Announcements

Join the ongoing conversation on Discord: https://discord.gg/w6Tpkp2

To purchase your copy of the City of Titans Launcher, visit our store at https://store.missingworldsmedia.com/ A purchase of $50 or more will give you a link to download the Launcher for Windows or Mac based machines.

Length of Names

138 posts / 0 new
Last post
Huckleberry
Huckleberry's picture
Offline
Last seen: 23 hours 15 min ago
Joined: 01/03/2016 - 08:39
Lothic wrote:
Lothic wrote:

Molehill, meet mountain. If you're seriously worried that the Evil-Doers of the Dark Web *laugh* are going to be actively trafficking in hacked accounts for this game you obviously don't have enough to worry about in the "real" world. If it makes you feel better I'm sure the game will let you change your password every 5 minutes as needed.

Foot in the door meet massive credit card theft. Once in, there's really not much limit to what someone can do. One password begets others begets others. Do you really think people hack games to wreak havok with the games? Maybe some kids do. I have to give you that.

Lothic wrote:

This scheme is good enough for the US Air Force (even in cases for systems that don't require CACs). Why wouldn't it be good enough for this game?

Huckleberry wrote:

If you think that is good enough for the Air Force, you need to go back and do your Cyber Awareness Challenge training again.

I've only retaken that "course" maybe 20+ times in my career. I currently use that approved scheme on a dozen different systems/networks. I imagine our OPSEC coordinator or Mission Commanders would have a good laugh at your expense about your overly-apocalyptic thoughts on this matter.

Your response brings to me the image of a guard standing watch on a small access door near the back of a large fortified wall with many other doors and gates. His superiors have told him to watch that door because the security of the entire city rests on his shoulders. And they're right because an opponent will exploit any weakness in security. And that guard can justifiably go home every night knowing he's keeping the city safe. But to think that the entire security of the city depends solely on that one guard at that one door is comical. And so is your argument that it is clever passwords that keep the Air Force safe.

In fact, in another thread you yourself have mentioned that you can not access this site when you are out to sea on your Department of Defense job. You've mentioned that it might have something to do with security certificates. For whatever reason, there are other security protocols at work at completely different echelons of your organization that consider security to be above and beyond passwords. And again, you are not doing yourself a service saying that you've taken that course over 20 times in your career while at the same time completely missing the point that 75% of that training is about behavior modification, being on the lookout for phishing and protecting your identity online, and only a small portion of it discusses password strength.

Lothic wrote:

I'm sure MWM will use whatever methods are both effective and practical for their needs.

On this we agree.

lothic wrote:

I simply argue that you're continuing to propose they use a contrived Rube Goldberg-esque solution for something that does not strictly require it.

And on this I respectfully disagree. But it will be the folks at MWM who will attempt to quantify the business value of risk exposure.

[hr]I like to take your ideas and supersize them. This isn't criticism, it is flattery. I come with nothing but good will and a spirit of team-building. If you take what I write any other way, that is probably just because I wasn't very clear.

Lothic
Lothic's picture
Offline
Last seen: 5 months 6 days ago
kickstarter11th Anniversary Badge
Joined: 10/02/2013 - 00:27
Huckleberry wrote:
Huckleberry wrote:
Lothic wrote:

Molehill, meet mountain. If you're seriously worried that the Evil-Doers of the Dark Web *laugh* are going to be actively trafficking in hacked accounts for this game you obviously don't have enough to worry about in the "real" world. If it makes you feel better I'm sure the game will let you change your password every 5 minutes as needed.

Foot in the door meet massive credit card theft. Once in, there's really not much limit to what someone can do. One password begets others begets others. Do you really think people hack games to wreak havok with the games? Maybe some kids do. I have to give you that.

You know if MWM ends up failing to meet with your "high standards" of security you could always -not- give them your financial info. Frankly given how desperate you seem to be trying to paint a worst-case scenario picture here you'd probably sleep better at night not giving them your info regardless. *shrugs*

Huckleberry wrote:
Lothic wrote:

This scheme is good enough for the US Air Force (even in cases for systems that don't require CACs). Why wouldn't it be good enough for this game?

Huckleberry wrote:

If you think that is good enough for the Air Force, you need to go back and do your Cyber Awareness Challenge training again.

I've only retaken that "course" maybe 20+ times in my career. I currently use that approved scheme on a dozen different systems/networks. I imagine our OPSEC coordinator or Mission Commanders would have a good laugh at your expense about your overly-apocalyptic thoughts on this matter.

Your response brings to me the image of a guard standing watch on a small access door near the back of a large fortified wall with many other doors and gates. His superiors have told him to watch that door because the security of the entire city rests on his shoulders. And they're right because an opponent will exploit any weakness in security. And that guard can justifiably go home every night knowing he's keeping the city safe. But to think that the entire security of the city depends solely on that one guard at that one door is comical. And so is your argument that it is clever passwords that keep the Air Force safe.

You've been watching too many movies. Mine is not an "argument" but a statement of policy. Feel free to write to your congressperson to tell them how things "ought" to be done at the DoD. *sigh*

Huckleberry wrote:

In fact, in another thread you yourself have mentioned that you can not access this site when you are out to sea on your Department of Defense job. You've mentioned that it might have something to do with security certificates. For whatever reason, there are other security protocols at work at completely different echelons of your organization that consider security to be above and beyond passwords.

