There's been a lot of talk about security options and such for EQ, and how they're severely lacking for amount of CS currently available to us. So I figured I'd do some a little work with paint.net to showcase an idea that could be contained within the EQ client, and prevent *most* of the worst issues from occurring. (In case the bad font matching and clone stamping doesn't make it obvious enough, this option doesn't exist, these pics are just how I'd implement it.) Oh look, a new option on the character select screen, what happens if we click it? That sounds useful! [1] Ok, done! [2] Well, maybe I want to send this frog to another server, let's try doing that! [3] Yes, of course! [4] Hm, how long before I start listing all my awesome monk gear in a bazaar? [5] Thought/feedback on this? Non-UI notes: There is no current way to prevent malicious character deletions or transfers by anyone who might have access to your computer or account. (Including decisions made by the account owner while in an altered state of mind.) Since DBG CS will not assist in these matters, it is extremely easy to destroy a character with 10+ years of investment without any recourse. Such important decisions should have a way enforcing a cooldown period on anything that can not be reversed. One bad night, or a fight with a spouse shouldn't immediately destroy something with such emotional attachment. This would add an opt-in lockout to major character changes that are completely irreversible under current DBG policies. 7 days should be enough time to give emotions a chance to calm down, or to give the account owner time to notice/prevent unauthorized changes to important characters. There SHOULD be email notification of both locking and unlocking of a character. I don't know if that's something that can be done from within the client without too much additional work. But I'd gladly take this system without email notification over what we have now. If you plan on doing server transfers, or have names reserved on characters you're planning to delete, don't opt-in to this. UI notes for this mockup: [1] These windows purposefully do not use the type character name idea from the new delete character option. Locking and deleting are exact opposites, and there should not be a way to confuse the two. If typing the character's name means that character getting nuked, that should NEVER be used for anything else. This should also send an Email to the address associated with the account. If that's easy to do, who knows? [2] The lock icon should be familiar, and unintrusive. Nothing about it should really pop out to attract attention. I used FF's ssl padlock on the class icon in a way that is hopefully easy to understand and doesn't change the look of character too much. [3] This wording feels a little clunky, there's probably a better way to phrase unlocking. (I missed undoing the greyed out Ok button by mistake). [4] A character being unlocked should pop out and attract attention. Something important is changing. If the user authorized it, then they will know what is going on. If they did not authorize it, then the fact that SOMETHING is happening should be immediately obvious and worth investigating. Animating the ellipse, or throwing a visual countdown timer on the button would help draw attention to the way to undo/confirm the red highlight. [5] I wanted a clear countdown timer, and unambiguous buttons here. I chose Abort over Cancel because Continue also started with a C. These are important buttons that should have a clear meaning even if the user skims the dialog box.
I'd imagine this should be somewhat simple to implement (they have plenty of other time based mechanics in game and available at that point - return home?). I'm sure it should be obvious but your wording is a little ambiguous about it, that it would be a timer to unlock. Locking carry's no timer, but unlocking takes 7 days.
Edit isn't quoting my old text, but I take the last comment back. Your text is a little unclear, but the visual mockup very clearly shows it taking 7 days to unlock.
Good idea. Expanding on the OP's idea: 1) When you lock character(s), it is instant, and permanent until... (see 2). 2) When you want to un-lock character(s), clicking the un-lock button would send the account owner an email stating exactly what is going on. The toon(s) can only be un-locked by clicking the link in the email. This way, if someone else did have your login credentials, you (the account holder) would get an email notifying you that something is going on.
Full 2fa would be nice. But this IS Everquest that we're talking about. And I wanted the unlock timer to be a hard waiting period, with no way to shortcut the wait, so even a fully compromised system can't immediately transfer or delete any characters.
I love this option. This is something I want the developers to spend their time developing. Security is important. Failing to implement security because "there isn't enough time" ends up being a huge mistake in most situations. I can see that this option doesn't exactly do anything to actually increase security... it's a beautiful safety net should someone nefarious gain access to our accounts.
Instead of the "Are you SURE you wish to lock/unlock this character?" context boxes, I'd rather it say something like "A 4-digit code has been sent to the 2-factor authorization method you have chosen. This code will expire in one hour. Enter the code here to lock/unlock this character:" The code would be sent either via text, email, or (the unlikely case that DBG ever creates) a standalone app. As for the visual of how the character locking is presented, the faded image of the lock is actually pretty hard to see when placed over the class symbol for the selected character. I would recommend placing the lock at the upper right instead of upper left, and possibly making the lock more opaque. And I am guessing that you would get the "Time remaining to unlock this character" context box from clicking on the "Unlocking..." button? I like that you include the ability to cancel the unlocking process. I think it's a good idea as presented here, in a simple way that seems hard to screw up unless you're incapable of reading. I just wish it would come with the security improvements attached as well.
This seems simple enough to rapidly implement. If there is no authenticator, something like this needs to happen. Side note: why is everyone said "literally" so often all of the sudden??? It's a plague and needs to stop.
You are amazing. Marry me? Also, the Dontmovemetofv name made me literally* LOL. *said with no sarcasm whatsoever
All of my yes to this, but option to keep clicking lock to add exponential locked out days to a character