 |
05-12-2006, 06:25
|
#1 | ||||||
|
Safety not guaranteed!
    
Posts:
Gender:
 Ingame: Avatar Name:
Xaero e-lite Cynque Soc: Magnum Opus
Location: Sweden
EFD: 3,386.31
|
Good morning everyone.
Well we all know about the recent and increasing amount of "hacked accounts". The problem here isn't that the account where "hacked". It happens simply because the victims PC is infected with a trojan keylogger that sends the users login name and password to the "hacker". I think this is the most common scenario. Then there can be other reasons, the list is endless. One of the best solutions is to get yourself a gold card. But there's still things that MindArk can do to both implement additional security to the login procedure, and increase security for them who do not have a gold card. The feature I have come up with will work as follows: MindArk announces the new feature, and everyone have to login to client loader and activate the settings under user preferences. Under user preferences the user must now choose a "keyword" from a static list over perhaps 50-100 words. The user must also choose a "color" from a static list over 20-30 colors. The "keyword" and "color" that the user selected will now be associated with his/hers username and password, and will be relative to it. (This will require for MA to add two more columns to the user database) From now on the user have to pick the keyword and the color from the pop-up menus in the client loader everytime he/she wants to login. The pop-up menus will show the same static list, but in a random sequence every time.(Se screenshot) If the user have choosen "yellow" and "Fungoid" his/hers username and password will only work when "Fungoid" and "Yellow" is selected. This feature implements additional security even if the users PC is infected with a keylogger or trojan, simply because selecting the keyword and color is almost impossible to "keylogg". So the hacker might be able to get the username and password, but he still has no clue what the keyword and the color is.  Click to enlarge Last edited by e-lite; 05-12-2006 at 09:14. Reason: added "static content, random sequnce", thanks to Mr. Wot |
||||||
|
__________________
   |
|||||||
|
|
|
05-12-2006, 07:06
|
#2 | ||||||
|
Dominant
|
That sound like a very good idea.
Sould not be to much work for MA either. Only question is if MA will do anything like this, since it might lead to less sale of the Gold-card. I really think MA should have done something like this, to prove that they have focus on security. |
||||||
|
|
|
05-12-2006, 07:17
|
#3 | ||||||
|
Old Alpha
|
I hope that list of 50-100 alternative keywords is generated
anew each time. Also, each avatar should be sent a message about the new MA generated email address, which is for their account management only  |
||||||
|
__________________
Fool me once, shame on you, fool me twice, shame on Wu! |
|||||||
|
|
|
|
05-12-2006, 07:35
|
#5 | ||||||
|
Alpha
Posts:
Gender:
Ingame: Avatar Name:
Rob Rapido Green Soc: Rangers
Location: Strängnäs, Sweden
EFD: 10,465.20
|
Nice suggestion there E-lite, I like it very much. Wonder what MA say about it?
Yes I should buy a goldcard and probebly will soon, the reason (for me anyway) is, if you dont have a lots of peds, you easely use them for other things instead... Rapido |
||||||
|
|
|
|
05-12-2006, 07:41
|
#6 | ||||||
|
Stalker
Posts:
Gender:
 Ingame: Avatar Name:
June Nakia Smith Soc: Novus Ordo Seclorum
Location: In MrSmith's heart
EFD: 3,666.61
|
very good idea, would be nice if something like this was made
+rep for a nice idea and good explanation edit I must spread some before giving it again  |
||||||
|
|
|
|
05-12-2006, 07:47
|
#7 | ||||||
|
Prowler
|
Great idea... Alternatively a method online banks use is quite a good method too;
When you create your account, type in a word or phrase between 10 and 15 characters long. When you log in each time, the login process asks you for 3 random characters from this phrase which you select from listboxes. So for example, if your memorable word was "Cornundacuda", it might ask you for letters 3, 9 and 11 of this phrase (r, c and d). This is a very simple way to reduce the effectiveness of keyloggers... this could also be applied to the login for the website too (an area which isn't protected even if you have a gold card!). Anyways, +reps for the idea! |
||||||
|
__________________
Quote:
|
|||||||
|
|
|
|
05-12-2006, 07:57
|
#9 | ||||||
|
Banned
multiple accounts 
|
Good idea. Even simplier online-banking is done. You have to "human-read" some graphical manipulated digits and "click" them in via a pop-up-keypad (not typing it, keyloggers!).
 Click to enlarge Advantage for MA: No change of the database needed, just some more code for the authentification-process... Explanation: The digits are generated randomly and dont need any relationship to the account. Its a picture to prevent them being read from screen via Windows-API... even OCR-Software cant read this properly. Jac EDIT: damned, Moser was quicker... lol |
||||||
|
|
|
05-12-2006, 08:15
|
#10 | |||||||
|
Prowler
|
Quote:
This is my understanding of what you just said: Player logs in as normal with usual account name and password. Player is then prompted to input a number sequence generated within a bitmap. Surely anybody who logs in will get a randomly generated number? I don't see how this is related to the user to increase security, simply to stop some sort of login automation! Again, it's early and my brain hasn't started working properly yet |
|||||||
|
|
|
 |
| Bookmarks |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
|
|
| EntropiaTracker.com Loot Trends | ||
| Hunting Loot: + 31.81 % | Mining Loot: + 35.13 % | Crafting Loot: + 11.05 % |
| EntropiaTracker.com Latest Uber Loots |