PST Time 00:00:00GMT-8
Local Server Time 00:00:00GMT+8
ID
Password
FlashGuide
FlashGuide
HA Infomation

General Discussion
Forum Quick Menu

  Index

  • Possible simple solution to account sharing/password security issue

    06. 23. 2011 19:52


Nachmorsi
So there appears to be a big loophole in that you can change all the account details (including email address for verification) online with just the password. This poses a huge risk for those who account share. 
 
My understanding is if you don't remember your PIN then you have to send a support ticket and send an email to "verify" you are the account holder. However, with just the password you can change the email address to your own and claim to be the actual account holder. This amounts to everything on the account possibly being deleted, swapped, etc. 
 
If that were to happen then TNF/SDE has a nice massive headache which I can't blame them for wanting to avoid. 
 
However, I think there is a simple solution that could at least partially solve this issue so that it is like it was on the old website and still allow people to account share without vastly increasing the workload of TNF/SDE. It is more a temporary fix, but it could at least save a bit of a headache. 
 
People can post in a thread/forum/support ticket on the actual account saying that they do not want their PIN to be able to be reset. People who post have their username added to a list (e.g. in notepad or excel).
 
From there on, if anybody sends in a support ticket asking for the PIN to be reset then the GM just has to open the list, ctrl+f and type in the username. If it is there, then deny the change and wait for the real account owner to contact them. If the username isn't on the list then go about as they would do usually.
 
Simple and it should restore some security pleasing both customers and representatives and there is no ambiguity about it.
 
It could also go one step further and people could add their email account meaning the 2nd pw can be reset, but only using the designated email account. 
 
What are people's thoughts on this?
 

 

  • Re : Possible simple solution to account sharing/password security issue

    06. 23. 2011 20:10


Gtdawg
Or, they could put a multiple password system in to place like on the old forums.

Of course, they could just have the email verification system send an email to the actual verified email instead of the new email. That way, the account holder could verify and approve the change to the email.

But, that's just crazy talk.

  • Re : Possible simple solution to account sharing/password security issue

    06. 23. 2011 20:57


Foxhound31
the million dollar answer...

Don't account share :P

  • Re : Possible simple solution to account sharing/password security issue

    06. 23. 2011 21:08


JosephLittle
Originally Posted by Foxhound31
the million dollar answer...

Don't account share :P


Hmmmm, how about: "We won't insert a massively flawed email confirmation system" ?


The point shouldn't even be about account sharing or not, but yes about there being a way to completely wipe and/or hijack an account only with the password.

I realise your comment is probably intended more of a joke, but a lot of the mods are using a straw man argument and missing the point entirely.

  • Re : Possible simple solution to account sharing/password security issue

    06. 23. 2011 21:20


Gtdawg
Perhaps if they repeat it over and over again they get olives or something.

I mean, at least Vick has said that he's working on it and there's nothing else to report. All the other TNF mods can't help themselves and just add nothing to the discussion other than making themselves look silly by making a joke of the situation and repeating the line.

If they repeat it 25 times, maybe it'll fix the email confirmation system in to a format that most other sensible companies use.

  • Re : Possible simple solution to account sharing/password security issue

    06. 23. 2011 21:26


XtremCarnage
All you need to do is add the secondary password when changing emails. Most people who share accounts dont share their secondary password this is the logical thing to do to quick fix this situation, at least until they can get a proper authentication method.

Im assuming they put this in place because they were tired of people sending support tickets asking for their email to be changed or they forget their email account password or something. If the person has lost their email then there should be a way for them to change it without that email, at least thats what i think SDE's thought process was, they just didnt think it through very well which is the mistake they always make.

  • Re : Possible simple solution to account sharing/password security issue

    06. 23. 2011 21:31


Nachmorsi
I should have probably added that given the rate of progress of this website went at I don't know if we can realistically assume something code-driven will be done soon.

Hence this suggestion.

  • Re : Possible simple solution to account sharing/password security issue

    06. 23. 2011 21:43


V2CxBongRipz
Originally Posted by Foxhound31
the million dollar answer...

Don't account share :P



The million dollar answer... say something productive or gtfo. I mean seriously you guys represent SDE and this is the kind of crap you post.

Originally Posted by XtremCarnage
All you need to do is add the secondary password when changing emails. Most people who share accounts dont share their secondary password this is the logical thing to do to quick fix this situation, at least until they can get a proper authentication method.


