Discussion: New Security Update on NCsoft Master Accounts
By
aleph_EU,
Posted on: 2011-03-01 17:02 in News, Events and Announcement Discussion
Quote:
I sent an e-mail off some time ago. You'd think it'd be simpler to validate an account by e-mail though- If I'm sending an e-mail from the address the account is linked to, isn't that valid enough reason to think I might be who I say I am? xP
|
Originally Posted by Capa_Devans
They probably didn't lift the IP block. Same thing happened to me. Try emailing them telling them what they messed up.
I doubt anyone is still even reading this thread let along they'll change it to something more sensible. Shame about all those locked out and quit because of such a badly designed implementation. |
Quote:
That is silly, I had a similar problem since it was my bro that bought my account in first place (and why I didn't had the right answers)|
Originally Posted by Shadow_Kitty
After some more email exchange, it looks like our supergroup mate mentioned above will now lose 7 years of playing, because support thinks that he is his brother.
|
My reset weren't about birthdate, maybe because I told them it was the Birth date that was bugged; I'd tell you to give them the last digits of your credit card too, it will probably help to prove your ID.
And mention the error message you have when you try logging it.
I know how worrying this can be but if you persevere, Im sure you'll got it fixed soon, don't give up.
Quote:
I think the whole thing is silly. However I had this on my second account. I rang and spoke to them and got the account unlocked, reset password etc. But they didn't unban my IP so I was still locked out and had to contact them again to get that done before I could get into my Master acct.
|
Originally Posted by Prodiguy
I sent an e-mail off some time ago. You'd think it'd be simpler to validate an account by e-mail though- If I'm sending an e-mail from the address the account is linked to, isn't that valid enough reason to think I might be who I say I am? xP
|
SAVE CoX info:
Titan Network efforts
Saving CoX events/FB info
Quote:
That exact same thing happened to me upon reply. Got the one-time click link, reset my password, got into my account and decided to log out and back in to make sure. Once I logged out, I couldn't get back in because my IP was still blocked. This is very odd.
|
Originally Posted by Capa_Devans
I think the whole thing is silly. However I had this on my second account. I rang and spoke to them and got the account unlocked, reset password etc. But they didn't unban my IP so I was still locked out and had to contact them again to get that done before I could get into my Master acct.
|
Quote:
My group has lost two so far. They will most likely loose all three accounts under my name too. And I don't think many people really want to perservere, it seems like a lot of effort to beg someone to please take your money again. Companies invest a lot of money in getting customers. It seems really stupid to refuse to let the ones you have buy stuff.
|
Originally Posted by Blatte
That is silly, I had a similar problem since it was my bro that bought my account in first place (and why I didn't had the right answers)
My reset weren't about birthdate, maybe because I told them it was the Birth date that was bugged; I'd tell you to give them the last digits of your credit card too, it will probably help to prove your ID. And mention the error message you have when you try logging it. I know how worrying this can be but if you persevere, Im sure you'll got it fixed soon, don't give up. |
Listen to the mustn't, child, listen to the don'ts, listen to the shouldn'ts, the impossibles, the won'ts, listen to the never haves, then listen close to me. Anything can happen, anything can be. ~ Shel Silverstein
I like how it keeps asking me my security questions to verify my location...even after I verified my location...
THIS CAKE....is a lie.
Ignoring anyone is a mistake. You might miss something viral to your cause.
Quote:
Yeah, I like that too.
|
Originally Posted by MrHassenpheffer
I like how it keeps asking me my security questions to verify my location...even after I verified my location...
|
wow,
this ridiculous security implementation is still in place?
I honestly thought they'd fix this on their end by now, AND apologize to the customers for such a rotten customer experience...
I will go ahead and contact customer support I guess.
If I do get back in (I'm really not sure I will with all of the possible information answers I have and the me+spouse joint use of the account), then the first thing I am going to do, is change all of my user information to fake info, and write it all down to put in a safe place so I can use it next time my IP changes.
My rationale is that I really don't want the people who designed *this* security patch to have any more of my "real" personal info than is absolutely necessary, since they *really* don't have the foggiest idea how internet security works.
