11 replies to this topic

[Bluesummers]

Having recently found myself, having to change my password once again on one of my accounts, its put this at the front of my mind again.

I've always thought, the forced nature of it wasn't a good idea. I get the reasoning behind it, but I feel, it should be up to me, whether I want to change it or not.

In many cases, the forced nature, will encourage people just attempt to go back to their old password, or choose something basic anyway. Which defeats the process all by itself. Even if you make people choose excellent passwords, you'll never stop some people from being careless with their information, and who they trust.

So what I purpose is this: A Opt in/Opt Out system. Perhaps a simple check box. Check it if you Opt in, in which case you'd be made to change passwords every 3 months. Or unchecked for Opt out, in which case, you'll be left to your own devices.

Perhaps under the proviso that you take increased responsibility, for any loss due to your password being compromised. Personally, I would happily accept such a proviso. You would be able to change this preference at any time, by simply unchecking, or checking.

[sofico]

+1
I am not able to log into some accounts because of that.... Need I mention that I can't log into warpportal either because of some weird java Stuff(for which I tried everything suggested to me) in order to change those passwords.

Edited by sofico, 29 August 2012 - 06:57 PM.

[Bluesummers]

Bump, still a relevant suggestion. Thanks for the vote of support btw.

[Toxn]

I think they should change it so if you do change your passwords every 2-3 months that account will receive a little gift for doing so. Say a old battle manual? and if there was no password change then there was none. Just encourage players to change their passwords not force them

[RennaSaintsworth]

Like what they did before, Free BM and a Gum for changing password.

[Bluesummers]

Not opposed to those suggestions, If they wanted to do that, it'd be fine with me.

Its just the forced nature, and that there's zero opting out. In the past I've come up with some decent passwords, but I'll be honest, forcing me to change even decent ones, just discourages account safety in my opinion. I'd happily accept increased responsibility, if it meant freedom of choice.

To be blunt, its insulting. Most of the times anyone is going to be hacked when it comes to RO, will boil down to an individuals stupidity. In terms of, they go naively visiting suspect websites, or they are reckless with account information, and who they share it with or not. I'm not one of those people. I'd like to think, I'm grown up enough to look after my own information.(please forgive me, if that's a little rant like)

Edited by Bluesummers, 17 September 2012 - 09:58 AM.

[ilovemilk]

Gravity should give us the option to op in/out. Make the user's agreed that if they op out Gravity will not be responisble for loses. If op in services can be provided.

[TheUraharaShop]

Having recently found myself, having to change my password once again on one of my accounts, its put this at the front of my mind again.

This is common for many users using multiple services from one provider. However in terms of safety, they should be different.

I've always thought, the forced nature of it wasn't a good idea. I get the reasoning behind it, but I feel, it should be up to me, whether I want to change it or not.

Forced password changes allows accounts that are currently inactive to not be abused or stripped of their items. In terms of the real world, it prevents escalation attempts and attacks, it's commonly seen using a Black Berry Device after a person has changed their Novel or Exchange password.

In many cases, the forced nature, will encourage people just attempt to go back to their old password, or choose something basic anyway. Which defeats the process all by itself. Even if you make people choose excellent passwords, you'll never stop some people from being careless with their information, and who they trust.

Just because you have a hard time making up a new password doesn't mean it has to be a reason why not to implement a security policy. Quite frankly many people have no idea how to create a good password because they make it something cryptic like

Ur@h@r@12345 - 344 thousand years to Crack
!q@w#e$r%t - 38 days to Crack
05071991 - 0.025 seconds to Crack

For the most part you can create a easy to remember password that doesn't require much. For example, if you feel my post is redundant and I'm talking out of my ass you can use...

UraharaIsRetarded - 1 trillion years to Crack
Your password looks like it could be a dictionary word or a name. If it's a name with personal significance it might be easy to guess. If it's a dictionary word it could be cracked very quickly.

Source
http://howsecureismypassword.net/

Using a password like that is prone to dictionary attacks which is why incorporating a special character at the beginning or end of your password can create a nice strong password
Examples based on the titles of your lasts threads

Classic-Morroc - 290 million years to Crack
Sage-Confusion - 290 million years to Crack
technical-heals - 12 million years to Crack



So what I purpose is this: A Opt in/Opt Out system. Perhaps a simple check box. Check it if you Opt in, in which case you'd be made to change passwords every 3 months. Or unchecked for Opt out, in which case, you'll be left to your own devices.

