñorCinco · April 2014

Aaron_Spellcaster wrote: »

This is not a discussion.

Yes it is.

Aaron_Spellcaster wrote: »

... im am the authority of my own thread.

No you are not.

Rhiven · April 2014

Gillysan wrote: »

I saw that and my opinion is the UserID and Login Credentials should have been two separate items.

Understand? Two....separate...items...for security reasons.

I completely understand and agree. As I said later in the thread I think that they should switch to using email addresses rather than UserIDs for logging in.

jamesharv2005ub17_ESO · April 2014

HandofBane wrote: »

jamesharv2005ub17_ESO wrote: »

HandofBane wrote: »

jamesharv2005ub17_ESO wrote: »

Absolutely was during the beta. It was very clear the name you chose would be displayed to others on the forums and in the game.

Ready for a magic trick? Your forum ID likely matches your original user ID. ub17 means you joined in the beta during the January-March phases (likely the later ones) as that was the 0.17 test stage. Going to go out on a limb and say your email address is jameshav2005 at whatever email provider you use. Safest bets are live, yahoo, hotmail, and gmail.

So how's that security working for you?

Working very well. What diff does it make if you know what the first part of my email address is? You will not be able to login my account unless you live at my house or have access to said email address. Again this is a non-issue.

You personally? Maybe, maybe not. Other folks who don't realize this kind of issue exists, and use the same password/login ID for everything? Absolutely. Anyone who refuses to account for those people in their security setup as a business is putting themselves at risk of loss of time/money due to their CS staff being tied up with preventable issues, and putting their customer base at risk of suffering losses to their own time/effort when guild banks get robbed because of compromised accounts (thanks for that non-existent withdrawal limit, guys!).

Your reply here is "well you should only give permission to people you trust!" To which I say "sure, let me get right on confirming every single member of my guilds has a secure password by having them send me a screenshot of it to make certain it isn't the same as their email."

Edit: Also you may have missed the part earlier where some people were able to get around the "email for an untrusted machine" thing by simply waiting 10 minutes then trying again. This has not worked for everyone, but enough people that it was reported quite a few times last week here.

YOUR security is YOUR responsibility. If you use the same name and password everywhere thats YOUR fault. There is no way to get around the IP security pass phrase. you cannot just wait 10 mins and it lets you log in anyways. As far as your guild I dont even understand that part. What diff does it make the people in your guild havign all secure passwords? Do you let them access your personal account?

HandofBane · April 2014

jamesharv2005ub17_ESO wrote: »

HandofBane wrote: »

jamesharv2005ub17_ESO wrote: »

HandofBane wrote: »

jamesharv2005ub17_ESO wrote: »

Absolutely was during the beta. It was very clear the name you chose would be displayed to others on the forums and in the game.

Ready for a magic trick? Your forum ID likely matches your original user ID. ub17 means you joined in the beta during the January-March phases (likely the later ones) as that was the 0.17 test stage. Going to go out on a limb and say your email address is jameshav2005 at whatever email provider you use. Safest bets are live, yahoo, hotmail, and gmail.

So how's that security working for you?

Working very well. What diff does it make if you know what the first part of my email address is? You will not be able to login my account unless you live at my house or have access to said email address. Again this is a non-issue.

You personally? Maybe, maybe not. Other folks who don't realize this kind of issue exists, and use the same password/login ID for everything? Absolutely. Anyone who refuses to account for those people in their security setup as a business is putting themselves at risk of loss of time/money due to their CS staff being tied up with preventable issues, and putting their customer base at risk of suffering losses to their own time/effort when guild banks get robbed because of compromised accounts (thanks for that non-existent withdrawal limit, guys!).

Your reply here is "well you should only give permission to people you trust!" To which I say "sure, let me get right on confirming every single member of my guilds has a secure password by having them send me a screenshot of it to make certain it isn't the same as their email."

Edit: Also you may have missed the part earlier where some people were able to get around the "email for an untrusted machine" thing by simply waiting 10 minutes then trying again. This has not worked for everyone, but enough people that it was reported quite a few times last week here.

