Is this third-party stash app safe?

In light of GGG saying they can't recover accounts that have been compromised, I think it's worth questioning which third-party applications are safe especially when many require login info.

There's a new tool called Procurement that has some very useful features:

Spoiler
Search/filter your stash/tabs for gear/items
View your characters/gear
Oneclick generate forum trade posts that you can copy&paste into a trade post, which will have all your gear linked, verified and categorised in tags.
Breakdown of your currency with GCP total (Ratios configurable)
Everything is cached and can be viewed offline after you've logged in once
Single tab refreshing (if logged in)

Here's the link on reddit:

Spoiler
http://www.reddit.com/r/pathofexile/comments/18vuwg/reintroducing_procurement_the_ultimate_exiles/

Can someone who is more technically savvy than me elaborate on the potential risks/safety concerning applications that require login info?

I am aware of virus scans and it appears to be scanning clean, but is that enough to trust a program with my credentials?
Last edited by Luvz#0162 on Feb 20, 2013, 3:40:24 PM
^
How much are they paying you for this advertisement?
All the things I want to remember are in the places I'd like to forget.
lmfao ^
IGN:Aexea
"
Jim_Fear wrote:
How much are they paying you for this advertisement?


The same amount that I paid you for bumping this.
"
Jim_Fear wrote:
How much are they paying you for this advertisement?


You know how hackers are....they dont get paid unless they win...alot like lawyers.
'It is good to contact a moderator if you feel someone is being a twat' Charan, Forum Moderator

Sometimes, we have to cross a ditch.
Sometimes, we have to cross an ocean.-Rhys, GGG
Rule of thumb: if your question starts with "is this third party" the answer is "no. Fuck no."

If the question doesn't start with "is this third party" but has "requires login info" and *isn't* produced by the game company, the answer is "no. Fuck no."

If the question both starts with "is this third party" AND "requires login info" then the answer is "holy crap, back away from the internet slowly!"
Please familiarize yourself with the Greater Internet Fuckwad Theory (GIFT) - http://www.penny-arcade.com/comic/2004/03/19

Realize that the only part of the equation you can affect in the GIFT is the audience. Remove the audience and the trolls merely rant at the air.
"
CrystalisQualinthi wrote:
Rule of thumb: if your question starts with "is this third party" the answer is "no. Fuck no."

If the question doesn't start with "is this third party" but has "requires login info" and *isn't* produced by the game company, the answer is "no. Fuck no."

If the question both starts with "is this third party" AND "requires login info" then the answer is "holy crap, back away from the internet slowly!"


I disagree with the first, but the other two I stand with you!
"
CrystalisQualinthi wrote:
Rule of thumb


My thumbs have rules?

'It is good to contact a moderator if you feel someone is being a twat' Charan, Forum Moderator

Sometimes, we have to cross a ditch.
Sometimes, we have to cross an ocean.-Rhys, GGG
"
Luvz wrote:
Can someone who is more technically savvy than me elaborate on the potential risks/safety concerning applications that require login info?

I am aware of virus scans and it appears to be scanning clean, but is that enough to trust a program with my credentials?


Virus scanners are only as good as their definitions. Thus, if no one has reported the app as a virus or other piece of malware then the app will scan clean. Security software *is* becoming more complex to where it can recognize certain action types as malicious and block from there, but the scenario you described requires zero malicious action on the programs part to get what 100% of every hack attempt *always* wants which is your user/password.

Let's examine what happens once you give someone else your user/password.

Best case scenario - your user/password is unique to this game and never used in combo anywhere else. Result - they only were able to log in as you to Path of Exile and take all your stuff.

Worst case scenario - your user/password is NOT unique to this game and in fact is shared with your email address or other websites. Result - they are logging in as you anywhere that user/password combo is good and able to use this info to further compromise you, especially if they were able to compromise your email account. Now they can just use 'forgot password' on all sites that send reset requests to your email address and reset your passwords for you on any site they want.

In summary - unless you personally know the coder and can drive to his house and kick him in the junk if he uses your user/pass to rip you off, I'd never use any app that requires login information to a game.
Please familiarize yourself with the Greater Internet Fuckwad Theory (GIFT) - http://www.penny-arcade.com/comic/2004/03/19

Realize that the only part of the equation you can affect in the GIFT is the audience. Remove the audience and the trolls merely rant at the air.

Report Forum Post

Report Account:

Report Type

Additional Info