Discussion: New Security Update on NCsoft Master Accounts

Originally Posted by Zombie Man

As many as you can conveniently find. Search email for "PlayNC serial code applied". I certainly didn't provide every code, nor even had the account ID number. They just want to know you're not an account thief.

Originally Posted by Snow Globe

They really shouldn't let some of their employees post on the internet:

http://us.ncsoft.com/en/playsmart/security-post.html

Originally Posted by Shirou_Raioh

Cant even run CoH from the NCSoft launcher, it just continually loops around, trying to launch, then closing, then goes back to launching, then closes, ad nauseam. What gives?

I am very dissatisfied with this situation. I've tried checking if it's a situation where I needed to get a file (from the http://boards.cityofheroes.com/showt...34#post3520034 - South America clients), but the file isn't available!

I am currently residing in Costa Rica, as my work demands I stay here for long periods of time, and have been playing the game for several years now. It's really a hassle when suddenly, I can't get it to work, nor the supposed fix is even available for me to apply!

ED: yes, i'm aware this is another topic, but there's not even a discussion thread about the launcher. I managed to get my account verified, et al, with the security update anyways.

Originally Posted by lionheart_fr

Looking at the "questions", it appears to be giving the answer, not the question. (e.g., the hint question was "rover", not "What is the name of your first pet"). No, rover wasn't the real word, but I'll keep that to myself.


Also, for birthdays, I'm assuming a one-digit day and four-digit year since we're not given any guidelines for what is expected there.

Perhaps that's part of the problem. The instructions are lacking detail. If they are wanting exact matches on the dates, they need to specify the number of digits for each field.

Originally Posted by Arcanaville

I seem to recall that post when it first came out (although it could have been a related post). The poster in question sounds like a peon in game support, not a decision maker.

If a GM, someone presumably hired to be a game support tech, made this sort of decision and approved its implementation, then it wasn't a professional security person, it was someone who thought they could play one on TV.

The actual professional security community is not all that big. If there is a CSO at NCI I'll eventually find them.

Originally Posted by Snow Globe

You know, I just had to reset my Linkedin.com Password. It took a minute. I clicked on a link that said I forgot my password, it sent a password reset to my primary email (registered and confirmed), I clicked the link and *poof* my password was updated.

Originally Posted by TerraDraconis

Did either of you have a password hint set at any point? I ask because I had that problem. Interestingly enough that must be a known bug because the response I got to reporting it was a reply back informing me that the password hint had been cleared. Which permitted me to finally verify my account.

Originally Posted by Katerinae

This is not directed at the messenger, but dear messenger, please do pass this sentiment along to those to whom it pertains:

Today I logged into city of heroes, and in the launcher I saw that there was a new costume pack (I'm a sucker for these item mall things). So I go to my account to take a look at it, and in all likelihood buy it.

I log in like normal, and then... ok, there's a new security screen. God I hate these things, but whatever, it all looks like information that I know. So, I enter in the correct information. And then I eye the CAPTCHA icon with disgust... perhaps I'm an oddball, but I find that thing to be nearly unintelligible (and the audio version is actually worse). So, realizing there may be a lockout, I take my time and make very certain that I have my captcha letters entered correctly. I submit...

Wait, wrong information? Ok, I'll try this captcha thing again here... re-enter all my information, be super careful with the captcha letters... submit

And ...wrong again? So I try yet a 3rd time to get this stupid captcha thing right, on my 3rd try I am absolutely certain I got it right... so I submit...

Wrong again. What? How? Ok, maybe there's something wrong with my secret question info? I look carefully at the question... It's not asking for a mother's maiden name or a pet's name, it's a custom question which I recognize as one of my own. I know what the question is, and what it is asking for, and it's deliberately cryptic, yet surprisingly simple. I *KNOW* the answer, but... it's not working. Is there an extra space in there? A capital letter I'm getting wrong? I don't know. So I try a slight variation on my answer... and fight with the captcha thing again.

Yes, it fails. So, I try another slight variation, fight with the captcha thing...

failed again. and now I'm locked out of my NCsoft master account.

