View Single Post
Lt. Commander
Join Date: Dec 2007
Posts: 120
# 15
02-01-2010, 01:38 PM
Originally Posted by Avai View Post
This is a very good point, and it is something I am concerned with as well. It would be safer to log in with an e-mail address as well as the account name and password. Your e-mail address can be hidden from others, but not your account name. Has anyone put this concern in the Feedback forum? This is not the right forum for this topic.


That is very simple, yes. I apparently was dumb. I will look into changing this. Thank you for pointing this out!
Having your account name doesnt help much, as anyone trying to access your account would also need your password. Now, assuming you were smart and did not use a dictionary word, or 1337 variation there of, the only option would be to brute-force the login to get your password.

I would bet a considerable sum of money that Cryptic's account server will do something once it see's 30+ wrong passwords a second coming in to someone's account in order to stop a brute force attack, the easiest method being to IP-ban the source, or even lock the account.