Feedback and Suggestions (Path of Exile 1) - Password is not saved on IP-address change - please remove this! - Forum

In the latest patch the password is no longer saved if your IP-address changes. I have no idea who thought this would improve security, because it actually decreases it. Most of the users have a dynamic ip address, meaning it changes when you reconnect to the internet. Saving a password won't be possible for the majority of the users, which in turn promotes creating short and easy to type passwords, since you are required to enter it every time you login. To summarise - IP-address is not a definitive way of identifying computer's location, because most users have a dynamic address, so this change hurts users far more than it improves security (which it doesn't). Alternatively, make an option of disabling this "feature" in the account settings. Increasing Field of View in PoE: /1236921 Last edited by Shajirr#2980 on Feb 22, 2013, 2:47:52 AM This thread has been automatically archived. Replies are disabled.	Posted by Shajirr#2980 on Feb 22, 2013, 2:41:18 AM Quote this Post
The current iteration of the security measure is the bare minimum, rushed in because of the multiple "hack" reports we've seen those past couple of weeks. Over the next few updates they will improve it to be up to par with what we have in other online games.	Posted by XDementia#6681 on Feb 22, 2013, 3:32:49 AM Quote this Post
I doubt your most users have dynamic ip adresses statement... greatly. In my country dynamic IP's are only used for that very small amount of users that still uses dial up connections. It actually does improve security, as whenever my device (desktop or notebook) is stolen one this is for sure: it's ip adress is going to change. Most IP's are slowly working towards IPv6, which is supposed to be static to start with. However I do agree this could be a profile/account based option. Try to propose such a solution first next time, before making bold claims.	Posted by CExy#2025 on Feb 22, 2013, 4:37:13 AM Quote this Post
I have a dynamic adress, too. Well, I think it's not so bad to type it everytime you log in. Actually I was always wondering how the password is saved and how secure this really is. Everything that is saved on the computer can be decrypted and even if it's saved on the server you just have to copy some folders from another person to have instant access to their account.	Posted by grasmann#3903 on Feb 22, 2013, 4:52:37 AM Quote this Post
There is a further issue I have noted with this new system. If you save your details, when restarting the client it will crash every time until you remove the details manually from the configuration file.	Posted by razac1983#3613 on Feb 22, 2013, 5:34:40 AM Quote this Post
" razac1983 wrote: There is a further issue I have noted with this new system. If you save your details, when restarting the client it will crash every time until you remove the details manually from the configuration file. Post this in a different thread so it could be seen better. About IPs - it depends on a country I guess. In Estonia (Europe, Baltic region) all internet providers give you a dynamic address by default. To have a static ip, you have to pay for it additionally. My point is - this may improve security only to those who have static ip, to users with dynamic ip this change is only a hindrance, which does not improve security in any way, and we should have an option of disabling it. " Everything that is saved on the computer can be decrypted and even if it's saved on the server you just have to copy some folders from another person to have instant access to their account. The majority of account stealing has nothing to do with how securely a data is stored on a PC. Most account stealing cases arise from: a) Lack of account security options, that allow to find out an identity of a user. This is the case with Origin for example, where thousands of accs were stolen by just contacting support, and using publically available info to impersonate an account's owner. There were no mandatory security checks like providing a passport scan, sending SMS to a phone, etc. b) People being stupid and making super-easy to brutfore/guess passwords. b.2) People being stupid and making super-easy to brutfore/guess email passwords, so when an email gets stolen, along come all the other accounts connected to it that a thief can get. Increasing Field of View in PoE: /1236921 Last edited by Shajirr#2980 on Feb 22, 2013, 6:20:15 AM	Posted by Shajirr#2980 on Feb 22, 2013, 6:13:05 AM Quote this Post
How to secure password: Closed beta member since: March 19, 2012	Posted by f3rret#1161 on Feb 22, 2013, 6:33:53 AM Quote this Post
/support My IP changes every 24h or every time my router reconnects. Just a little parameter for the .exe to start with or a line in the config .ini to turn that function off, no need for fancy checkboxes.	Posted by Zark#0696 on Feb 22, 2013, 7:04:10 AM Quote this Post
Posting purely as a player here. First. World. Problems. If I like a game, it'll either be amazing later or awful forever. There's no in-between. I am Path of Exile's biggest whale. Period.	Posted by Foreverhappychan#4626 on Feb 22, 2013, 7:45:44 AM Alpha Member Quote this Post
" Charan wrote: Posting purely as a player here. First. World. Problems. Yeah, as long as the world needs to adapt IPv6 there are many people with dynamic IP's, especially in countries which don't own large IPv4 blocks. And now all these people have to type it (or copy+paste in my case with a high count char pw), which makes it unfortunately easier for keyloggers etc.. This function should be an option not a requirement.	Posted by Zark#0696 on Feb 22, 2013, 7:58:53 AM Quote this Post