Change the password change method...!

[billys1337]

Normally I would agree with you, however I think the 'SYSTEM' can be somewhat blamed for this, blizzard have had 2 step authentication on there servers for a LONG time now... So does did about ever other site and application these days, email, net banking etc... Not to mention countless ways to regain access to your lost account.

If this system had modern security measures and/or a procedure in place for recovery, I would totally agree with you, but how it is how is basically just asking somebody to come try break into your account... And when they do your stuffed and can't do anything about it?

I have NEVER been hacked, but if I were I would feel the system was partly to blame as I have done everything I know how in order to protect myself, but there are always smarter people out there!

Anyway hope nobody takes this the wrong way, I love Nostalrius, and am ever grateful to play here, I just feel unsecured, that's all

[Oyani]

It seems like it needs a better procedure to change account password and to retrieve hacked accounts. Now that this server is at least as major as a retail WoW server is, there's going to be gold sellers and in return hackers. It seems like the security is pretty low right now and if too many people get hacked and their stuff sold they're going to stop playing and most likely not return which would lead to a decline in population. Account security is an important matter in my opinion.

[Aunstic]

Normally I would agree with you, however I think the 'SYSTEM' can be somewhat blamed for this, blizzard have had 2 step authentication on there servers for a LONG time now... So does did about ever other site and application these days, email, net banking etc... Not to mention countless ways to regain access to your lost account.

I don't recall TBC or WotLK introducing another form of auth, but then again I didn't care about privacy and security as much back then. Also, there are currently a lot of applications out there that still use md5 for default hashing and a lot of apps/programs don't attempt at another factor of auth if they aren't dealing with personal information and heavy security risks en masse.

Was the 2FA in-game and/or on the login page on battle.net (or wow.com, etc)? -- Just out of curiosity.

Next paragraph is rambling, can be ignored.
Google is the only SMTP service (and other services) that I know that constantly reminds you to put in my information to your account for recovery situations and offers second passwords, SMS verification, etc. Banks should really require security protocols just because they're dealing with finances.

If this system had modern security measures and/or a procedure in place for recovery, I would totally agree with you, but how it is how is basically just asking somebody to come try break into your account... And when they do your stuffed and can't do anything about it?

Nostalrius technically does succeed in modern security measures. Recovering an account is trivial because of social engineering and gathering information on the account in order to look like the account creator/owner.
If someone knew a method of establishing a fail-safe way of proving account ownership without implementing a difficult system to use, I don't see a problem here.

Just one thing though... It's hard to prove you own the account and didn't try to sell it or share the account.

I have NEVER been hacked, but if I were I would feel the system was partly to blame as I have done everything I know how in order to protect myself, but there are always smarter people out there!

Anyway hope nobody takes this the wrong way, I love Nostalrius, and am ever grateful to play here, I just feel unsecured, that's all

Well, to conclude the suggestion is good, but it's hard to implement a better system. After all, security is just an illusion.

It seems like it needs a better procedure to change account password and to retrieve hacked accounts. Now that this server is at least as major as a retail WoW server is, there's going to be gold sellers and in return hackers. It seems like the security is pretty low right now and if too many people get hacked and their stuff sold they're going to stop playing and most likely not return which would lead to a decline in population. Account security is an important matter in my opinion.

All in all, the link in my signature would be the right suggestion for you. ^^

[Snautz]

I'm by no means a tech kinda guy, so please don't tear my ass apart if anything I say is unrealistic or borderline retarded.

In case someone gains access to your account wouldn't it be an easy fix if it was possible to enter your username + password somewhere here on the website, and by doing that instantly get your password reset to a randomly generated password which then would get send to your email. When you then proceed to log ingame with this new password you get a 24 hour window to change that password through the regular ingame process.
Again, I'm only assuming this would be a simple solution. I have no clue if this actually would require an unrealistic amount of resources.

[Ohr]

Change the change the password change method thread name. It's quite confusing.

[Spiri]

BUMP bro


This is nonsense.

[Aunstic]

In case someone gains access to your account wouldn't it be an easy fix if it was possible to enter your username + password somewhere here on the website, and by doing that instantly get your password reset to a randomly generated password which then would get send to your email.

That's how most account panels such as https://en.nostalrius.org/login do. There might be some issues with the web server accessing the DB for the WoW accounts though.

When you then proceed to log ingame with this new password you get a 24 hour window to change that password through the regular ingame process.

This part doesn't really need to happen. The player should know right away to change it from a temporary generated password to a new password.