At Cryptic Studios, we take the security of your account very seriously. To further advance our security measures, we are happy to announce that we are beginning testing of a new security feature to be included in all Cryptic Studios games. Account Guard is a new feature which is intended to help secure your Star Trek Online and/or Champions Online account from those who may try to maliciously access it.
This feature is being enabled on Tribble today, and we’ll be watching the forums closely for your feedback regarding this feature. We’ve also provided a brief FAQ, which you can see below, to answer some of the questions we know you’ll have regarding this feature.
Q: What is Account Guard? A: Account Guard is a system designed to protect the account you use to log into Cryptic games from unwanted access. It keeps track of the computers you have authorized on your account, and notifies you when your account is accessed from an unauthorized computer.
*** Q: How does Account Guard notify me when my account is accessed from an unauthorized computer? A: Account Guard sends a notification to the email address associated with your account. This email details the time the account was accessed, and the IP address from which the access was attempted.
Your account will be inaccessible from that location until the Account Guard code delivered in the email is submitted to the game or website.
*** Q: What do I do if the login attempt in the notification is not mine? A: Your account will be inaccessible from an unauthorized location without the Account Guard code that is sent to you. However, if you receive a notification for an authorization attempt that didn't come from you, change your password immediately.
*** Q: How do I authorize a computer using Account Guard? A: When Account Guard notices your account has been accessed from a new location, it will prompt you for a special one-time code. That code will be delivered to the email address associated with your account. For this reason, we ask that you ensure the email address associated with your account is current; you can do so in the "Settings" tab of your "My Account" page on our website. To authorize that location for your account, just submit the code at the prompt.
Until you decide to de-authorize the computer, your will be able to access that account, from that computer, without interruption.
If you receive an Account Guard notification from a computer you don't recognize, we recommend you change your password immediately. Instructions and links will be included in the notification that is delivered to your email address.
*** Q: Account Guard references my "computer name". What is that? A: Your computer is assigned a name when the operating system is installed. Account Guard automatically fills in this information. If you desire, you can also type a different name for that computer at the time you authorize it.
*** Q: Can I opt out of Account Guard? A: Yes. At this time you will need to Contact Customer Support to opt out of Account Guard.
*** Q: Can I rename the computer name associated with my account? A: If you de-authorize your computer, and log in again, you can re-name your computer at the Account Guard prompt.
*** Q: Do I have to authorize my computer with Account Guard for each game separately? A: No. Account Guard functions across all Cryptic games. If you authorize your computer with one Cryptic game, it will be authorized with all Cryptic games.
*** Q: Will Account Guard work with my Perfect World account? Which games have Account Guard protection? A: Account Guard is currently only available on Cryptic Games such as Star Trek Online and Champions Online, but Account Guard will protect your account whether you access those games using a Cryptic or Perfect World login.
*** Q: How often do I have to authorize my account through Account Guard? A: Only as often as you change computers. If you remain on the same account and computer, and do not remove authorization, Account Guard will not prompt you again.
*** Q: I received a prompt to enter a code through Account Guard, but I never received an email. Help! A: Make sure you're checking the email address associated with your account. Also, be sure to check your spam folder. If you still don't receive an email, contact Customer Support. You may also want to add email@example.com to your emails spam whitelist or address book.
*** Q: Can I generate a new authorization email if the first one doesn't show up? A: If you log into your account again, another email will be sent to the address associated with your account.
*** Q: For how long does my authorization code last? Does the code expire if I don't use it? A: The code will expire after a period of time, after which point it cannot be used. If your code expires, you can log into the game again, at which point a new code will be sent to the email address associated with your account.
*** Q: I logged into the game but wasn't prompted for an Account Guard code. Why wasn't a code sent to me? A: If you've never logged into a Cryptic game before, you will not be prompted to enter a code the first time you log into your account.
*** Q: I already registered a computer with my account, but Account Guard is prompting me for a code. Is there a limit to how many computers I can authorize against my account? A: Currently, only 10 computers can be remembered on your account at one time. If you go over your limit, the computer that you accessed least recently will be forgotten, and you will have to re-authorize it.
*** Q: I keep entering the wrong code, and now I can't get into my account. Help! A: If you enter the wrong code too often, you may be locked out of your account. If this happens, wait a while before attempting to log in again. If you still can't log into your account, contact Customer Support.
*** Q: How can I ensure the security of my account? A: First of all, remember to change your password frequently! Also, make sure your password is secure and not easy to guess. For more information on generating secure passwords, follow this link: http://www.microsoft.com/security/on...ds-create.aspx
Keep your password unique. If you have multiple accounts, make sure they each have their own unique and secure password.
So, by "cannot access the account" without the code do you mean through the game client or through the client AND the website?
Because I see this happening:
1. I log into someone's account and get told to verify the computer. Now I know I have the right password.
2. I got startrekonline.com and login to their account. Now I change their email address so that emails goto my email.
3. I try logging in again, the code gets sent to MY email now. I authorize my computer, login, and wipe their fleet bank and personal bank out sending it all to some dummy account.
4. Rinse and Repeat.
We've heard that Cryptic will reimburse individual accounts as best they can but we also know by that same token that you have no desire to reimburse a FLEET for lost and/or stolen items. So if someone jacks my fleet leader's account and does the above they can then send all my fleet's items and money away and you won't do anything about it.
Now add in how much time and effort people will be investing in Starbases and the amount of resources being gathered for that and there's a whole new issue.
Sure the above procedure might assist in identifying the bad guys and all but then what? We MIGHT get everything back and we might not? The bad guy will get a ban? They email the stuff to a free account and disseminate it from there and there's no way you can ban/punish everyone that's touched that loot...
I'm just hoping this applies to both the My Account page and the Client otherwise it's only gonna stop the laziest of hackers.
So, if we authorize a computer on Holodeck will we still need to authorize it on Tribble or vice versa?
Only if you log in from a different computer If you log in from the same computer, you only need to validate on a single Cryptic shard, and then won't be asked again from that computer. This info in the in FAQ, but I know it's a long read :p
hate it .....what a waste of time that could of been dedicated to making the account bank everything we wanted instead of a glorified mail system we already have and didn't like, that is why we asked for an account bank......some people just do not get it.
I tried this on Redshirt and it was very easy and user friendly to use. Just grab the code from my email and entered it. Simple way to Authorise 'game' login's to a computer. Please implement this for Account logins via the website also to close the loop.