Feedback talk:User/Sjeng/Account Security Ideas

Yeah that 24 hours without salvage, trade, ability to drop items after password change is a really good idea. --Musha Talk  03:28, 7 January 2010 (UTC)

I would personally add another point here... with the new changes in account login procedures, specifically, the need to include a valid character name on the account as an answer to a "Security Question", there is now a new set of problems, and these are likely to not only make things more difficult for would-be account thieves (a good thing), but also make things more difficult for legitimate account holders and support GMs (both bad things).

The problem here is that many people, myself included, do not remember their character names precisely, and/or have long character names that are too long to be accepted by the system, and/or are not completely sure how their character names are spelled, and/or have more than one account. If any one of these potential problems rears its ugly head (with the exception of multiple accounts), then the account holder is put in the position of needing to contact the support team simply to find a usable character name. This is an annoying hassle for the account holder, and also creates a large volume of support requests that could be avoided, thus wasting everybody's time, including the support GMs.

For those with multiple accounts it presents another set of problems related to remembering not only one useful character name, but two or more, and remembering which characters are on which accounts. This can lead to additional support requests for character names, but it also makes the login process take longer. Additionally, while you can tell the system to remember a character name you enter, but this does not help those with multiple accounts. It might be possible to set up multiple program shortcuts with command line options that can be used to automatically fill in such information, and one can certainly create and save a file in which they record login information, but both such options are unsecured on shared computers or if an account thief manages to gain access to the computer in some way (e.g. remote desktop hacking).

It is my opinion, therefore, that the current system should be revamped again to allow a legitimate account holder to change the "Security Question" and define an answer for it once they have successfully logged in with a character name. New security questions could be similar to those used by other online security systems, such as "Mother's Maiden Name" or "Make of First Car" and so forth. These new security questions would then be easier to remember, and someone with multiple accounts could use the same information for all accounts. this would make things easier for legitimate account holders, but it would still be just as secure, and since the required information would be easier for account holders to remember, it would also reduce the volume of support requests asking simply for a character name, thus freeing up support GMs' time to focus on more significant customer issues.

Obviously I could start my own suggestion page for this issue, but yours is so well and generally named that this could easily fit in right here. --Kyouchou 8 January 2010, 12:53 (PST)