Added Security Needed --- Suggestions Inside --- Dev Opinion Appreciated

First and foremost, not all security breaches are the direct result of members mindlessly trying to cut corners via hacks, 3rd party services, etc... I have known of several examples as of late that are prime examples. Many scenario's may be the child of stupidity and lack of forethought, but it is not always due to devious means by the VICTIM.

Please, let's try to keep this in mind if and when anyone chooses to respond.

A ) Remove the option to save passwords. Period.

At no time should a password ever be stored locally. This in itself is a dangerous situation as far as account security goes and has bit many users in the ass as of late.

B ) Require a PIN upon deletion of characters.

A secret PIN should be FORCED to be made during registration. This PIN should never be stored anywhere but within the GGG databases. Upon selecting to delete a character, the user would then be prompted to enter said PIN. After checking the PIN against the server, the request can either be denied or accepted.

This would at least help save characters at the very least, and should be less resource hungry than changing to a soft delete method, as there would be less data to stored server side.

C ) DO NOT ALLOW SIMULTANEOUS LOG IN TO A SINGLE ACCOUNT.

If my account is currently logged in on one machine, the same account should never be allowed to be logged from a differing location, forcing me to be booted form the server while somebody else has access to my account.

D ) Require different log in information for the forum and game client.

I know future plans for web based trading, stash viewing, etc... rely on the sharing of account information between the game and the forum, but at some point security should trump convenience.

E ) If possible, the PIN addition could also be used as a secondary security measure at log in. Thus allowing the saving of username and password.

The idea I have in mind is simply. Upon loading the game client, the username and password is stored, if the user chooses. However, in order to process past character selection the secret PIN would be required.

Yes, the addition of a PIN would be an inconvenience to those who wish to rush everything, but again, at some point, security HAS to take precedence.

A password is nothing more than a sugar coating these days. The day of password reliability died long ago when the birth of the "cloud" arrived. Too many are involved in too much, with too many accounts to track. As such, they use the same information repeatedly across many different internet mediums. Each medium is another weak link in the security chain.

Ultimately, security comes down on the shoulders of the user. But there are reasonable and justifiable means that can be taken to help aid the user in making wiser choices. Myself included --- ANY YOU AS WELL.

We all make mistakes; Regardless of background, knowledge, and common practice. Everybody slips from time to time.

Software token is what they ought to implement.

"

SqueakyToyOfTerror wrote:

A ) Remove the option to save passwords. Period.

I have to say that I am mixed with this. I for one would never store my password, as it is relatively (if dedicated) easy to crack (password is saved as a hash). However, as for the younger community members as well those who have memory problems, I would understand why they would want this feature. Make it more secure by hashing the file that contains the stored pass, then has the password. Use different methods of hashing and high level hashing to do so.

"

SqueakyToyOfTerror wrote:

B ) Require a PIN upon deletion of characters.

Agreed. I would like to see Alpha-numeric pins (added security). Also to append to the idea, Also logging into the character.

"

SqueakyToyOfTerror wrote:

C ) DO NOT ALLOW SIMULTANEOUS LOG IN TO A SINGLE ACCOUNT.

Should be a given. Give an error while logging in and send the owner an email stating that this happened recommending password changes to their account

"

SqueakyToyOfTerror wrote:

D ) Require different log in information for the forum and game client.

Agreed. Instead of the email to login, allow us to make a user name (different from the forums) to log into the client.

"

SqueakyToyOfTerror wrote:

E ) If possible, the PIN addition could also be used as a secondary security measure at log in. Thus allowing the saving of username and password.

This can be left out I think. Just use pins to login/delete the character.

"

SqueakyToyOfTerror wrote:

A ) Remove the option to save passwords. Period.

I'd rather a Save/Remember Username option over a Save/Remember Password option. So many games and applications lack such an option though :/

I think the latest versions of MSN Messenger lack it while the old (And still working) MSN Messenger 2009 software has it for example.

"

SqueakyToyOfTerror wrote:

B ) Require a PIN upon deletion of characters.

If a Pin is just numbers or just letters and is restricted in the amount of digits that it can consist of, then it will just be an easier alternative to crack and it will net you both a username and a password.

I do think something like the authenticator Blizzard distributes/provides for free for smart phones would be a good idea but it shouldn't be mandatory as not everyone has a smart phone/wants to buy an authenticator. Though there is a fan-made Windows version of Blizzards authenticator available http://code.google.com/p/winauth/

My suggestions would be to limit the number of guesses you can make before it locks the account and sends the owner of the account an email with a link they have to click to confirm it is them that is trying to log in.