OMG how long did it take you to come up with that? I mean the most common sense simple answer to the problem and its so far beyond SDE's thought process :D

  • Re : Possible simple solution to account sharing/password security issue

    06. 23. 2011 22:53


Foxhound31
Originally Posted by V2CxBongRipz
Originally Posted by Foxhound31
the million dollar answer...

Don't account share :P



The million dollar answer... say something productive or gtfo. I mean seriously you guys represent SDE and this is the kind of crap you post.


ACCOUNT SHARING RULES
=============================================================
=============================================================
=============================================================

Dear Members of Navyfield,

I would like to remind players not to share accounts or use the same password in any other
public place which may be the same as your account for Navyfield.

Those of you who continue to share accounts, Moderators and GMs of SDE cannot assist
players any longer in recovery efforts. Consider this your final warning!!

This will extend to lending of sailors and ships to other players in the game. All trades
are final!!

For a reminder for those who haven't read the EULA:

D. During the registration process, you will be required to select a user name and a
password that are specific to your Account (collectively referred to hereunder
as "Password"). Your Password is to be kept confidential at all times and you are
solely responsible for the security of your Password and your Account. You may not
disclose your Password to anyone, or allow your Password to be used by any one
beside yourself or your one (1) minor child to play the Navy Field. Any damage or
harm that may result to your Account, or to the Navy Field, due to lost or deleted
characters due to your disclosure of your Password, or due to the discovery of your
Password by a third party, is your sole responsibility. Note that your user name shall
be subject to the naming guidelines contained in this Terms of Use Agreement.

E. SD EnterNet does not recognize the transfer of Accounts between individuals.
Sharing of accounts and account passwords is forbidden, to do so allows SD
EnterNet and TeamNF to terminate your account rights. This action is in response
prevent theft from such sharing. Additionally, note that there are no refunds if you
decide to "terminate" your Account early as the Service will be available for your use
until the time that you have purchased on the Service expires.

That is all.
=============================================================
=============================================================
=============================================================
=============================================================
=============================================================

If you want to take the risk with your account and share it that is YOUR PROBLEM.

  • Re : Possible simple solution to account sharing/password security issue

    06. 23. 2011 23:09


Piombo
Originally Posted by Foxhound31
the million dollar answer...

Don't account share :P

which is very true since NF SDE says not to do so in the 1st place since they consider it an ileagal act .
Also NF should delete shared accnts in my acpect of it since so many issues it brings apperantly such as your budys and fleet m8s are thieves and cant not be trusted or else these things wouldnt be an issue

  • Re : Possible simple solution to account sharing/password security issue

    06. 23. 2011 23:15


Piombo
Originally Posted by Foxhound31
Originally Posted by V2CxBongRipz
Originally Posted by Foxhound31
the million dollar answer...

Don't account share :P



The million dollar answer... say something productive or gtfo. I mean seriously you guys represent SDE and this is the kind of crap you post.


ACCOUNT SHARING RULES
=============================================================
=============================================================
=============================================================

Dear Members of Navyfield,

I would like to remind players not to share accounts or use the same password in any other
public place which may be the same as your account for Navyfield.

Those of you who continue to share accounts, Moderators and GMs of SDE cannot assist
players any longer in recovery efforts. Consider this your final warning!!

This will extend to lending of sailors and ships to other players in the game. All trades
are final!!

For a reminder for those who haven't read the EULA:

D. During the registration process, you will be required to select a user name and a
password that are specific to your Account (collectively referred to hereunder
as "Password"). Your Password is to be kept confidential at all times and you are
solely responsible for the security of your Password and your Account. You may not
disclose your Password to anyone, or allow your Password to be used by any one
beside yourself or your one (1) minor child to play the Navy Field. Any damage or
harm that may result to your Account, or to the Navy Field, due to lost or deleted
characters due to your disclosure of your Password, or due to the discovery of your
Password by a third party, is your sole responsibility. Note that your user name shall
be subject to the naming guidelines contained in this Terms of Use Agreement.

E. SD EnterNet does not recognize the transfer of Accounts between individuals.
Sharing of accounts and account passwords is forbidden, to do so allows SD
EnterNet and TeamNF to terminate your account rights. This action is in response
prevent theft from such sharing. Additionally, note that there are no refunds if you
decide to "terminate" your Account early as the Service will be available for your use
until the time that you have purchased on the Service expires.

That is all.
=============================================================
=============================================================
=============================================================
=============================================================
=============================================================

If you want to take the risk with your account and share it that is YOUR PROBLEM.


ive should have read farther down but yea what he said ^^

1 2 3 4