#101
|
|||
|
No way
Long as its a optional thing that seems fine. But I will always opt to give as little information to the internet as humanly possible. I don't use face book, don't own a cellular phone, other than having an email for being able to do stuff like this that is it. Perhaps a secret question could be implemented or some such similar method using your email address, or just continue playing at your own risk like before.
| ||
|
#102
|
|||
|
It strikes me that you're solving two problems at once: The first is an "identification" problem. You want to tie a username to a person (in the end, that's what it boils down to). The second is "secure communication," for things such as password resets.
Secure communication has a ton of alternate solutions, especially those suggested in earlier posts such as PGP encrypted communications. Many of them would require less work than the SMS thing you're working on. The former is what I think is bothering people. While I'd give you my phone number now, after playing for a month or two and seeing just how much pride you have in your work, I second the sentiments of an earlier poster: I would probably not have signed up if I had to give ANYTHING personally identifying. Hell, I was wary giving you my real email address, and considered using a spam address instead. One has to know just how awesome the work you guys put in is before feeling comfortable giving you data, and you wouldn't find that out until AFTER you authenticate. As a hobbyist security "expert" (isn't it great when people put "hobbyist" and "expert" in the same sentence), I'd like to see a threat model of what you perceive the threats to be, and why that threat model mandates something like a phone number. I have a feeling the threat model will indicate that the threats are to individual accounts, not to the server on a whole. If so, then authentication should be optional according to each individual's risk thresholds. The only effect I see on the server as a whole is the load on you guys when you have to replace hacked characters. Perhaps, instead of mandating authentication, you should set your terms such that those who don't authenticate get the same support after being hacked than you give those who do authenticate. I don't know what the copyright issues regarding EQ's IP has to say about donations, but if it was legal, I wouldn't be opposed to you guys declaring "If you don't authenticate, and your account is hacked, we wont restore your data unless you provide a $10 donation to help keep the servers running." In my (very capitalist) opinion, that would be an excellent way to make up for the fact that they're making you spend your time helping one person (rather than helping us all by doing the development you enjoy) by making them help pay for the server bandwidth that we all enjoy! Even in the FOSS world, its common to give the software for free, and make them pay for support! -- Slightly related, if someone's account was hacked and a unique item (say, rubicite) was taken and sold to me for plat, what would be the policy for restoring the item? Do you guys add additional rubicite to the world, or do you undo as many transactions as you can, trying to make it seem like the hack never occurred. The policy on items like this would appear to have a significant effect on how much time it costs you guys to undo a hack. | ||
|
#103
|
||||
|
google
Quote:
| |||
|
#104
|
||||
|
Quote:
The 29 countries now supported by Pinger include: American Samoa, Australia, Bahamas, Bangladesh, Barbados, Belize, British Virgin Islands, Canada, Cayman Islands, China, Costa Rica, Ecuador, El Salvador, Germany, Guam, Guatemala, Guyana, Honduras, Israel, Jamaica, New Zealand, Nicaragua, Northern Mariana Islands, Panama, Peru, Puerto Rico, Sri Lanka, United States, and Venezuela. no more excuse although this pretty much defeats the purpose. there's always going to be a way to get around something and reason why i feel this new authentication method should be optional. | |||
|
#105
|
|||
|
Any word on this Rogean?
| ||
|
#106
|
||||
|
Quote:
| |||
|
#107
|
|||
|
you are using the internet, your ip is connected to your isp, your isp has your phone number, credit card number, address...
fact is your phone number is the least of your worries... the worst that could happen is someone rings you... | ||
|
#108
|
|||
|
Just wondering if this option is still on table? And if there have been any developments on possible implementation?
| ||
|
#109
|
|||
|
There must be other ways to go about...personally I don't like the idea of giving out my cell phone number. As crazy as the World today, people can find out a lot of info on a person just by knowing their phone number.
| ||
|
#110
|
|||
|
I don't have a cell phone, because I don't need one. As long as there is an alternate method that doesn't require me to maintain a cell phone account to play, or keep borrowing one from a friend which would be annoying, it's fine.
| ||
|
|
|