Discussion: New Security Update on NCsoft Master Accounts

We are increasing our security measures again by setting up additional security questions for all accounts. This enhanced system is part of our ongoing effort to ensure a safe and secure gaming environment for you.

Remember that to keep your account secure you should always use unique passwords that you do not use for email, forums, or websites, and make sure you never provide your personal information on phishing websites. For additional information on security updates, contact Support (North America or Europe).

New Security Feature Added

We will be turning on a new security feature that verifies that you are logging in to your NCsoft® Master Account with a computer authorized by you. To help prevent unauthorized access to your NCsoft Master Account, you will need to confirm your identity when you attempt to log in to a different computer. This new security feature is part of our ongoing effort to ensure a safe and secure gaming environment for you.

How Does This Work?

You correctly answer some additional security questions. Verifying this information authorizes a one-time login. Once your identity is confirmed, you can add a computer to an approved list.

You are trying to log in for a computer that has not been approved by this account. For security purposes, please answer these security questions to verify this computer's use.

Password Hint Questions

Your answers must exactly match those on your account, including the capitalization. These questions must be answered correctly to proceed past the authorization stage and reach your NCsoft Master Account.

What was your first pet's name? [text box] (limit 32 characters)
What is your mother's maiden name? [text box]

If you don't remember what information you entered when you registered your account, please contact Support (North America or Europe).

BEAUTIFUL!

Thank you so very much for this!!!!

Big love!

/e sarcasm

Get the number generator thingies instead. I'd love to buy one of those.

I'm not filled with much hope on this as I just accessed my NCsoft account without challenge beyond my username/password. Once there, I searched to no avail for the mentioned settings.

Additionally, no where in my account profile does it have either my pet's name or my mother's maiden name to confirm to.

Even going beyond that, given the frequency that I'm logged out of the forums and the forums rejecting my username/password, how the heck am I supposed to trust this new system to actually work?

Triumph: White Succubus: 50 Ill/Emp/PF Snow Globe: 50 Ice/FF/Ice Strobe: 50 PB Shi Otomi: 50 Ninja/Ninjistu/GW Stalker My other characters

Can we only be recognized on one computer at a time? I have a desktop, a laptop and hopefully an android by the end of the month. Am I going to be challenged everytime I use a different computer to log in to the NCsoft site?

use it as a second password

I hope there'll be more questions, as those are typical of most banks and credit cards. Everyone's using the "good" questions, you know?

Regardless, I've always been pleased with the security NCSoft has offered me to date (particularly my NC master account and game account being able to have different log-ins and passwords), so this is fantastic news. Thank you very much - the safer our accounts are, the better for everyone.

Quick thought: while passwords and challenges are good, they won't necessarily help with keyloggers should someone be unfortunate enough to have acquired one. I heard some games have a virtual keypad where you can enter a 4-digit PIN, and the numbers themselves randomly rearrange themselves after each press.

And, of course, there's that whole physical authenticator thingies (how do those work, anyhow?)... some of the guilds I know for one of those other games require members of a certain rank and above to have one of those (be it the doohicky itself or the app for the iPhone or Android). Not that I'd want that, necessarily (unless a WP7 version was made - I <3 my Focus!).

Why do I recall being asked what street I grew up on and what primary school I went to? In fact, this is definitely what I was asked, because I have it in my password management software as such.

Where can we see these questions and answers in account management?

edit: Found them, they are under the "change password" link.

While this is lovely, I am less worried about someone hacking my NCSoft Master Account, than I am some random NCSoft employee making off with my Credit Card info, or someone hacking NCSoft's database. That's because my CC info Was recently misappropriated and it appears to have been right after re-subscribed at NCSoft.

I am irked at how NCSoft won't let me purchase time when I want to, but insists that They should be in control of when my card is charged. I wanted to take advantage of the Holiday subscription time deal, but the only way I could do so was to essentially 'guarantee' that there would be sufficient money in my account 2-3 months later, when my existing subscription ran out of time. So I missed out on that deal, because I could not actually 'buy' at a time when I had the money to spend.

A keylogger could not have captured my Master Account password, since my password-handling software does that. A trojan on My system could not have captured my CC info, since That is 'on file' at NCSoft. So, the issue is not a lack of security from my end, but a lack of security at NCSoft.

That said, I don't really object to improved security on my NCSoft account - except for the inconvenience factor. I just see this as passing the onus for security to the customer, which allows them to pretend that there isn't a risk and responsibility at their end.

Be Well!
Fireheart

I hope one of the questions isn't "What's your favorite food?"

I'll be hacked in no time!

Well... i added two questions/answers...

Lets just hope that this wont start a mess..

No, no, no, no... Geez... where to begin?


As Ullikummis so mercifully points out above, security questions are NO EXTRA SECURITY for determined hackers who have a buck to make -- like those who'd hack an account to steal all your goodies to sell for cash. If you can guess or brute-force someone's password, guessing the answer to their security question is VERY LITTLE EXTRA EFFORT. Once they've read your facebook page to figure out your Dog's maiden name or your grandmother's breed or whatever, they can add their own computer to the 'authorized' list with no effort.

Yeah, a lot of banks use this and NO IT IS NOT ANY MORE SECURE. Some security folks call it 'Wish it was two factor'. It is NOT.

REAL Two Factor Authentication requires A) Something you know, and B) Something you have, or C) Something you are, such as quality biometrics like retina or voice scans. This is a password -- something you know-- and a secret challenge/response-- also something you know.

This change offers very little extra protection for vulnerable accounts. If you want to give us REAL two-factor account protection, pony up for a fob system. This gives you the B) something you have, and is recommended in the federal guidelines for bank security.

The RSA system is, relatively speaking, very cheap to implement, and the fobs cost about $7 each in bulk. I'd buy one in a heartbeat.

Seriously, NCSoft, just like the banks who implement this crap, you are doing your customers a severe disservice. Not only are you making them jump through extra hoops for no benefit whatsoever, but you are also ensuring them that your service is more secure than it really is.

Luckily for me I named my pet a 128 bit string of random characters.

WARNING: I bold names.