Mind you, I am IN CITY OF HEROES, STANDING AT WENTWORTH's, but I am apparently not me, and cannot access my master account. I know what my secret question is asking for, and I have no idea why it's refusing my answer.

OK, fine... I'll go through the customer support nightmare...

Not being the dullest crayon in the box, I check the stickies and such at the support page before trying to contact support. And I find this:
__
Subject:
I know my NCsoft master account password but cannot answer hint questions in order to authorize my location.

Question:
Here is my account information:
NCsoft master account name: ENTER ACCOUNT NAME HERE
First and last name: ENTER FIRST AND LAST NAME HERE
Physical Address: ENTER POSTAL MAILING ADDRESS (not e-mail address) HERE
Date of birth: ENTER DATE OF BIRTH HERE
Serial codes/access keys: ENTER CODES/KEYS HERE
Unique Account ID(s): ENTER UNIQUE ACCOUNT ID(s) HERE
__

I read it.
Then I read it again.
Then I took a deep breath, went and got myself a glass of water, and read it a third time.

- master account name: no problem

- first and last name: not sure actually, whether it was myself or my spouse who set it up originally, i mean this was like 6 years ago... but hey, i can put both names, right?

- physical address: what on earth? I didn't think that NCsoft even had that on file... well I guess they do in their credit card validating information, but if I never selected the option for NCsoft to save that information, then how would they have it? Again, I have two possible answers, an actual address or a PO box, no idea which, maybe I can just list both?

- date of birth: I'm pretty sure I know this one... however, your date of birth is actually a huge security risk, it can be used with other information to generate your social security number, and it is strongly advised that you do not put that information on the internet. So it's possible that I put in a fictitious date of birth... or maybe not... I did mention this was 6 years ago right? I typically only use one fake date of birth though... so again, can I list 2 answers?

- security codes/access keys: I used to be one of those people who saved all of their boxes, receipts, etc. But I've gotten hip to this whole digital age, and I don't actually have my original box with my 25 digit CD Key... for city of heroes, or aion (got that on steam?), or guild wars (haven't played that in years, don't care), and all of the expansions, content packs, etc? That's a list of codes as long as my arm, many of which I never saw the actual code for (online purchased packs don't show them)... But it's no big deal, I can download the patcher/client from nc soft if I build myself a new computer, and I know the account name & password for both the game and the master account, and all my codes are stored happily in there... right? That's how I've been using NCsoft games for YEARS NOW. So frankly, on the issue of access keys, I have no F'ing idea.


ADD to this experience, the fact that I have a dynamic IP address. And NCsoft has gotten some kind of idiotic notion that an IP address is a real place that never changes. So if this security system stays in place, I will likely have to go through this process over, and over, and over, and over, and over, every time my ISP feels like rolling my IP addy to a new one.

*Deep breath*

I have not called customer support yet, because I don't trust myself to avoid biting the head off of whoever answers the phone right now.

I have played city of heroes for a long time. I love the game, I truly do. I have the 57 month badge, I'm not sure how long exactly I've been playing, but somewhere between 57 and 60 months. I "frequently" brag about the design & interface ideas that went into city of heroes, on other sites, even other game sites, and frequently encourage old CoX players to come back and check the game out again, as it's changed a lot over the years. city of heroes is my favorite mmo, ever. And even when I don't play it regularly, I keep the account open, and funnel $30/month into NCsoft coffers.

I am not speaking as a disgruntled kid who is mad because their character class got nerfed or something. I'm speaking as a very loyal paying customer who feels as though they've had their account hijacked BY NCsoft.

I'm playing the game, right now. I am looking at the automated emails from ncsoft about how I'm not really me, in my email inbox, right now. I know the full 16 digits of that credit card which they only show the last 4 digits of, and the security code on the back. But I can't access my master account because: my secret question is messed up somehow, and my IP address is now banned.

And, all I wanted to do, was purchase the the new beast pack.

ARE YOU F'ING KIDDING ME?

I don't have all of the information they're asking for. Sure I can play the game, but if I can't access my own account, then we're not actually having commerce, they're taking my automated payments, and I have no method of adjusting that, except to call my credit card company and tell them to block payment to NCsoft because they are charging my account fraudulently.

