Nostalrius Begins - Quality wow vanilla realm (1.12)

Hello guys,

I really think it's time to increase account security.
Why?
Nostalrius created a huge community and "revived" the classic feeling, but many of us want new addons for example. Because of the huge community this is possible and I love it. But I really fear the moment when a addon-scripter goes crazy and includes a virus or something that causes that your account got stolen.
You may say 'Check the data first', but some virus can't be derected easily.
Furthermore with the growing community the chance increases to get hacked.
I understand that nostalrius staff does not care when you loose your account because they have more important things to do, but as one who follows the project for much over a year, I wanted to ask nicely if there are plans in this direction. A authentication app or something when someone wants to change your password or loggs what ip deletes characters for example

An authentication app requires dedicated coding for all the different kind of of mobile phones out there, not to mention that it has to be approved for google play and whatever else. Might even require payments, so it's just not worth it. As for the IP, it's essentially useless since most users has a dynamic IP, which means if their modem/router shuts down for a few minutes, they'll receive a new one. It's also easy to spoof IP addresses.
As far as simple implementation this is probably the best solution. viewtopic.php?f=5&t=15144

How about a facility that when a password reset request is made, it sends a mail to the registered E-mail asking if this should proceed (then click a link to allow it to happen.) And remove the in-game ability to reset password.

Sorry if this seems obvious and a bit facetious, but I'm honestly confused why Nostalrius doesn't put in something so simple as this to protect user accounts in this very standard way for web-based services. I think that the same fervour that they put into making sure the TOU is followed should be applied to trying to protect their users' accounts.

For OP: Very unlikely that an addon author could accomplish what you suggest; the WoW APIs were locked down in early vanilla into a very well controlled sandbox, so you aren't going to see a virus coming from an addon. But it would be possible for an addon to send in-game information invisibly to someone (like an in-game keylogger). Addons are always by definition open-source so it would be easily discovered by anyone who wanted to look though it.

Mopar wrote:How about a facility that when a password reset request is made, it sends a mail to the registered E-mail asking if this should proceed (then click a link to allow it to happen.) And remove the in-game ability to reset password.

Sorry if this seems obvious and a bit facetious, but I'm honestly confused why Nostalrius doesn't put in something so simple as this to protect user accounts in this very standard way for web-based services. I think that the same fervour that they put into making sure the TOU is followed should be applied to trying to protect their users' accounts.

For OP: Very unlikely that an addon author could accomplish what you suggest; the WoW APIs were locked down in early vanilla into a very well controlled sandbox, so you aren't going to see a virus coming from an addon. But it would be possible for an addon to send in-game information invisibly to someone (like an in-game keylogger). Addons are always by definition open-source so it would be easily discovered by anyone who wanted to look though it.

As Zoey mentioned, I already have the suggestion up for removing .account password in-game. As for sending a confirmation email to the email registered with, I believe the staff thinks "if the account is stolen, the email is most likely stolen with it".

My suggestion thread: viewtopic.php?f=5&t=15144

I do like the 2FA idea as well, it does provide more security. I'm just pointing out that the password reset here is completely unique, and not standard practice. And that it's surprising such an easy to implement mechanism, which provides - not perfect - but slightly better - recovery capability isn't available.