YOUR security is YOUR responsibility. If you use the same name and password everywhere thats YOUR fault. There is no way to get around the IP security pass phrase. you cannot just wait 10 mins and it lets you log in anyways. As far as your guild I dont even understand that part. What diff does it make the people in your guild havign all secure passwords? Do you let them access your personal account?

Shall I type slower? The 10 minute thing was happening about a week ago, it may or may not still work, but some folks who were sent login codes never got them, and were able to get ingame by simply waiting 10 minutes or so, trying again and the server believed their PC was trusted, despite sending them an untrusted login code already (or at least the server believing it send that code).

As far as the rest of the people in your guild - ever been through a guild bank robbery? *** experience. I have been through 3 in under 2 months, all by compromised accounts through various phishing means. Each one of those compromises was of a person I knew for a long time, through multiple games (6 years in one case). It sucks seeing a friend have their characters stripped of everything then deleted. It also sucks seeing that character logged in and cleaning out the guild bank as quickly as they can (or worse logging in and seeing the bank cleaned out because nobody online at the time could revoke their permissions). Like it or not, in a guild *every* member with any kind of permissions, bank or promote/demote or whatever, becomes a security risk to the guild should their account become compromised. It is simply not feasible for any guild leader to confirm every person they want to tag as an officer, let alone as a member in a game where we can have 500-account guilds, has a secure account login/password/email.

This whole mess and mountain of risk could be prevented by ZOS taking two simple steps:
1) make ingame user IDs different than login IDs, whether as email logins or two separate names, or even showing only character names like many other games use
2) offer either physical or app-based authenticators, for those who want something more secure, yet easier to use and more reliable than the login email system they have in place now.

jamesharv2005ub17_ESO · April 2014

HandofBane wrote: »

jamesharv2005ub17_ESO wrote: »

HandofBane wrote: »

jamesharv2005ub17_ESO wrote: »

HandofBane wrote: »

jamesharv2005ub17_ESO wrote: »

Absolutely was during the beta. It was very clear the name you chose would be displayed to others on the forums and in the game.

Ready for a magic trick? Your forum ID likely matches your original user ID. ub17 means you joined in the beta during the January-March phases (likely the later ones) as that was the 0.17 test stage. Going to go out on a limb and say your email address is jameshav2005 at whatever email provider you use. Safest bets are live, yahoo, hotmail, and gmail.

So how's that security working for you?

Working very well. What diff does it make if you know what the first part of my email address is? You will not be able to login my account unless you live at my house or have access to said email address. Again this is a non-issue.

You personally? Maybe, maybe not. Other folks who don't realize this kind of issue exists, and use the same password/login ID for everything? Absolutely. Anyone who refuses to account for those people in their security setup as a business is putting themselves at risk of loss of time/money due to their CS staff being tied up with preventable issues, and putting their customer base at risk of suffering losses to their own time/effort when guild banks get robbed because of compromised accounts (thanks for that non-existent withdrawal limit, guys!).

Your reply here is "well you should only give permission to people you trust!" To which I say "sure, let me get right on confirming every single member of my guilds has a secure password by having them send me a screenshot of it to make certain it isn't the same as their email."

Edit: Also you may have missed the part earlier where some people were able to get around the "email for an untrusted machine" thing by simply waiting 10 minutes then trying again. This has not worked for everyone, but enough people that it was reported quite a few times last week here.

YOUR security is YOUR responsibility. If you use the same name and password everywhere thats YOUR fault. There is no way to get around the IP security pass phrase. you cannot just wait 10 mins and it lets you log in anyways. As far as your guild I dont even understand that part. What diff does it make the people in your guild havign all secure passwords? Do you let them access your personal account?

Shall I type slower? The 10 minute thing was happening about a week ago, it may or may not still work, but some folks who were sent login codes never got them, and were able to get ingame by simply waiting 10 minutes or so, trying again and the server believed their PC was trusted, despite sending them an untrusted login code already (or at least the server believing it send that code).

