Discussion: New Security Update on NCsoft Master Accounts
BEAUTIFUL!
Thank you so very much for this!!!!
Big love!
/e sarcasm
Get the number generator thingies instead. I'd love to buy one of those.
Ignoring anyone is a mistake. You might miss something viral to your cause.
I'm not filled with much hope on this as I just accessed my NCsoft account without challenge beyond my username/password. Once there, I searched to no avail for the mentioned settings.
Additionally, no where in my account profile does it have either my pet's name or my mother's maiden name to confirm to.
Even going beyond that, given the frequency that I'm logged out of the forums and the forums rejecting my username/password, how the heck am I supposed to trust this new system to actually work?
Triumph: White Succubus: 50 Ill/Emp/PF Snow Globe: 50 Ice/FF/Ice Strobe: 50 PB Shi Otomi: 50 Ninja/Ninjistu/GW Stalker My other characters
Can we only be recognized on one computer at a time? I have a desktop, a laptop and hopefully an android by the end of the month. Am I going to be challenged everytime I use a different computer to log in to the NCsoft site?
...Or maybe an in-game pet. Hows about that.
Necrobond - 50 BS/Inv Scrapper made in I1
Rickar - 50 Bots/FF Mastermind
Anti-Muon - 42 Warshade
Ivory Sicarius - 45 Crab Spider
Aber ja, nat�rlich Hans nass ist, er steht unter einem Wasserfall.
use it as a second password
Can we only be recognized on one computer at a time? I have a desktop, a laptop and hopefully an android by the end of the month. Am I going to be challenged everytime I use a different computer to log in to the NCsoft site?
|
You correctly answer some additional security questions. Verifying this information authorizes a one-time login. Once your identity is confirmed, you can add a computer to an approved list. |
Loose --> not tight.
Lose --> Did not win, misplace, cannot find, subtract.
One extra 'o' makes a big difference.
Try an imaginary pet. It doesn't have to be a real thing, y'know!
...Or maybe an in-game pet. Hows about that. |
This goes for other questions like maiden names, birthplaces, etc, as well.
Loose --> not tight.
Lose --> Did not win, misplace, cannot find, subtract.
One extra 'o' makes a big difference.
I hope there'll be more questions, as those are typical of most banks and credit cards. Everyone's using the "good" questions, you know?
Regardless, I've always been pleased with the security NCSoft has offered me to date (particularly my NC master account and game account being able to have different log-ins and passwords), so this is fantastic news. Thank you very much - the safer our accounts are, the better for everyone.
Quick thought: while passwords and challenges are good, they won't necessarily help with keyloggers should someone be unfortunate enough to have acquired one. I heard some games have a virtual keypad where you can enter a 4-digit PIN, and the numbers themselves randomly rearrange themselves after each press.
And, of course, there's that whole physical authenticator thingies (how do those work, anyhow?)... some of the guilds I know for one of those other games require members of a certain rank and above to have one of those (be it the doohicky itself or the app for the iPhone or Android). Not that I'd want that, necessarily (unless a WP7 version was made - I <3 my Focus!).
Why do I recall being asked what street I grew up on and what primary school I went to? In fact, this is definitely what I was asked, because I have it in my password management software as such.
Where can we see these questions and answers in account management?
edit: Found them, they are under the "change password" link.
And, of course, there's that whole physical authenticator thingies (how do those work, anyhow?)...
|
When you first enable that security in account management it asks for a serial number from the little device (or one generated and recorded in the phone app) to sort out what the seed will be for numbers to expect (its obviously some complex seed+time formula), then asks you for one or two actual results from the device to confirm you actually have it.
Its only a real pain if you misplace the device somewhere. Among other things it significantly enhances security if you play at a non-home or unsecure location since even if you are keylogged they won't know what number to next expect, so only fast working "man-in-the-middle" attacks are likely to break your account.
Some banks even use these sort of things. I wouldn't mind seeing it done here.
Want better looking NPCs Contacts? Check out this NPC Contact/Trainer/Etc Revision Thread and Index
-
Remember: Guns don't kill people; Meerkats kill people.
And, of course, there's that whole physical authenticator thingies (how do those work, anyhow?). |
The way I remember it, you had a PIN you created and the key. The key's serial was registered with the server. There's a specific - I hesitate to call it "randomization," really - algorithm that runs in the individual keys, generating a new number every X time frame (30 seconds, 60 seconds, whatever.) The server knows what the number should be, and when it changes (and has a small window of error.) You type in your PIN and the number that shows on the key, the server verifies it and matches the info and either verifies or denies you.
Some did, on occasion, need to be resynchronized, too. Not a hard process, just a bit irritating at LM (play 20 questions, make sure you're asking things they can answer in case they're at a secure facility, etc.)
@Golden Girl
City of Heroes comics and artwork
While this is lovely, I am less worried about someone hacking my NCSoft Master Account, than I am some random NCSoft employee making off with my Credit Card info, or someone hacking NCSoft's database. That's because my CC info Was recently misappropriated and it appears to have been right after re-subscribed at NCSoft.
I am irked at how NCSoft won't let me purchase time when I want to, but insists that They should be in control of when my card is charged. I wanted to take advantage of the Holiday subscription time deal, but the only way I could do so was to essentially 'guarantee' that there would be sufficient money in my account 2-3 months later, when my existing subscription ran out of time. So I missed out on that deal, because I could not actually 'buy' at a time when I had the money to spend.
