PST Time 00:00:00GMT-8
Local Server Time 00:00:00GMT+8
ID
Password
FlashGuide
FlashGuide
HA Infomation

General Discussion
Forum Quick Menu

  Index

  • Security Hole

    06. 22. 2011 06:12


Gtdawg
In case anyone was wondering, they should change their passwords immediately.

There is a massive security hole in how accounts and emails are verified that I've been talking about for a week.

I have submitted a support ticket already, but it is a change that can't happen right away.

If you have given your account password out to anyone at all, change the password as soon as you read this.

Do not assume that having the trade password provides additional security!!!!!!!!!!!

The announcement stated that this website included increased security when, in fact, they've undone a few things and have completely opened up everyone to losing their account.  

 

  • Re : Security Hole

    06. 22. 2011 11:47


Gtdawg
Ignoring the stupid screw ups like word wrap failures and an inability to middle click/open in new tab certain things...it is disappointing to see moderators get the issue wrong when trying to explain away a user's fears.

In another thread about the second password/email thing, a TNF mod said that nobody should worry because a hacker would need your password and access to the original email which is not the case at all.

I'd like them to get it right so they could see the concerns...

  • Re : Security Hole

    06. 22. 2011 12:02


vick11
I can see the concerns if you share the primary password of your account. I have asked previously about this and I have asked again, so it is not being ignored. However, at the core of the issue is do not share the primary password and use a primary password that is not blatantly obvious, which I have seen before where people use their game ID as the password. When it comes to a shared account that is invariably very obvious with a log check of in-game and for the website. People will always claim they have not because they know the subsequent response, but we are very good at verifying that or disputing it very quickly.

  • Re : Security Hole

    06. 22. 2011 12:09


V2CxBongRipz
Originally Posted by vick11
I can see the concerns if you share the primary password of your account. I have asked previously about this and I have asked again, so it is not being ignored. However, at the core of the issue is do not share the primary password and use a primary password that is not blatantly obvious, which I have seen before where people use their game ID as the password. When it comes to a shared account that is invariably very obvious with a log check of in-game and for the website. People will always claim they have not because they know the subsequent response, but we are very good at verifying that or disputing it very quickly.



So you are saying if you share your account or play from multiple IPs there is no help?

I thought the whole purpose of the second password was to secure your account even if it was shared.

  • Re : Security Hole

    06. 22. 2011 12:11


Gtdawg
Like I said, personally, it doesn't affect me in the slightest.

And, since TNF wasn't ever going to do anything about various things, I think it is humorous that you have inadvertently ended HA mercenaries between a few fleets and account sharing to game events.

Account sharing will probably still occur with real life friends or select longtime fleet members, but...by and large...people are going to have to cut way down on sharing their accounts.

It doesn't really bother me all that much. I'm glad those things are going to be curtailed.

But, it bothers me that this forum was portrayed as more secure when, obviously, it is not. I mean, you already used the second password on the old forums, so it seems quite silly to go backwards in levels of security on this forums by not requiring it.

And, I was willing to deal with the way the email verification system worked since you needed the the second password. Now, though, someone gets your account password and that's all they need.

Someone would never know when their verified email got changed until it was too late. Then, if they tried to send in a support ticket, you guys write it off as account sharing and they never see their stuff again.

There needs to be an additional password and/or you MUST send a verification email to the original verified email. Not to the new one.

  • Re : Security Hole

    06. 22. 2011 12:14


Gtdawg
Originally Posted by V2CxBongRipz

So you are saying if you share your account or play from multiple IPs there is no help?

I thought the whole purpose of the second password was to secure your account even if it was shared.


The company line was and will stay at "The second password is to prevent people from inadvertently deleting sailors".

That's how it was sold and "why" it was implemented.

Of course, the fact that you need it for getting items, opening the HQ, and making trades is a clear indication that it was instituted to allow people to share their account without worrying about someone gutting their account.

The fact that TNF and SDE play dumb about the account sharing after the introduction of a second password (and where you have to enter the second password) is just silliness.

  • Re : Security Hole

    06. 22. 2011 12:20


V2CxBongRipz
Originally Posted by Gtdawg
Originally Posted by V2CxBongRipz

So you are saying if you share your account or play from multiple IPs there is no help?

I thought the whole purpose of the second password was to secure your account even if it was shared.


The company line was and will stay at "The second password is to prevent people from inadvertently deleting sailors".

That's how it was sold and "why" it was implemented.

Of course, the fact that you need it for getting items, opening the HQ, and making trades is a clear indication that it was instituted to allow people to share their account without worrying about someone gutting their account.

The fact that TNF and SDE play dumb about the account sharing after the introduction of a second password (and where you have to enter the second password) is just silliness.


Ridiculous.

  • Re : Security Hole

    06. 22. 2011 12:27


DrShikima
So, to simplify this for the masses;

Please do *NOT* share passwords.

How is this done?

Easy... JUST.DON'T.SHARE.

This has been an obvious public announcement.

  • Re : Security Hole

    06. 22. 2011 12:35


Elliot2lazy
Originally Posted by DrShikima
So, to simplify this for the masses;

Please do *NOT* share passwords.

How is this done?

Easy... JUST.DON'T.SHARE.

This has been an obvious public announcement.


So do you have any news if they are going to change it to where the new and old email has to be verified to switch emails?

Is this just how it is going to be from now on and everyone just has to abide by really stupid changes?

I personally don't care too much like gtdawg here.

  • Re : Security Hole

    06. 22. 2011 12:36


V2CxBongRipz
Originally Posted by DrShikima
So, to simplify this for the masses;

Please do *NOT* share passwords.

How is this done?

Easy... JUST.DON'T.SHARE.

This has been an obvious public announcement.



So basically: "thanks for all the money you guys put into your fleet accounts that at one time were secure but now you cannot share the details with anyone without risking them stealing the account by simply sending a verification code to a new email account"?

  • Re : Security Hole

    06. 22. 2011 12:42


Gtdawg
Right on cue....blindly adhering to the company line without spending two seconds to think about the implications.

Golly, I sure hope 5 more mods come in and tell me not to account share while ignoring the idea of a second password and the fact that the email can be changed without notifying the original account owner.

1 2 3 4 5 6 7 8