As far as the rest of the people in your guild - ever been through a guild bank robbery? *** experience. I have been through 3 in under 2 months, all by compromised accounts through various phishing means. Each one of those compromises was of a person I knew for a long time, through multiple games (6 years in one case). It sucks seeing a friend have their characters stripped of everything then deleted. It also sucks seeing that character logged in and cleaning out the guild bank as quickly as they can (or worse logging in and seeing the bank cleaned out because nobody online at the time could revoke their permissions). Like it or not, in a guild *every* member with any kind of permissions, bank or promote/demote or whatever, becomes a security risk to the guild should their account become compromised. It is simply not feasible for any guild leader to confirm every person they want to tag as an officer, let alone as a member in a game where we can have 500-account guilds, has a secure account login/password/email.

This whole mess and mountain of risk could be prevented by ZOS taking two simple steps:
1) make ingame user IDs different than login IDs, whether as email logins or two separate names, or even showing only character names like many other games use
2) offer either physical or app-based authenticators, for those who want something more secure, yet easier to use and more reliable than the login email system they have in place now.

Again noone was able to just wait 10 minutes and get in. I have been reading about people locked out for a few days now because they arent getting the emails. Things are fine as they are there is no need to change anything. I would prob buy an authenticator but they created more probs than they solved in SWTOR.

As far as the guild bank getting robbed dont let new players have access to it at first. In our guild you dont just get instant access to the guild bank. You have to work for it. If your account got hacked and some stuff got taken big deal.

Lastly if your friends are using the same password and email everywhere you should sit them down and explain security to them.

Valethar · April 2014

Rhiven wrote: »

Wait, you reported me just got disagreeing with you and posting a screenshot as evidence?

Whatever happened to there being two sides to a discussion?

I don't see anything objectionable in your post. There was no trolling, flaming or any other violation of the CoC. You, however, may have grounds to report him for harassment.

Live by the sword, die by the sword.

That said, in all fairness to some folks, that text is a flyout that they would only have seen had they moused over the marker. Zenimax should have made that far more visible by adding the text directly to the page, rather than hiding it behind an interactive element on the page.

Evelyn_Nightingale · April 2014

I can understand if your name was SparkleKitten2000 you wouldn't want your guild to see it.

On the matter of security, I don't feel vulnerable because of my login, but I could very well have a false sense of security. I'm not sure. If I hear news of mass amounts of people getting hacked then I may get worried.

Gillysan · April 2014

You clearly have gone into a defensive mode and are no longer objectively listening to what anyone is saying.

He had someone he knew for 6 years have their account compromised. Trust was already long ago established. How are you supposed to prevent that?

What is a guild leader supposed to do? Make people tell him their private info so he can verify that it is good enough to be trusted before promoting that person with more bank privlages?

When you pointed out to my post that you agreed the userid and login creds should be different you should have stopped there and let your statement stand. However, you insist on continuing in this defensive mode which is not adding to the OP's discussion.

jamesharv2005ub17_ESO · April 2014

Gillysan wrote: »

You clearly have gone into a defensive mode and are no longer objectively listening to what anyone is saying.

He had someone he knew for 6 years have their account compromised. Trust was already long ago established. How are you supposed to prevent that?

What is a guild leader supposed to do? Make people tell him their private info so he can verify that it is good enough to be trusted before promoting that person with more bank privlages?

When you pointed out to my post that you agreed the userid and login creds should be different you should have stopped there and let your statement stand. However, you insist on continuing in this defensive mode which is not adding to the OP's discussion.

I never said userids and login creds should be different.

Rhiven · April 2014

Gillysan wrote: »

When you pointed out to my post that you agreed the userid and login creds should be different you should have stopped there and let your statement stand. However, you insist on continuing in this defensive mode which is not adding to the OP's discussion.

I am the only person that quoted you and I did stop posting.

Edit: Anyways, I'm going to leave this thread so you don't have to worry about me continuing.