Wish me luck. I do hope that customer support is more realistic about fixing this than the sticky on the support page suggests. I'd like to stick around, and technically I could play right now since I've got auto-recurring payment. But if they don't fix my account access, I will have to get my credit card stop payment to ncsoft. Honestly that would really sadden me. But I can't rationalize allowing a company to keep pulling money out of my credit card without my control. That's not a workable business-customer relationship.
edit: if I do have to get my credit card to stop payments to ncsoft, will ncsoft's bouncing purchase requests create negative feedback on my credit rating? I never thought doing business with ncsoft might damage my credit, and through no fault of my own.
Virtue Heroes of note:
Katerinae, Luci Ferre, Shinigami's Kiss, Dark Invokation, Cerulean Twilight, Side effect, Cheshire Noir
Virtue Villains of note:
- Black Dragon, Raven Sterling, Domina Procella, Inertia K., Vivian Revenio, Charlotte Arachne, Doll Parts, Fierce Orchid, Theta Charge
To be honest, I kind of ignored this thread when it first came up in the redname tracker, because the title sounded so innocent and uninteresting. "New Security Update" can only be a good thing, right? So I didn't even bother opening the thread and went along on my merry way.
Fast forward to today, I thought I might try to activate my second account again, which I don't have on auto-renew. Username and password entered, and it throws up some random security questions at me, which I genuinely can't remember ever supplying to NCSoft, but ok, whatever. I try to answer them, it rejects my answers? Maybe it was a typo...but no, I try again a few times with no joy.
Then I come here and I find out the details of the situation and just....wow. Really?
....wow. I'm genuinely at a loss for words.
A circle forms, everybody comes round
Just to hear the incredible sound
Of a genius smashing expectations
- Jonathan Coulton
Quote:
As long as you kept the emails of booster pack updates etc, its not as bad as this thread would lead you to believe. |
Originally Posted by Mokalus
To be honest, I kind of ignored this thread when it first came up in the redname tracker, because the title sounded so innocent and uninteresting. "New Security Update" can only be a good thing, right? So I didn't even bother opening the thread and went along on my merry way.
Fast forward to today, I thought I might try to activate my second account again, which I don't have on auto-renew. Username and password entered, and it throws up some random security questions at me, which I genuinely can't remember ever supplying to NCSoft, but ok, whatever. I try to answer them, it rejects my answers? Maybe it was a typo...but no, I try again a few times with no joy. Then I come here and I find out the details of the situation and just....wow. Really? ....wow. I'm genuinely at a loss for words. |
An email with those details will get it fixed within a day or two.
Its still false happy feel good security, and damn annoying when you are on dynamic IP addresses.
I don't suffer from altitis, I enjoy every minute of it.
Thank you Devs & Community people for a great game.
So sad to be ending ):
On a dynamic ISP issued IP it is worse, especially if players end up authorizing every one of their IP addresses.
Worse if they are new players authorizing a college or net cafe network IP set, anyone looking over their shoulder who gets allocated their network IP via a dynamic ISP DHCP will only need to login as now.
This security change only makes it harder for 'Genuine' customers.
I have suggested a solution to tech support but they went and merged it with an unrelated issue...
/e SIGH!
Nuff Said...
Coolio Wolfus leader of Coolio�s Crusaders on Union.
Tekna Logik leader of Tekna�s Tormentors on Defiant.
Creator of: Coolio's Tech Beacon Replacements
AE arc 402506, 'The Rise and Demise or Otherwise of Tekna Logik...'.
Quote:
I'm not actually in the habit of keeping emails, but GM Dale sorted me out within 24 hours anyway, so someone at NC/Paragon/wherever he works buy that man a beverage of his choice for me, thanks.|
Originally Posted by tanstaafl
As long as you kept the emails of booster pack updates etc, its not as bad as this thread would lead you to believe.
An email with those details will get it fixed within a day or two. Its still false happy feel good security, and damn annoying when you are on dynamic IP addresses. |
My post still stands for my reaction to the design and implementation though. At best it's going to create a massive unnecessary workload for Support with little to no upside.
