Lt. Commander
Join Date: Dec 2007
Posts: 120
# 11
03-19-2012, 07:49 PM
Quote:
Originally Posted by AshenTech
if you dont have any protection from keyloggers, and are also trolling around the net clicking random links or downloading from questionable sources...your an idiot....

in 20+years as a computer tech I have seen keyloggers, and without exception it was user error/stupidity that caused it every time.

if your to stupid/lazy to take simple(free) precautions to protect your data/system, then it is your own damn fault if you get your accounts hacked/stolen and loose money/credits/exct.

and thats odd, my login has nothing to do with my name here, im @ashentech in game, and thats not even related to my login name......just asked my 3 friends who are playing and none of them have the same login name as @ handle.....i guess your "Doing it wrong" as they say.

my advice to anybody who's been hit by this kinda thing(keylogger exct) get a good free antivirus like microsoft security essentials or avast, or or or....

if your really dumb and download random crap grab threatfire and run it along side the above AV to boost your protection even more.....

again this stuffs pretty simple, and over the years my sympathy for people to stupid and/or lazy to learn some basics of system security has become non-existent, if your going to use a device, learn something about it.
No my names aren't the same, but it is possible to have them as such I believe no? Might be a good place to start is all I'm saying. However that I find... staggering... that you assume everyone who uses a computer knows these simple things.

Anyone who has spent 5 minutes in IT knows:

1) People usually don't know squat about computers (ex: Not turning on? Is it plugged in? >.>)
2) It takes a long time to fix problems that come from this simple lack of understanding.
3) No matter how many times you tell people, it will still happen.
4) saying it's their fault and leaving at that isn't good for business.

What I'm curious about is your aversion to this simple tech that would greatly alleviate problems. Are you saying it's pointless and that all people should be held accountable to the wolves for what ever happens to them? Do you really think that all malicious software has to be clicked and downloaded or that every protection software... or even one.. is 100% fool proof and will completely immunize you from all possible threats..... really? As my old IT manager used to say: The only safe computer is one that's in a room, sealed with concrete, erased from the blue prints, and disconnected from all sources (even power) and smashed into atomic bits. And even then, not really safe.

I've spent sometime in IT myself and evenI understand: the "simple" Stuff isn't always "simple" to people. What has taken me back is your desire to leave the effected out in the cold: The only person to blame is yourself. Not to mention calling them stupid, etc... so either you're a novice IT guy, a jaded IT guy (ha! like that's hard to find), or just an overall rude person. .. but definitely not professional.

Tell your IT customers these things and see how long they keep you. If you have time to blame and call names, you had time to fix and prevent no? If you have this many problems that the frustration brings you to name calling (ex. Stupid), then may preventative actions (like an authenticator) would make your life all that easier? I think you were just looking for A) a chance to troll/grumble at someone, B) a chance to show off the machismo, or C) take out your frustrations on someone who had an actual, genuine request on account security.

account with authenticator = safer account than one without it. Why is that even a problem for people?
Lt. Commander
Join Date: Dec 2007
Posts: 120
# 12
03-20-2012, 08:21 AM
Quote:
Originally Posted by Tannlore View Post
account with authenticator = safer account than one without it. Why is that even a problem for people?
Because the majority of people aren't willing to pay the $$$ for it...
Lt. Commander
Join Date: Dec 2007
Posts: 120
# 13
03-20-2012, 08:55 AM
Quote:
Originally Posted by Grouchy.Otaku
Because the majority of people aren't willing to pay the $$$ for it...
I have three physical authenticators and 4 digital ones.

The digital ones: Free (really.. free)

The physical ones: I paid 9 bucks for two and one I got free as part of a collector's edition. If you don't want to pay for one then don't. But that's till no reason to not have the option. Those of us who want a secure account will buy or download one. *Shrug* You are hardly forced to use/buy one in the games that have them.. in fact in none of them.


