Gaming and Account Security (repost)
(Edit: This was originally posted in February as a contribution to the gamer safety week. The recent Guildwars 2 release and the hacking attempts there made me add a few remarks at the bottom of the post.)
We all have heard of hacked gaming accounts, robbed guild banks and stripped or even deleted characters. Gaming account management websites have been attacked in order to extract Credit Card Information. Many of us have been locked out for weeks from the Playstation network or the SOE servers. And last but not least, fansites of all sizes are being attacked in order to gain account names, email addresses and passwords.
A group of online gaming companies has now come together under the Merchant Risk Council’s (MRC) Gamer Safety Alliance and declared this week as Gamer Safety Week. Members include Electronic Arts, En Masse Entertainment, Microsoft, MindCandy, NCsoft West, Nexon America, Sony Online Entertainment, Square Enix, and Turbine. The purpose of Gamer Safety week is to provide gaming fans and customers with safety information and resources and raise awareness about account security.
Why are online games being attacked? Like all websites doing business on the Internet, online gaming companies process payments this way. The attackers are after payment and credit card information. A thread more specific to online games is the ability to steal in-game currency (gold, platinum, credits) or other valuables, which in turn can be sold to the gamers for cash. And a more general thread exists through vandalism, security advocacy or political activism. I haven’t heard of religious groups hacking online games and their websites, but the motivation is there.
What to do as a user: Overcome your complacency and challenge your lazy self. Again, it’s fairly standard that security is traded for simplicity and ease-of-use. Simplicity can be used to the advantage of attackers. It is effort to come up with new user names and passwords for every website and every game. But if you don’t do it, somebody who gains access to your Turbine information will also be able to access your Sony games. Or worse, somebody who gains access to some small blog you created an account to leave a comment 7 years back will have access to your WOW gold.
Be aware of websites with poor security. For instance, websites that store your password as clear text are vulnerable to hacking attempts. The better ones encrypt the password, then store it and compare the encrypted input at login time against it. This website, MMOCompendium.com stores its passwords encrypted, but sends out initial passwords as clear text. You should be changing them right after you created your account. Another weak spot is the way forgotten passwords are handled: I don’t know your 17 character password, but know the name of your first pet. A website should send you an email with reset information to your registered email address, instead of giving you access right away.
Added security comes from using key fobs or security key apps for your smart phone. Use them whenever they are offered by your game of choice. Those key fobs produce a 6 digit number once a minute and it’s close to impossible to guess that number. An attackers only way to circumvent the system are men-in-the-middle attacks, which intercept your input, disconnect you and use your code on their system. This type of attack is unreliable, since it leaves only a small window (<< 1 min) to succeed. The other option for the attacker is to hack into the fob producers systems and steal seed codes and algorithms.
And lastly, to enable you to manage your passwords better, and therefore make it easier for you to use many different passwords, use a password manager tool. Password Safe has been around for a while and offers good protection. But there are also tools that allow you a more automated approach like LastPass. That’s the one I am using. It keeps track of all login prompts you discover while surfing the web. It remembers the logins and passwords you are using, or better, creates hard to guess passwords for you. Next time you visit the site, it either fills the account information in automatically, or asks you to confirm before it does so. It can also cut and paste account and password information to allow you using them outside of web browsers, like your game login screen.
In the end, information security is an arms race. Compare the value of having access to the data against the effort that is needed to gain access. As long as you can keep it more expensive to hack into your system than the potential gain, you’ll win. And all security efforts come down to this, making it more expensive to gain access.
August, 2012 edit: By now most of us have seen email notifications where others try to reset your password. They can do that if they know your email address. It’s not the best choice to use an email address as account name, especially if the account manages valuable information like your bank account or your gaming account. Some relief can come from using different email accounts or plussed email addresses, which are supported by some email providers. For instance gmail allows this: email sent to [email protected], [email protected] and [email protected] are all sent to the same address, [email protected]. Not all places accept email addresses containing a “+”, but GW2 does.
© Disclaimer: Guildwars 2
Read More
Vanguard SOH Going Free-To-Play
Vanguard SOH producer Andy Sites just announced in his Producers Letter that Vanguard is going free to play this summer. No hard time lines have been set, yet. It is planned to have a subscription and item shop model similar to Everquest, Everquest 2 and DCUO. Sony Online Entertainment has also put a transition team together that consists of developers familiar with the Vanguard property and the world of Telon.