There should be no opt out, only a reward to changing your PW before the mandatory change if your account is 6 months or older. For accounts that dont get their accounts changed or show they're active are prone to be looted...

Perhaps under the proviso that you take increased responsibility, for any loss due to your password being compromised. Personally, I would happily accept such a proviso. You would be able to change this preference at any time, by simply unchecking, or checking.

​Well with the increase to dual cleinting and people still sharing accounts, a mandatory password reset allows the GM's to monitor account activity. It becomes easier to prevent account abuse by putting in to place a policy which is found naturally on any Unix, Linux, Novel, Windows and Mac Based (server) services.

Yes by forcing it you're required to think of a better password but with the ideas posted above it should be easier to accomplish and maintain.

For the record the password for my home router is a catch phrase, and takes about 5 - 7 seconds to type in. It's strength is at 157 Billion Years. It's easy to make, easy to manage, the idea of proactive security being a hindrance has always been the easiest way to break in...

Edited by TheUraharaShop, 17 September 2012 - 06:20 PM.

[Bluesummers]

While I respect your thoughts on the matter, I still find myself in disagreement. For me, you should be able to choose for yourself.

As I've mentioned earlier, I'm an adult, and would like to be treated as such. If I don't want to change my password periodically, that should be my right.

If I can't look after my own basic password information, then so be it. It will be my fault. Mine and mine alone, for being a moron. I'll deserve the punishment of being hacked. I openly accept this. Given that I do, I believe its not unfair to ask for freedom of choice.

Edited by Bluesummers, 18 September 2012 - 01:47 PM.

[TheUraharaShop]

While I respect your thoughts on the matter, I still find myself in disagreement. For me, you should be able to choose for yourself.

As I've mentioned earlier, I'm an adult, and would like to be treated as such. If I don't want to change my password periodically, that should be my right.

If I can't look after my own basic password information, then so be it. It will be my fault. Mine and mine alone, for being a moron. I'll deserve the punishment of being hacked. I openly accept this. Given that I do, I believe its not unfair to ask for freedom of choice.

The resources needed to fix your account getting hacked takes away a technician form fixing the on going issues of the game. They have to spend several days sifting through game logs to verify the activity on your account to make sure "you're telling the truth" or track down your gear. So by players not following through with simple security requests sets back the tech support team further back then what many players assume; as slow to even slower.

Please remember its the small changes like this which can ease the burden on the Tech Support Team that can then focus on the larger issues that players report.

[Bluesummers]

I can see where your coming from, but at least in my mind, this is where the proviso of increased responsibility, would come into play. So the response would be, sorry, you accepted the terms of opting out, its not our responsibility to fix the situation.

I suppose, you could even put a payment option in place. So they would only address it as normal, if you paid Gravity for the time and resources to do so.(could be a terrible idea, it was just a random thought)

In terms of clean up, it doesn't seem likely, it'll add a lot to it. As, those who like system in place, aren't really going to stop what they do at present, if given a choice. Those that don't like it(regardless of reason), probably aren't having their account safety, increased by the system in most cases.

I don't believe there would be a significant difference in work, between having a choice and not. Hence my suggestion really. To me at least, your more likely to encourage spitefulness than safety at present.

I guess I'd rather people choose for themselves. That way, no matter what choice you make, its no longer an issue. Or if it is, its down to you. Gravity could add incentives, like others have suggested. I think you'd get a bit more co-operation that way.

Edited by Bluesummers, 22 September 2012 - 04:21 PM.

[Morlord]

Recovering an old account, of which you don't know the email anymore and also forgot what you've wrote into the personal informations section, is almost impossible.

Dunno why it is so easy to create an account (i.e. goldseller spammage) yet so difficult to recover old, lost accounts due to the forced password change D:

I'd love to see an Opt-in/out option for this!
On default it would be activated ofcourse, but at least give us the freedom to choose, wheter we want to have our password changed every 3 months x.x