PS. Went to check a few sites even:

$6.50
http://us.blizzard.com/store/details.xml?id=1100001470
http://us.blizzard.com/store/details.xml?id=1100001430

4.00
http://buy.swtor.com/us/#optional-game-add-ons

Not sure where you're getting $40-70 bucks in your first post from.
Lt. Commander
Join Date: Dec 2007
Posts: 120
# 14
03-20-2012, 09:18 AM
Quote:
Originally Posted by Tannlore View Post
I have three physical authenticators and 4 digital ones.

The digital ones: Free (really.. free)

The physical ones: I paid 9 bucks for two and one I got free as part of a collector's edition. If you don't want to pay for one then don't. But that's till no reason to not have the option. Those of us who want a secure account will buy or download one. *Shrug* You are hardly forced to use/buy one in the games that have them.. in fact in none of them.


PS. Went to check a few sites even:

$6.50
http://us.blizzard.com/store/details.xml?id=1100001470
http://us.blizzard.com/store/details.xml?id=1100001430

4.00
http://buy.swtor.com/us/#optional-game-add-ons

Not sure where you're getting $40-70 bucks in your first post from.
Though I notice that none of the Authenticators you quote are from a F2P game... So what are the game/expansion pack costs and subscription fees are????

As for the costs, $40 - $70 as the costs for certified authenticators (the type used by financial institutes) where Security counts. Items such as Cell Phone app authenticators would never be considered for Financial Networks as Cell Phone platforms are no more secure then PCs are, and would only provide 'placebo' security.

This also brings up the question on the 'quality' of the authenticators sold by the game companies... The Federal Information Processing Standards for computer security is FIPS 140-2 (GOOGLE this...) Hardware based security is covered under Level 2 standards, while financial networks are required to meet Level 3... (So if you look at the requirements, you can see where the costs come from...)
Lt. Commander
Join Date: Dec 2007
Posts: 120
# 15
03-20-2012, 09:49 AM
Quote:
Originally Posted by Grouchy.Otaku
Though I notice that none of the Authenticators you quote are from a F2P game... So what are the game/expansion pack costs and subscription fees are????

As for the costs, $40 - $70 as the costs for certified authenticators (the type used by financial institutes) where Security counts. Items such as Cell Phone app authenticators would never be considered for Financial Networks as Cell Phone platforms are no more secure then PCs are, and would only provide 'placebo' security.

This also brings up the question on the 'quality' of the authenticators sold by the game companies... The Federal Information Processing Standards for computer security is FIPS 140-2 (GOOGLE this...) Hardware based security is covered under Level 2 standards, while financial networks are required to meet Level 3... (So if you look at the requirements, you can see where the costs come from...)
I helped set up a multi factor authentication system at the company I work for recently... the cost is close to what you are saying. We just used simple key fobs, cost of each is about $50. The cost for the server side was was between $30k and $40k (including redundancy and such). But we dont have as many employees as people that play this game, so Cryptic may have to spend more (more people = more servers to distribute load and all that). Honestly I dont know the yearly cost for licensing and such, that part is another department.

All that said, there are plenty of cheap systems out there that can give a decent amount of security. This game doesnt need to be secure at the level of banks. Really, developing your own app (for android+iphone) and server system would be a quick and easy way to do this, and still have a decent amount of security (not ideal, but it's better than what we have). That is assuming you have decent developers that have a clue about developing secure systems, which I doubt Cryptic has right now. Wouldnt be at RSA's level of secure, but it would prevent keyloggers and packet sniffers from capturing information that can lead to an account being compromised (they could still get the username/password, but the random code they can never capture unless they get the physical device producing it - or hack into that as well... but at least it makes the whole thing much more difficult)

As for your comment on cell phone apps only being 'placebo security', yes, it's not as secure. But using such a system increases the number on devices an attacker must attack, and does in fact make an account more secure. Not as secure as a fob of course, but doesnt mean its a bad option...
Lt. Commander
Join Date: Dec 2007
Posts: 120
# 16
03-20-2012, 10:10 AM
Edit: Sardoc said it better than I could.

