Snow Globe

Well, if your time hasn't expired, then you should still be able to play the game.

If your time is expiring, I hope support can fix your account so that you don't lose the Vanguard loyalty bonus.

From the NCsoft support article (Account Information Field Descriptions):
Not just the last code, ALL of your serial codes.

Actually I've found him in Haven (south side of the zone) a couple of times. Sorry that I don't have the exact locations, but you might want to try around these locations too:

Yeah, same.

Yes, I use a rootkit scanner.

While I don't go to the effort of logging everything, I'm pretty sure that if someone goes to that much trouble that I'm hosed no matter what I do.

You forgot the follow-up question in the automated response of also sending in the last four digits of the Credit Card that started the account.

Also does support really expect 20+ serial codes to test against? Seriously?

Well to be fair to Aion's "security", a player can't use the keyboard to enter the PIN.

How do I register for an Aion Character PIN?
About the only two things I can see is reasonable about that are: 1) the pin is 6-8 digits and 2) they can't all be the same digit.


I'm wondering why it would be needed on my computer as I do use best practices and routinely scan for all malware. I know however that most users don't. I know that because I get to charge them for fixing their mistakes.



About the only place I'd be worried about key loggers are in Internet Cafes.


Yeah, Aion's system appears to fail the "looking over the shoulder" test.

And this is the point that is bothering me. I can't think of any reason why anyone would bother. They'd go after the bigger targets.

Even if my master account was accessible at the moment, I would still be upset over this.

Oh, and I'll add that if I ever find out that CoH adopts a Character PIN like Aion, that will likely cause me to quit playing any and all NCsoft games.

I have a suggestion to enhance security at NCsoft: Hire competent security staff.
--------
It has been 24 hours since my support ticket was filed, with no response beyond the automated response.

Not really descriptive enough... Maybe "Spayed Badges".

Too descriptive and too long to type easily enough. "Phantom AE Badges" might be better.

I'm confused on if you mean Vet Rewards or the Anniversary Badges.

I know that... And the answer I always give to that question should be valid. It likely is correct, but the wrong case. I'm not willing to lock my account to fix it though.

Same.

I wasn't asked "what is your mother's maiden name?" or "What was your first pet's name?". If I'm given a choice I purposely choose anything BUT those questions because of the security RISK that they pose.

I was asked what my birthday is (I'm pretty sure I got that right) and "what is my computer type?" I gave my standard response (I self-build my computers so I get to name them whatever I want) to that question in a couple different capitalization variations.

From what I can see, it is until support unlocks it.

It is a big change for no reason whatsoever. It doesn't increase security, it only increases hassle. No matter how the tech guys want to try to spin it, it doesn't increase security in any shape or form.

Again, this security is a complete sham. Having the account white listed to IP Addresses only benefits NCsoft, not the end user. This is solely designed to provide support with the ability to shrug off any complaints that a user's account(s) have gotten hacked. With this system in place, players are treated as guilty first and then having to prove their innocence.

Instead this system, as others have pointed out, actually makes users existing security worse because the same questions a person uses to verify their account is likely the same questions that financial institutions use. This will enable someone that can hack a player's NCsoft account to be able to hack the player's financial accounts easier. Is NCsoft willing to be liable for that? I somehow doubt it.

It has and will continue to do so. As pointed out, there are ISPs and Mobile Carriers that frequently change a users IP Address. So with those ISPs they will constantly have to prove who they are. This is like having a police state:


(I could have invoked Goodwin's Law, but didn't.)

For a game company who purports to want a welcoming game environment, this should be a major concern. Instead of making players feel welcome to play the game, this security check is doing the exact opposite.

Quite frankly, I'm wondering how long NCsoft is willing to have its brand dragged through the mud over this.

Last night I provided support with my master account, my full name, my postal address, my date of birth, 16/17 game codes for my account, my user ids, and the last four digits of my credit card. It took 3.5 hours to track down all that information. It is now 21 hours later, and I have yet to see anything other than an automated response.

All this has done is make me feel unwelcome to play the game. It has NOT made me feel the least bit more "secure". Instead it is making me feel like I'm a criminal for having the audacity to try to access my account.

I take back part of my closing statement in my previous post... This has got to be the worst thing I've seen in my years of using computers.

One would think...

I've already posted at least one of my codes have never been sent:

Codes that were not sent back/verified:

• My CoH buddy code that I used to start my account in 2005.
• My CoV DVD edition code (thankfully I still have the disk/box/code). Also in 2005.
• My GvE In-Game Items Pack (Online order in October 2006).
• My CoV Pre-Order code.
• My GvE Boxed edition for my second account (thankfully I still have the disk/box/code) in 2008.

Any codes I've entered since 2009 have codes sent back, except time cards.

This is very nearly the worst implementation of a security "feature" that I've seen in around 20 years as an IT professional. It is literally jaw-dropping.

What they are doing is making it harder for people to give them money (ie renew their subscription and purchase add-ons for their account). Way to go. I'm also thankful that my subscription doesn't expire or need to be changed in any way until June, but at this point I can't buy the Animal Pack or Natural Booster even if I wanted to.

Actually a few years ago they didn't. I spent 3 hours today getting all my serial codes, but I never did get a serial for my GvE In-Games pack back in October 2006.

From what I can tell, they only started emailing full account codes late 2007. Actually I know I applied a retail version of the GvE code to a trial account that I also did not get an auto-response with my "code applied" in May 2008.

One of my friends has had his computer wiped and if he can't remember his information, he is completely out of luck as I don't think he even has his game boxes/manuals anymore.

I just found out that it is based on IP Address, which means that on some ISPs that a player whose ISP changes their IP Address on a daily basis (or even every time they connect to the ISP) will constantly have to re-verify themselves (I've been with ISPs that do this).

This brings up user hostility in the name of security to a whole new level.

I have to repeat this for emphasis. This was a poorly thought out and quickly implemented idea that should NEVER have happened in the first place.

I'm sorry, that is a load of manure.

This does absolutely NOTHING for my security, except make it worse. Why? It is going to be worse as I'll now have to put either something that is (a) easy for others to guess or (b) have a secured record of my answers somewhere.

This would be either based on my IP Address (which could change beyond my control) or based on a cookie which could expire in a session or around 14 days. So if I'm not constantly logging into my master account (something I shouldn't have to do), the player will always have to re-verify their accounts.

This is got to be the single stupidest thing I've EVER experienced from this game.

Ooh, something I put into a throwaway field 6 years ago... Yeah, I'm going to remember that. Also there isn't an option to get a different set of questions.

I'm betting support will wish the idiot(s) responsible for this change would be smacked more than I do.

------------------
Edit:
Oh this keeps getting better:
What a <censored> joke. If you make a purchase with the NCsoft store, YOU DON'T GET THE FULL CODE. Some one really should have job discipline action taken on them for this.

Sentinel is the successor to Glycerine.

That is what you get when some players go out of their way to grief others because "they take the game too seriously".

You want to cut the negativity? Don't ruin other player's fun. If they want to be serious and take the game seriously, then LET THEM. They are paying the same as the people "trying to make X's blood boil".

Please don't give the developers any dumb ideas.

Most of my Khans have taken 40-60 minutes in the last week. I have a feeling I'm going to hate WSTs effects on merit rewards.

Foiled again!

Yes.