|
|
|
|
#2
11-14-2011, 05:15 PM
|
|||
|
I understand you want to make stuff easier for yourself, but its a privacy nightmare.
Don't people already have an email address registered to the account? If they get their account and email hacked, then they are pretty much retards to begin with and can't be helped. You worry too much about people whining about hacked accounts. People aren't paying for this and you have no Service level agreement with the users. If you catch someone hacking, perma ban account and related IPs. Otherwise ban the accounts that were "hacked" and accounts accessed on same IP if they can provide the relevant account information, and tell them they should be more careful in the future. Account security isn't rocket science and maybe if people lose a game account that costs them nothing, they might actually smarten up instead of learning to expect other people to fix shit for them. | ||
|
|
|||
|
#4
11-27-2011, 08:14 PM
|
|||
|
No way
Long as its a optional thing that seems fine. But I will always opt to give as little information to the internet as humanly possible. I don't use face book, don't own a cellular phone, other than having an email for being able to do stuff like this that is it. Perhaps a secret question could be implemented or some such similar method using your email address, or just continue playing at your own risk like before.
| ||
|
|
|||
|
#5
12-22-2011, 03:02 PM
|
|||
|
It strikes me that you're solving two problems at once: The first is an "identification" problem. You want to tie a username to a person (in the end, that's what it boils down to). The second is "secure communication," for things such as password resets.
Secure communication has a ton of alternate solutions, especially those suggested in earlier posts such as PGP encrypted communications. Many of them would require less work than the SMS thing you're working on. The former is what I think is bothering people. While I'd give you my phone number now, after playing for a month or two and seeing just how much pride you have in your work, I second the sentiments of an earlier poster: I would probably not have signed up if I had to give ANYTHING personally identifying. Hell, I was wary giving you my real email address, and considered using a spam address instead. One has to know just how awesome the work you guys put in is before feeling comfortable giving you data, and you wouldn't find that out until AFTER you authenticate. As a hobbyist security "expert" (isn't it great when people put "hobbyist" and "expert" in the same sentence), I'd like to see a threat model of what you perceive the threats to be, and why that threat model mandates something like a phone number. I have a feeling the threat model will indicate that the threats are to individual accounts, not to the server on a whole. If so, then authentication should be optional according to each individual's risk thresholds. The only effect I see on the server as a whole is the load on you guys when you have to replace hacked characters. Perhaps, instead of mandating authentication, you should set your terms such that those who don't authenticate get the same support after being hacked than you give those who do authenticate. I don't know what the copyright issues regarding EQ's IP has to say about donations, but if it was legal, I wouldn't be opposed to you guys declaring "If you don't authenticate, and your account is hacked, we wont restore your data unless you provide a $10 donation to help keep the servers running." In my (very capitalist) opinion, that would be an excellent way to make up for the fact that they're making you spend your time helping one person (rather than helping us all by doing the development you enjoy) by making them help pay for the server bandwidth that we all enjoy! Even in the FOSS world, its common to give the software for free, and make them pay for support! -- Slightly related, if someone's account was hacked and a unique item (say, rubicite) was taken and sold to me for plat, what would be the policy for restoring the item? Do you guys add additional rubicite to the world, or do you undo as many transactions as you can, trying to make it seem like the hack never occurred. The policy on items like this would appear to have a significant effect on how much time it costs you guys to undo a hack. | ||
|
|
|||
|
#7
03-12-2012, 04:33 AM
|
|||
|
you are using the internet, your ip is connected to your isp, your isp has your phone number, credit card number, address...
fact is your phone number is the least of your worries... the worst that could happen is someone rings you... | ||
|
|
|||
|
#10
11-17-2012, 09:43 AM
|
|||
|
I don't have a cell phone, because I don't need one. As long as there is an alternate method that doesn't require me to maintain a cell phone account to play, or keep borrowing one from a friend which would be annoying, it's fine.
| ||
|
|
|||
 |
|
|
Hybrid Mode