A keylogger could not have captured my Master Account password, since my password-handling software does that. A trojan on My system could not have captured my CC info, since That is 'on file' at NCSoft. So, the issue is not a lack of security from my end, but a lack of security at NCSoft.
That said, I don't really object to improved security on my NCSoft account - except for the inconvenience factor. I just see this as passing the onus for security to the customer, which allows them to pretend that there isn't a risk and responsibility at their end.
Be Well!
Fireheart
I hope one of the questions isn't "What's your favorite food?"
I'll be hacked in no time!
That blue thing running around saying "Cookies are sometimes food" is Praetorian Cookie Monster!
Shoot on sight, please.
[center][IMG]http://i1111.photobucket.com/albums/h461/cohroguemagazine/Logos/sig.png[/IMG][/center]
[center][size=1][color=#FF99CC][font=Tahoma] GLOBAL: @Antoinette |[/font][/color][color=#FF99CC][font=Tahoma] MAIN: [/font][/color][url=http://www.virtueverse.net/wiki/Pinkrise][color=#FF99CC][font=tahoma]Pinkrise[/font][/color][/url][color=#FF99CC][font=Tahoma] | SG: [/font][/color][url=http://www.wix.com/netherealist/spitfire][color=#FF99CC][font=Tahoma]The Ethereals [/font][/color][/url][font=Tahoma][color=#FF99CC] | PROJECTS: [/font][/color][url=http://cohrm.wordpress.com][color=#FF99CC][font=tahoma]Rogue Magazine [/font][/color][/url][/size][/center]
What is your name? |
What is your quest? |
What is your favorite color? |
and round up everyone that knows more than they do"-Dylan
Once you put the laptop, the desktop, and the phone on the approved list, it shouldn't ask you anymore. If it works like the one a bank website would use, for example, it only asks you the first time, because you can tell it to recognize the computer you're using from then on.
|
As wonderful as this sounds though, It never remembers both of my computers. Anytime I swicth from desktop to laptop and back again, I have to go through Security Hell for 20 minutes. Eventually, I gave up and dedicated just my laptop to do all my banking on.
If this is how the PlayNC System works, then to hell with it. Like Snow Globe said, I hope it works better than the forums here. We all know what a piece of ... they are.
No, no, no, no... Geez... where to begin?
As Ullikummis so mercifully points out above, security questions are NO EXTRA SECURITY for determined hackers who have a buck to make -- like those who'd hack an account to steal all your goodies to sell for cash. If you can guess or brute-force someone's password, guessing the answer to their security question is VERY LITTLE EXTRA EFFORT. Once they've read your facebook page to figure out your Dog's maiden name or your grandmother's breed or whatever, they can add their own computer to the 'authorized' list with no effort.
Yeah, a lot of banks use this and NO IT IS NOT ANY MORE SECURE. Some security folks call it 'Wish it was two factor'. It is NOT.
REAL Two Factor Authentication requires A) Something you know, and B) Something you have, or C) Something you are, such as quality biometrics like retina or voice scans. This is a password -- something you know-- and a secret challenge/response-- also something you know.
This change offers very little extra protection for vulnerable accounts. If you want to give us REAL two-factor account protection, pony up for a fob system. This gives you the B) something you have, and is recommended in the federal guidelines for bank security.
The RSA system is, relatively speaking, very cheap to implement, and the fobs cost about $7 each in bulk. I'd buy one in a heartbeat.
Seriously, NCSoft, just like the banks who implement this crap, you are doing your customers a severe disservice. Not only are you making them jump through extra hoops for no benefit whatsoever, but you are also ensuring them that your service is more secure than it really is.
Luckily for me I named my pet a 128 bit string of random characters.
The best comics are still 10�!
My City of Heroes Blog Freedom Feature Article: "Going Rageless?"
If you only read one guide this year, make it this one.
Super Reflexes: the Golden Fox of power sets!
WARNING: I bold names.
We are increasing our security measures again by setting up additional security questions for all accounts. This enhanced system is part of our ongoing effort to ensure a safe and secure gaming environment for you.
Remember that to keep your account secure you should always use unique passwords that you do not use for email, forums, or websites, and make sure you never provide your personal information on phishing websites. For additional information on security updates, contact Support (North America or Europe).
New Security Feature Added
We will be turning on a new security feature that verifies that you are logging in to your NCsoft® Master Account with a computer authorized by you. To help prevent unauthorized access to your NCsoft Master Account, you will need to confirm your identity when you attempt to log in to a different computer. This new security feature is part of our ongoing effort to ensure a safe and secure gaming environment for you.
How Does This Work?
You correctly answer some additional security questions. Verifying this information authorizes a one-time login. Once your identity is confirmed, you can add a computer to an approved list.
You are trying to log in for a computer that has not been approved by this account. For security purposes, please answer these security questions to verify this computer's use.
Password Hint Questions
Your answers must exactly match those on your account, including the capitalization. These questions must be answered correctly to proceed past the authorization stage and reach your NCsoft Master Account.
What was your first pet's name? [text box] (limit 32 characters)
What is your mother's maiden name? [text box]
If you don't remember what information you entered when you registered your account, please contact Support (North America or Europe).
Support Centre for our English European players
Support Centre for our North American players
Plateforme d'assistance pour les francophones
Support-Center f�r deutschsprachige Spieler