Lobby: Up
Online: 64
Sync Range: 40
* FAQ    * Search
It is currently Thu Mar 28, 2024 7:37 pm

All times are UTC




Post new topic  Reply to topic  [ 39 posts ]  Go to page Previous 1 2 3 4

How do you want to secure your account?
I'm a man, and use real secure passwords that aren't password1 43%  43%  [ 43 ]
I would prefer to generate a one time password. 18%  18%  [ 18 ]
I would prefer to manually authorize my login each time. 40%  40%  [ 40 ]
Total votes: 101
Author Message
PostPosted: Mon Oct 07, 2019 3:55 pm 
Offline

Joined: Tue Jan 24, 2017 8:45 pm
Posts: 28
I would like to vote for an option to increase security but I feel that both of the presented options are not really that great... Mostly because they both start with "You would log into the account page" and there is nothing in either of these proposals to increase security of the account page. I would expect that most of these account take-overs happen due to a compromised forum account. Given that most people report that their alts and main get hacked at the same time, it must be via the forums account.

So some form of 2FA for the account page (ideally in my mind something like U2F) to lock down account logins, would allow Nasomi to have an option to only authorize game logins from IP addresses that have been recently logged into the account page. This would mean that for most people, you might only have to login to the account page every few days/weeks. In my case, I know my public IP address hasn't changed once since I moved into my current house three years ago. It could be optional and for most people it would provide a good mix of security and minimal change to how they are currently logging in.

It doesn't even need to be integrated with the forums login... While the account password and forums passwords are identical, 2FA could be only on the account page so that it would be code that Nasomi 100% controls. No problems with integrating with phpBB... But if Nasomi did want to do this for the forum accounts also I found this thread and is looks like there is active development and is nearing RC status so it would likely work. https://tinyurl.com/y6ffnmso

So in summary, Add some type of 2FA to the account page. And then add an option to restrict game logins to IP addresses that have recently been logged into the account page.


Top
   
PostPosted: Mon Oct 07, 2019 10:00 pm 
Offline

Joined: Sat Mar 03, 2018 8:28 pm
Posts: 604
sakuro wrote:
I would like to vote for an option to increase security but I feel that both of the presented options are not really that great... Mostly because they both start with "You would log into the account page" and there is nothing in either of these proposals to increase security of the account page. I would expect that most of these account take-overs happen due to a compromised forum account. Given that most people report that their alts and main get hacked at the same time, it must be via the forums account.

So some form of 2FA for the account page (ideally in my mind something like U2F) to lock down account logins, would allow Nasomi to have an option to only authorize game logins from IP addresses that have been recently logged into the account page. This would mean that for most people, you might only have to login to the account page every few days/weeks. In my case, I know my public IP address hasn't changed once since I moved into my current house three years ago. It could be optional and for most people it would provide a good mix of security and minimal change to how they are currently logging in.

It doesn't even need to be integrated with the forums login... While the account password and forums passwords are identical, 2FA could be only on the account page so that it would be code that Nasomi 100% controls. No problems with integrating with phpBB... But if Nasomi did want to do this for the forum accounts also I found this thread and is looks like there is active development and is nearing RC status so it would likely work. https://tinyurl.com/y6ffnmso

So in summary, Add some type of 2FA to the account page. And then add an option to restrict game logins to IP addresses that have recently been logged into the account page.


yay sak used the words i dont know cuz im a moron :D


Top
   
PostPosted: Mon Dec 30, 2019 5:14 am 
Offline
User avatar

Joined: Tue Mar 01, 2016 10:25 pm
Posts: 182
2FA - (2 Factor Authentication)? Yes please.

The downside is when people forget to unsync the app from their phone when they upgrade. Going to need to do some basic workaround support for that. But in my experience that is way faster than having to deal with a hacked account and people getting screwed out of gear/gil.

_________________
Petz

:!: Please note that if your posts or responses are deleted on the forums, chances are it was inappropriate, inflammatory, or someone else was defamed.


Top
   
PostPosted: Sun Jan 12, 2020 1:16 am 
Offline

Joined: Mon Apr 23, 2018 7:41 pm
Posts: 19
I don't fully know how I got compromised. My password was used on a few sites that had no real relation to nasomi yet they still got me. Its still my fault for using a password more than once, I got into the habit of something easy to remember. I'll be lucky to play Lithorn again. I kinda wish there was a third option that didn't rely on the forum for authentication though. How hard would it be to set up authentication not with email but with programs like Authy? or WinAuth. I use Winauth basically for a ton of things, and its on my desktop tucked away so it would be hard for them to get at it. Maybe even a phone version? Is any of this possible?

From what I saw on the logs posted to me about my character, the outside access seemed to stop after I changed my forum pass and character passwords. So they could either be waitin to try again or the forum isn't the culprit is what I think. Still, I'd like to put faith into my own hands if I could, though I will accept any measure done by nas's judgement.


Top
   
PostPosted: Sat Feb 01, 2020 4:30 am 
Offline
User avatar

Joined: Sun Apr 22, 2018 5:59 pm
Posts: 30
Location: Arizona
Passwords are like your car keys, their yours: KEEP THEM SECURE, be responsible for your own. The benefit of passwords is it's a key you can change, so keep a reminder and change it every month, week, time you log in / out?
It's a FTP MMO, don't make it so complicated.


Top
   
PostPosted: Thu Jun 25, 2020 6:31 pm 
Offline
User avatar

Joined: Wed May 09, 2018 10:58 pm
Posts: 26
A little late to the conversation, but have you considered using a Radius server for 2FA such as the open source version, FreeRadius?

https://freeradius.org/


Top
   
PostPosted: Sat Sep 19, 2020 12:44 am 
Offline

Joined: Sat Sep 19, 2020 12:25 am
Posts: 1
how do we log into the play online I'm totally new to this I mean Need to play online Id and password. To get in where do I find these?


Top
   
PostPosted: Tue Dec 29, 2020 2:27 pm 
Offline

Joined: Mon Jan 07, 2019 7:15 am
Posts: 32
Maybe just use 2F for making changes to the account, the forum account itself. Which should honestly just be an email verification? Cant be that hard to do that lol. If your email pw is the same as your nas pw then there is no helping you :/

_________________
Image


Top
   
PostPosted: Thu Aug 26, 2021 11:31 am 
Offline
User avatar

Joined: Wed Aug 18, 2021 7:34 pm
Posts: 1
Yo! Have y’all ever watched a movie where there are super cool characters that can hack into anything, including bank accounts and credit cards? Well then guess what? Turn out it is absolutely possible to hack into credit cards haha. Long story short, my big brother kinda pissed me off so I decided to pull a prank and “steal” all the money from his account. Just like everybody on this earth, I googled how to hack credit card lol. And I did find something useful there hehe. What can I say, my brother completely fell for that, totally freaked out and believed for 2 weeks that some old dude stole money from him while the truth is his money was in my hands


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 39 posts ]  Go to page Previous 1 2 3 4

All times are UTC


Who is online

Users browsing this forum: No registered users and 64 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Limited