A circle forms, everybody comes round
Just to hear the incredible sound
Of a genius smashing expectations
- Jonathan Coulton
Yet another sad story from the real life of stupid security measures: an old member of our supergroup was considering to get back online after a few years' hiatus. As he tried to get into his master account in order to pay to renew his subscriptions, he was promptly thrown out by the new security measures. The words he used to describe his frustrations are not to be quoted here.
Oh, and the other supergroup mate is still battling support and trying to convince them that he is not his brother.
Still @Shadow Kitty
"I became Archvillain before Statesman nerfed himself!"
Quote:
Make it a month and more than 12 emails.|
Originally Posted by tanstaafl
As long as you kept the emails of booster pack updates etc, its not as bad as this thread would lead you to believe.
An email with those details will get it fixed within a day or two. |
And even when the problem is fixed, it keep asking location verification; right now I can't access to my account; it happened already 2 times since the "fix"...
This new security update is REALLY messed up; I guess it will become more laughable when a lot of people, unaware of it, will have to renew their account in the next months...
I'm on a dynamic IP allocation so each time I try to access my account I have to answer the security questions and authorize yet another IP adress. I'm up to 8 different IP adresses now. This keeps up, might as well not have any security features in place.
Rabbits & Hares:Blue (Mind/Emp Controller)Maroon (Rad/Thermal Corruptor)and one of each AT all at 50
MA Arcs: Apples of Contention - 3184; Zen & Relaxation - 35392; Tears of Leviathan - 121733 | All posts are rated "R" for "R-r-rrrrr, baby!"|Now, and this is very important... do you want a hug? COH Faces @Blue Rabbit
Quote:
Yeah same here - and I suspect for the vast majority of players; why NCSoft thinks most real people have fixed IP addresses I don't know!|
Originally Posted by Blue Rabbit
I'm on a dynamic IP allocation so each time I try to access my account I have to answer the security questions and authorize yet another IP adress. I'm up to 8 different IP adresses now. This keeps up, might as well not have any security features in place.
|
Hint to NCSofts IT department - the world just ran out of IP addreses and we're all now having to switch to a new system to generate more.
The real kicker of course is every time you authorise another IP address on the block allocated by your ISP like this, the next person who is allocated that IP address has it authorised too, it's an awesome security feature.
We know...
Quote:
|
Originally Posted by Coolio
On a dynamic ISP issued IP it is worse, especially if players end up authorizing every one of their IP addresses.
Worse if they are new players authorizing a college or net cafe network IP set, anyone looking over their shoulder who gets allocated their network IP via a dynamic ISP DHCP will only need to login as now. This security change only makes it harder for 'Genuine' customers. I have suggested a solution to tech support but they went and merged it with an unrelated issue... /e SIGH! |
Nuff Said...
Coolio Wolfus leader of Coolio�s Crusaders on Union.
Tekna Logik leader of Tekna�s Tormentors on Defiant.
Creator of: Coolio's Tech Beacon Replacements
AE arc 402506, 'The Rise and Demise or Otherwise of Tekna Logik...'.
This seems like a good place to post this.
With the increased security initiative for the NCSoft Master Accounts:
Why do the passwords not accept special characters?
Why are we limited to only alpha numeric?
Quote:
I'm just glad I never gave them my credit card information. If this is the kind of thing they "think" will increase security, then I don't even want to now how they are securing credit card information.|
Originally Posted by Katerinae
My rationale is that I really don't want the people who designed *this* security patch to have any more of my "real" personal info than is absolutely necessary, since they *really* don't have the foggiest idea how internet security works.
|
Using an IP address, something that can be completely controlled by me, where I can make any server believe I am connecting from any IP address I want it to. Something that changes for many on a regular basis, like every time their modem reconnects to their ISP.
This adds no security at all and only causes a inconvenience when we need to go through the same crap over and over again.
Someone needs to take Internet Security 101.
Quote:
Special characters would be good, also not requiring passwords to start with a letter. They only require simplistic passwords, and even prevent more secure passwords and then implement a security measure that adds no security.
|
Originally Posted by Morgan Reed
This seems like a good place to post this.