This move has been expected for a good while now, fueled by the announcement that Everquest Classic is going free to play as well.
© Disclaimer: Vanguard
Read More
Guildwars 2 Beta Signup Twitter Storm
Only 3 hours left to signup for Guildwars 2 beta. A small twitter storm has broken out with people and @Guildwars2 tweeting and retweeting beta notices in all languages from Latvian to Klingon. It leaves me wondering if this is going to be the biggest beta flood in MMO history. SWTOR and Rift seemed more stretched out over time. And I don’t recall to much about the WOW beta signup phase.
In any case, this game is highly anticipated, lots has been written about it already and hopefully we get to see more of it soon.
© Disclaimer: Guildwars 2
Read More
New Community Manager for Vanguard
Zatozia, the new community manager for Vanguard Saga of Heroes introduced herself today to the community. She’s been with SOE while it was still Verant and is a self proclaimed dinosaur within SOE. While it’s not unusual that game personnel and community managers change, it’s somewhat special with Vanguard, since it is on my F2P-or-die watch list. The recent announcement for Everquest to go F2P did make me check on Vanguard more often.
© Disclaimer: Vanguard
Read More
TERA Online Beta Anticipation
TERA Online has been popping up on my radar for a while now. Last night I gave in and pre-ordered, which gives me participation right in all coming betas. I am currently downloading the client, which might take a while. Last time I checked I had 10% completion and the system told me, it would take 14 hours more. The download speed was suspiciously low when compared to my max bandwidth, which tells me that not to many people are participating in the torrent, yet. That might change overnight or toward the weekend.
The second beta test weekend is scheduled from Friday, Feb, 24th, 3pm EST to Monday, Feb, 27th, 3am EST. There will be a level cap at level 27 and a limited number of character slots. The later is usually a problem for me in betas, the level cap never. I tend to go and check out multiple races and classes until I find one I can stick with for a while. Not that my pick is ever finalized.
What am I going to look out for? Of course the combat style. Getting close to the opponent and then pushing attack won’t be good enough anymore. The interface will expect you to position yourself and to aim for your target. I’ve gotten a taste of that play style in Fallen Earth already and would love to see how it plays out here.
Race and Class selection seems typical for games originating in Korea and Japan. I will probably start out with a Slayer, since most of the time I end up playing melee DPS. Second choice will be an Archer or a dual wielding Warrior. I dislike dual wield classes, since I just can’t wrap my head around the idea that so many fighters now or in medieval times should be able to use two weapons as well coordinated as it seems possible in MMOs. Mystics may be my third or fourth choice, because they seem to be a pet class. Don’t ask what race I’ll choose. I have no idea, except you won’t see me playing the child like Elin.
The interface is going to be a tough one. The game allows the use of game controllers and may force me to use WASD movement. Lets find out. You’ll hear some yelling and screaming if things go bad in that direction.
© Disclaimer: TERA
Read More
SWTOR Rollout for Asia Pacific
Bioware announced today the availability of Star Wars: The Old Republic servers for the Asia Pacific region. The servers will go live March 1, 2012. The exact location of the servers is still unknown, but they are supposed to be within the region. Players in qualifying countries will be able to transfer characters to the new servers during a time window following the launch. The subscription fees will be identical to the current US fees ($14.99 per month, and rebates for 3 and 6 month commitments). Here’s the original article.
© Disclaimer: Star Wars: The Old Republic
Trademarks are the property of their respective owners. LucasArts, the LucasArts logo, STAR WARS and related properties are trademarks in the United States and/or in other countries of Lucasfilm Ltd. and/or its affiliates. © 2008-2011 Lucasfilm Entertainment Company Ltd. or Lucasfilm Ltd. All Rights Reserved. BioWare and the BioWare logo are trademarks or registered trademarks of EA International (Studio and Publishing) Ltd. You may not copy any images, videos or sound clips found on this site or "deep link" to any image, video or sound clip directly.
Game content and materials copyright LICENSOR. All Rights Reserved.
Read More