With the inability to restore characters and so on as per new CS policy can a feature be added to the game to lock your characters so the delete and transfer functions will not work unless unlocked with a 30 day lead time? This will help to ensure that accidents do not happen. Other similar functions might be lock destroying/selling prestige gear.
I'd be ok with a permanent lock too. Be able to lock my character slots from never being deleted/transferred.
I agree, preventing deletion by locking characters is a good idea but locking transfers just opens a new can of worms. Instead of hacking and deleting toons, they transfer locks my characters so now your stuck on a server. Also each account should have probably have a limited number locks (3?). Otherwise you run into the issue of maxxed out / locked character slots and not being to create a new toon. Which actually reminds me, will they xfer toons between accounts now? There's no potion for that right?
Set a one-time password associated with a 'Do not transfer/delete' request transmitted to DBG that's kept on file but not viewable/changeable through any means client-side. Should someone have their credentials compromised locally it won't do a bad actor any good because they have no way to know and no way of finding out what that password is.
and then, 2 years later when you want to server xfer, be unable to do so because you can't remember what you told them your password was - which in my experience would be approximately 40% of all people. i think a 7 day 'wait period' for a transfer to FV and an automatic email to the registered email address any time any account info is changed or a transfer is requested should do pretty well to curb this kind of thing.
That wouldn't be an issue if they'd let you buy up to 16 character slots (maybe one more for a trader bot).
Great tip, but that doesn't protect everyone. Do you remember the time when Sony got hacked, thousands of account information was stolen, and EQ was down for a month? All of those people should have not shared their account information, am I right?
The username, previous password hash, character name, email address, etc, everything for nearly all accounts are already out there and have been for years. It's just our changed passwords that are needed.
no rational person is going to spend multiple years developing a character and delete it when they can buy more character slots or play on another server or purchase an additional account. the risk of getting hacked even if you do not share your account is extremely high. In other games hackers use so many exploits to get your information that you go to some site which a majority of the player base would believe innocent such as eqr, allas, or w/e, but it installs a key logger and you have no idea. no virus scan detects it and you are done. (This exact case continues to happen all the time) there should be put even more stringent methods to prevent accidental deletion or transfer. if my main were deleted and/or stripped without my consent I would immediately cancel my subscription and start encouraging others to do the same if not restored. I would never play another SOE/DBG game again. people who would want to transfer a locked character would go through an unlock process that has a built in wait time and email notifications and in game notification are given.
Well, it depends. If a person doesn't practice safe computing ("Do you I want to update my Java? Sure, why wouldn't I? <click>"), then the risk of getting hacked may be quite high even if he or she doesn't share account information. And then there are server-side attacks, which end users can't do anything about except perhaps use more secure passwords.
Well the server-side attacks take out clumps of accounts and in the past Daybreak (nee SOE) made good since it was responsible. These scattered account hacks are done on the user end. "Doesn't practice safe computing" in these kinds of cases almost always means gave away (maybe without intending to) their User ID and password. That's entirely their responsibility. I might not think I'm sharing my account but if my User ID was Battleaxe (it isn't) and my password was Dwarf I'm sharing it. If a user can't be bothered to secure their account info why should Daybreak pay the price for the user's negligence? One hour of CS done by a database engineer (including overhead) is greater than the revenue generated by an account in a year. Not profit, revenue. Dollars brought in before expenses are taken out. It's especially egregious given that Daybreak sells a secondary password dongle for $9.99 for those who can't or won't.
If you log out and back in here under the Station Password text entry item you'll see "* If you have an SOE Authenticator, enter your password and then your PIN to access your account." It's less clear to me how it's used (or even if it's used) at EQ game log in. I assume you select the Enhanced Security option, register it, and an EQ login supporting it is provided when you log in. It would require physical access to the authenticator to log in if you were concerned about meeting your User ID and password security responsibilities.
“It's especially egregious given that Daybreak sells a secondary password dongle for $9.99 for those who can't or won't.”Where can I get one of those in the UK ? What are they called? Not something I've heard of before. https://www.soe.com/soeauthenticator/ They brought it out after one of the previous times there was a security breach. It made sense to SOE to *sell* us something to help fix their own security problems. /shrug
Remember Daybreak is pretty much being ddos'd every other week at the moment, so who knows what information is being leaked in the ddos'd (if they are attacking it to gain information).
DDoSing isn't hacking DBG or violating access rights to anything secure. It's flooding the servers with tons of garbage requests to prevent real requests from being processed. Like ringing a door bell 50,000 times a second so that the door isn't answered for the one real visitor in that time. No amount of door bell ringing will open the safe in the bedroom, though.
It depends which servers they are DDOSing.... and what they are doing other than the DDOS, sql injection and ddos of 2012 by any chance?