Also f2p games: Everquest 1 and 2: Authenticator costs 9.50 or so. FF14 (Was free to play until recently 5-9.50 as well) What I could find quickly

Any extra added security is more secure then none at all right? Since none of us work for Cryptic or another gaming company with this system in place, talking about the background costs is kind of moot. We don't know.

What I do know: Authenticator = better than none.

You don't want to pay then don't. I will, Cryptic let me have it.
Lt. Commander
Join Date: Dec 2007
Posts: 120
# 17
03-20-2012, 12:55 PM
I'm all for this, a few pounds, dollars or whatever the currency is where you are to make sure your account is a little bit safer I think would be well worth it. As the free to play bandwagon rolls on I think it would be a good move to introduce this as it would help stop people getting hacked thus getting the workload down for Cryptic or for whoever has the job of dealing with people who have been hacked and needs a restore.

A good friend of mine works for Blizzard and they have said that something in the region of 80% of her job is account restores. Granted with the best intentions I dont think STO will ever get the player base number's that WoW has but, imo its best to get in there early rather than wait for a threshold to be reached with the number of hacked accounts.

Once the goldfarmers realise that there is a market in STO the number of hacked accounts will grow significantly as they send out phishing emails etc.

Of course make it up to the player as to whether they have one or not, but think of it this way, are all those hours put into your account worth a few dollars, pounds etc to make sure its a little bite more secure?
Lt. Commander
Join Date: Dec 2007
Posts: 120
# 18
03-20-2012, 01:06 PM
Guys, the main belief of the hacking is thought to be the STOWIKI site. Apparently there's a third party keylogger that if you log into the game while having the site open, it key logs your information. I found this out reading the forums. So STAY OFF STOWIKI.
Lt. Commander
Join Date: Dec 2007
Posts: 120
# 19
03-20-2012, 06:00 PM
Quote:
Originally Posted by Boba_Fett215
Guys, the main belief of the hacking is thought to be the STOWIKI site. Apparently there's a third party keylogger that if you log into the game while having the site open, it key logs your information. I found this out reading the forums. So STAY OFF STOWIKI.
Actually, STOWiki is fine as of now

http://forums.startrekonline.com/sho...7&postcount=88
Lt. Commander
Join Date: Dec 2007
Posts: 120
# 20
04-15-2012, 08:15 PM
I'm just going to chime in here as I was about to post a thread like this....

I know I'm not the only one that buys a lot of Cryptic Points, and those points do NOT come cheap. Currently 5k CP's cost nearly the same as a 6 month sub to a pay to play MMO, and a lot of people buy 5 or 10k CP's through out the year. In the end it always costs more to play FTP games if you want to have the best stuff, or in our case have the top level ships and such. So to all of those people saying that Cryptic doesn't make enough money to deploy even a basic authenticator has no idea what they are talking about. In fact nearly all mmo's that use an authenticator actually outsource to a specific company that runs the systems and makes a custom smartphone app. To date the only system I've noticed not to employ the same system and custom made app is Blizzard who wrote BOTH their Armory/Guild Chat app and their authenticator app from scratch and employ their own backend.

It's not very hard to get a keylogger, even the best AV software has a chance to miss one, especially a browser based keylogger. This is how that MASSIVE game industry wide account hack happened from Chinese servers, it infected big sites, like MMORPG, most MMO wiki sites and such and since most people don't really change their password or use the same for everything, it's not hard to imagine why and how that happened.

Me personally would feel much better having my account protected after spending $200+ between subs and CP's. I'd rather deal with the hassle of calling account support to have an authenticator removed if I uninstalled an app before taking it off my account, or if the keyfob battery died than get hacked.
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


All times are GMT -7. The time now is 10:20 PM.