Potential User Data Breach

"

hunter_AS wrote:

I know the common though is blah blah blah who does this guy think he is, I am a former PCI Forensic Investigator consultant who has led with major credit card breaches and now lead the incident management department at a large financial institution. Before this I served as a lead penetration tester as well.

"

hunter_AS wrote:

^ This does not inspire a lot of confidence. If you severed internet connections and started immediately reformatting without performing imaging on the affected systems, it shows that you clearly do not have capable incident responders on staff. With that being known, I sincerely doubt the security measures you put in place are adequate, unless you have identified root cause, which is once again hard to do when you immediately start erasing evidence. Along with this, if there was potential proof that sensitive information was accessed, you are wiping this out as well.

With that said, as long as the payment card data never touches your network and you actually are salting, very little issue aside from your proprietary information potentially being breached. I appreciate the notice, but your response didn't inspire much enthusiasm for your ability to handle the event.

I know the common though is blah blah blah who does this guy think he is, I am a former PCI Forensic Investigator consultant who has led with major credit card breaches and now lead the incident management department at a large financial institution. Before this I served as a lead penetration tester as well.

"

waskely wrote:

"

sarannah101 wrote:

"

stevich wrote:

+ hacker would have to bruteforce 2 passwords

- user experience when trying out the game (even if it seems minor to type in 2 passwords)
- as you mentioned bigger workload for support
- remembering 2 passwords
- always having to type this password after every login (thats a absolut killer user experience wise)

I think the negatives outweigh the positives, but maybe im just negative.

- user experience when trying out the game (even if it seems minor to type in 2 passwords)
Well, the 2nd password would have to be created. But this is only once.

- as you mentioned bigger workload for support
Nothing to be done about this.

- remembering 2 passwords
Yes, but the 2nd password isn't a real password, it would only be a 4 or 5 digit code. Which will usually be something players can easily remember.

- always having to type this password after every login (thats a absolut killer user experience wise)
Having to type this password once after every log-in isn't a huge deal in my opinion. Try to keep track of how often you log in/out. Maybe once every 3-5 hours, unless you happen to crash. Keep in mind though, you could play the game without even letting the game prompt you for the 2nd password, by not accessing your stash/inven/equipped items. Ofcourse when your inventory fills up, eventually you'd have to let it prompt you when you need to sell stuff from your inventory.

You are correct with your downsides though, so awesome feedback. Personally, I think the pro's heavily outweight the cons.
The true realistic cons for the player are having to create this code, remembering it, and typing it once every play session(usually at the very beginning).

What the hell is this crap. Do you ever travel? Or try to log into POE at work? It requires constant POE unlock codes being sent to your account email whenever logging in from a different location from your last login (every day I have to do this twice because I log in at work) and i hate it. I dont want 3 layers of security for a fking game, banks don't even care that much.

If our accounts were chosen for violation by would be hackers, they need to pick a account email, brute force the password, hack the email address associated with the account (or make it seem as tho they are logging in from the same location)

Maybe i'm just lazy, but that all seems like way way way too much work for a game account