I would also like a way to view the last 5 or 10 places I've logged in from (IP Address used, general location etc.) but this is mostly only useful to those with Static IP Addresses.

"

peachii wrote:

In the end GGG cannot protect everyone. When people go onto a site advertising items from PoE and give them the same email and password, or let a keylogger get downloaded onto their computer - that is the player's responsibility to prevent.

I am glad to hear they are working on this! In response to the quote: well said. =)

"

peachii wrote:

Agreed someone else logging into an account should not bump someone offline, the person attempting it should get an error message that the account is already in use.

The user currently logged in should also receive an in-game notification about the attempt too.

The software authenticator is totally the way to go.

First pass should be just one that works on the desktop. While this does not protect against an owned client, it does protect against third party intercepts.

Second pass should be one that runs on popular smart phones.

I'm not quite sure what the no rememered password option is supposed to do. The very, very fist thing any hacker does upon owning a box is install a keylogger that taps your keyboard device directly. This is well before anything has any chance to encrypt.

Obviously the reason that the smart phone option defeats this is that by the time the hacker gets the info, the authentication token they have intercepted is out of date.

Back to the on-desktop-authenticator. The most common way a hacker takes advantage of you is pulls down various kinds of password info. They don't usually control the box directly. That means that even a desktop-authenticator provides a fairly good degree of protection for the same reasons I outlined above: the info they harvest is too out of date to exploit.

Consider the various maphacks advertised for POE. Their main gig is that they all have keyloggers installed, that then upload the logged data to a command-control location. If they grabbed your password and your most recent auth token, by the time they attempt to use it, it is too late.

The thing with saved passwords is that it has to be stored locally on the machine. Yes, it is stored as a hashed and salted string, but such hashes as the MD5 and others have been reversible for some time, do not let anyone tell you any different.

Many people as of late, whether by their own fault or not have fallen victim to the .ini file containing their saved log in information being stolen. Even if the thief is not able to reverse the hash, all they need do is steal the file, swap out their own for the stolen file, and presto---instant log in.

This simple file is a much greater hazard than key loggers. At least malware, spyware, and anti-virus software can detect the key logger in most cases. A few lines of code to copy and send a the production_config file on the other hand is not as easily detected, if at all.

Many have come victim to such acts by use of hacks, third party services, and others as of late. But these are not the only cases. I was talking with an old co-worker of mine who has a son in college. He and his room mate have begun hosting lan parties and running farming groups.

Just last week they made the mistake of letting in a new member to the group. During a dinner break, which took most of them out of the dorm, the new guy then proceeded to copy each of their production_config files to USB, and later raped them all.

Other cases have been of our fellow members foolishly using the same credentials on some of the numerous fan/tool sites that have come about the past several most. After having spoken to two administrators of some of these sites, I found that they have intentionally used plain text storage for account information on their site, thus allowing for hassle free retrieval of possible PoE account information.

Yes, in the end, security always comes down to the end user. However, there are plenty of options that can be put in place to help remove a large portion of the issue in the first place.

It was also mentioned that a numeric key, limited in size, would be just as easy to crack. The point of this is to have a server side check for authentication on a string of information NOT stored on the end users local machine. Yes, it can be cracked. But it would also show the repeated hundreds of log in attempts needed to crack it, thus aiding in tracking down the perpetrator and allowing for proper notice for the true account owner.

Cracking of a PIN is also easily avoided by simple lock out protocol. For example, after 5 incorrect entries, the entire account is locked out until verified via the email address provided by the true owner, or other means. Even a measly four digit PIN will rarely be cracked in five or less attempts, without already knowing the PIN or knowing the user on a personal level. Of course, the personal knowledge can be removed by simply not allowing the user to choose their own PIN and instead randomly generate one.

I know GGG already has plans in the works to help strengthen security, and of course we will see more issues as we gain more players. But with GGG already stating that characters currently can not be restored, and items will not be replaced, this should be a bit higher on the list than some of the other features we are seeing being added.

Example: Yes, /dnd is nice for streamers and others. But was it really more needed than account security? Let one of the streamers accounts get hijacked and see which they would have preferred.

I have always been a supporter of GGG, both financially and as a player. This is not meant to criticize, pass or place blame, or anything else. But amongst many thing, I am also a former online game host and community leader, and have been through the trials of fire and have seen what such ordeals can do to a community if not handled promptly enough.

I simply do not want to see the same end come to PoE and the community we have built, as I have seen in countless other online communities.

+1 for cellphone authenticater(optional of course)