With the increased security initiative for the NCSoft Master Accounts: Why do the passwords not accept special characters? Why are we limited to only alpha numeric? |
ok, mutliple emails were of no help. I'm sure it depends on exactly who gets your emails, but whoever got mine didn't actually READ them very much, it was like having an in depth conversation with a broken record.
however, i did get everything fixed with one phone call.
I forget the name of the guy who helped me, but he was *really* good at customer service, better than 99% of customer service calls I have made to various companies in my lifetime.
the phone's auto-sorter said they didn't help with security issues, but i ignored that and pressed 1 for account related stuff. Ended up talking to a god amongst customer service employees, and everything's fixed in like 20min.
he even had a really cute voice. you know, manly-cute, not kitten-cute.
Virtue Heroes of note:
Katerinae, Luci Ferre, Shinigami's Kiss, Dark Invokation, Cerulean Twilight, Side effect, Cheshire Noir
Virtue Villains of note:
- Black Dragon, Raven Sterling, Domina Procella, Inertia K., Vivian Revenio, Charlotte Arachne, Doll Parts, Fierce Orchid, Theta Charge
This is strange. More than a year has passed since the introduction of the "new 'security' system" and I still have to answer the very same two "security questions" every time I log in to my Master Account.
Why is this? And why were NCSoft telling us that you would authorize a computer with this system when at least their designer must have known that it was merely whitelisting IP addresses? What a joke. Since 1996 I had to live with dynamic IP addresses. Is this different in S Korea and the USA? That would at least explain why they came up with this. But it would not explain why they insist on using it after getting this amount of flak.
Has anyone had success talking NCSoft into whitelisting the whole network of their ISP?
Or did they not change this because they are secretly working on a 2 factor authorisation system like in use by SWTOR and Blizzard? (little key chain thingies or apps for smart phones which generate a one time code to be used in addition to your password which is invalid after 30 seconds or so)
Google's great
intitle:"index.of" mp3 gus.gus
Quote:
IIRC, you have to answer those questions anytime/everytime you're not logging in on the computer you first logged in with after the new security went into effect...|
Originally Posted by aleph_EU
This is strange. More than a year has passed since the introduction of the "new 'security' system" and I still have to answer the very same two "security questions" every time I log in to my Master Account.
Why is this? And why were NCSoft telling us that you would authorize a computer with this system when at least their designer must have known that it was merely whitelisting IP addresses? What a joke. Since 1996 I had to live with dynamic IP addresses. Is this different in S Korea and the USA? That would at least explain why they came up with this. But it would not explain why they insist on using it after getting this amount of flak. Has anyone had success talking NCSoft into whitelisting the whole network of their ISP? Or did they not change this because they are secretly working on a 2 factor authorisation system like in use by SWTOR and Blizzard? (little key chain thingies or apps for smart phones which generate a one time code to be used in addition to your password which is invalid after 30 seconds or so) |
I think there is a way to manage it a bit if you're consistently using the same = "different"/ like a 2nd PC.
Quote:
|
Originally Posted by Arcanaville
City of Heroes didn't fail, City of Heroes was killed. If a 747 dropped on your house, you'd say you were killed, not you failed to find a safer dwelling.
|
Quote:
No, incorrect. You have to answer them every time you log in via an IP Address which the server hasn't seen before for your account. |
Originally Posted by Cardiff_Giant
IIRC, you have to answer those questions anytime/everytime you're not logging in on the computer you first logged in with after the new security went into effect...
I think there is a way to manage it a bit if you're consistently using the same = "different"/ like a 2nd PC. |
So yes, basically you're whitelisting IP Addresses.
Funny thing is, I was planning to get in to buy several Booster Packs. =P NCSoft has made it impossible for me to GIVE THEM money. That's just silly.
I doubt anyone is still even reading this thread let along they'll change it to something more sensible. Shame about all those locked out and quit because of such a badly designed implementation.
SAVE CoX info:
Titan Network efforts
Saving CoX events/FB info