And ultimately, what kind of security are we getting for all of this? A second password, really? That and an exercise in frustration with that stupid CAPTCHA thing, and possibly more calls to customer support, every time my IP changes?

This isn't a 'difficult implementation'.
This isn't a 'rough patch'
This isn't a 'need to iron out some bugs'
This isn't a 'hiccup'

This is completely and totally f'd up from concept to implementation. This security implementation is absolute hogwash. My grandmother could implement a security fix better than this, and she's been dead for 15 years.

At my place of work, a screw-up of this magnitude would result in someone being fired. That's not an exaggeration simply because I'm upset, it's the truth. NCsoft as a corporation has 2 (TWO) simple ultimate goals as a company. To retain customers, and entice new ones, to make money. This security implementation does more to harm those basic goals than if someone deliberately set fire to the ncsoft offices. There will be thousands, perhaps tens of thousands of legitimate players, who will be locked out and not have the information they need to get back in. This is a mistake which will deeply affect NCsoft as a viable game company, affecting profits in the short term as people's only means of adjusting accounts is now to blacklist ncsoft at their bank. And affecting long term customer loyalty in the most horrid ways. As corporate mistakes go, this is not an "Oh, did we make an oopsie?". This is a "dear god, what were you thinking!?? clean out your desk! Now!"

god, do you people (ncsoft) even realize that if enough people have to stop payment through their credit card or bank instead of their game account, that financial institutions will start blacklisting NCsoft as a fraudulent corporation?

So yeah, another line of thought... NCsoft makes it difficult to get into your account management on the exact same day that Rift launches... I want to think that's a coincidence. I really do. I sincerely hope that this isn't what they were thinking when they created this mess. Because trying to handcuff people to their game subscriptions will cause people to call their financial institution and stop payment, and never 'ever' buy from ncsoft again. I'd really like to think that this is JUST the stupidest security implementation I have seen in 25 years of computing, and not something more deliberately calculating..

In theory, the customer support line is open right now. But I'm not going to call for two reasons. One, I simply do not have all of the information they apparently will want to have. And two, even though I'm known for having a calm demeanor and a cool head, I don't think I could speak with customer support right now and remain civil.

Honestly I don't know if I will ever call customer support. This security debacle is a such a complete mess, I am really truly tempted to just bail out on NCsoft entirely. This isn't a "omg i got killed in the pvp zone too much, i are nerf, make me better or i quitz!". This is a loyal, long term, calm, adult, ncsoft-friendly consumer, who has been a practical recruiter for ncsoft games, especially city of heroes. And I'm really really unhappy.

I'm going to go away now, and check back in a few days, or weeks. I have way too much stress in my actual life right now to be dealing with this kind of BS in what is supposed to be my escape from the stresses of real life.

NCsoft you need to fix this. "you"
Or I need to stop paying $30 a month for games, since I'm not me after all..

Originally Posted by Falke

"god, do you people (ncsoft) even realize that if enough people have to stop payment through their credit card or bank instead of their game account, that financial institutions will start blacklisting NCsoft as a fraudulent corporation?"

Since NCSoft is currently holding my payment information hostage (sorry it doesn't sound but that's what it is) and I will have to go to the hazzle of blocking my credit card I have to wonder. How many people does it take for this? How many are logged out right now, some with no way to get back in? I honestly don't know how many of these acts it takes before there are negative consequences. Apart from alienating your playerbase I mean. They already got that covered.

Originally Posted by Dark Farmer

My hope is fading...

Originally Posted by Teeto_K

To all of you out there who are afraid at not having the information needed to give to support:

Just explain the situation thouroughly. Give as much information as you do have. Tell them about how you haven't used the security question in X years. I myself don't have ANY of the serial codes or my master account number, yet my own account lock out was fixed by the first response from Support. Tell them what you need, and why you need it. Be concise and straight forward.

There is still hope.

Originally Posted by Ruby Red

After failing to answer my hint questions right on home computer ( blocked account now), I logged into account from work. Looks as though I may have another chance to get into Master Account from there, If I don't mess up again. Question is: If I'm able to login at work, will I then be able to when I get home? Or does the whole IP thing mess it up for me.