Always jumping in with assumptions based on incomplete facts. How do your faulty conclusions here explain why both our NIPRnet and SIPRnet systems allow countless webpages that have NO encryption certificates at all to pass though unblocked? Ironically the problem this CoT webpage has in particular seems to be completely arbitrary at this point, especially considering I actually CAN log into it about once every 20 tries. The problem is the lack of consistency, which has nothing to do with "security protocols at work at completely different echelons of your organization"... heh, where do you get this crap from?

huckleberry wrote:

And again, you are not doing yourself a service saying that you've taken that course over 20 times in your career while at the same time completely missing the point that 75% of that training is about behavior modification, being on the lookout for phishing and protecting your identity online, and only a small portion of it discusses password strength.

Your tax dollars at work... ain't that a bitch. Imagine your hard-earned money going to the "govermint" to keep the Military-Industrial Complex running. Then imagine a tiny portion of that which filters down through the cracks to support my meager six-figure salary. Who said life was fair... ;)

Huckleberry wrote:
Lothic wrote:

I'm sure MWM will use whatever methods are both effective and practical for their needs.

On this we agree.

lothic wrote:

I simply argue that you're continuing to propose they use a contrived Rube Goldberg-esque solution for something that does not strictly require it.

And on this I respectfully disagree. But it will be the folks at MWM who will attempt to quantify the business value of risk exposure.

Obviously if MWM chooses to use third-party tokens, EMV based CACs, or even biometrics (which happen to be illegal in Illinois and Texas) I'm sure we'll have hyper obsessive people like you to thank for it.

CoH player from April 25, 2004 to November 30, 2012
[IMG=400x225]https://i.imgur.com/NHUthWM.jpeg[/IMG]

Crimsonomen20
Offline
Last seen: 5 years 7 months ago
Joined: 01/19/2018 - 17:54
Back to the topic on hand, I

Back to the topic on hand, I vote for about 24@24 length. This seems like a solid number and I'm not sure many people will truly need more than that. While we will always have outliers, I thik it's a fair shake.

On the global side, I son't really care if we have random numbers generated at the end, or if it will be a choice. I'll probably just deal with it. If there was a choice, that'd be swell but it's hardly a dealbreaker for me.

Lothic
Lothic's picture
Offline
Last seen: 5 months 6 days ago
kickstarter11th Anniversary Badge
Joined: 10/02/2013 - 00:27
Crimsonomen20 wrote:
Crimsonomen20 wrote:

Back to the topic on hand, I vote for about 24@24 length. This seems like a solid number and I'm not sure many people will truly need more than that. While we will always have outliers, I thik it's a fair shake.

On the global side, I son't really care if we have random numbers generated at the end, or if it will be a choice. I'll probably just deal with it. If there was a choice, that'd be swell but it's hardly a dealbreaker for me.

LOL if I have one self-admitted failing is that I do like to play verbal tennis with people who don't know better than to just stop hitting the "ball" back to me. ;)

For what it's worth a 24@24 naming scheme seems reasonable enough to me for this game. I already made my position clear on the "random numbers" thing several hundred thousand posts ago...

CoH player from April 25, 2004 to November 30, 2012
[IMG=400x225]https://i.imgur.com/NHUthWM.jpeg[/IMG]

Dark Ether
Dark Ether's picture
Offline
Last seen: 4 years 11 months ago
kickstarter
Joined: 10/03/2013 - 16:26
There may be one thing about

There may be one thing about the game that people won't argue about, but we still haven't discovered it yet.

(insert pithy comment here)

Project_Hero
Project_Hero's picture
Offline
Last seen: 3 years 2 months ago
Joined: 10/09/2014 - 11:21
Dark Ether wrote:
Dark Ether wrote:

There may be one thing about the game that people won't argue about, but we still haven't discovered it yet.

That it'll be a Superhero game? That seems to be a point everyone agrees on.

"Let the past die. Kill it if you have to."

Lothic
Lothic's picture
Offline
Last seen: 5 months 6 days ago
kickstarter11th Anniversary Badge
Joined: 10/02/2013 - 00:27
Project_Hero wrote:
Project_Hero wrote:
Dark Ether wrote:

There may be one thing about the game that people won't argue about, but we still haven't discovered it yet.

That it'll be a Superhero game? That seems to be a point everyone agrees on.

Actually it's just a 21st century computerized rehash of the classical cult-worship of the [url=https://en.wikipedia.org/wiki/Twelve_Olympians]Olympic pantheon archetypes[/url]... lol ;)

CoH player from April 25, 2004 to November 30, 2012
[IMG=400x225]https://i.imgur.com/NHUthWM.jpeg[/IMG]

Huckleberry
Huckleberry's picture
Offline
Last seen: 23 hours 15 min ago
Joined: 01/03/2016 - 08:39
Huckleberry wrote:

I can't believe I'm having this discussion with someone who calls herself a software engineer.

The entire point I'm trying to make is that while passwords will indeed protect against one kind of threat. There are other threats that are now [u]far more prevalent and successful[/u] and that don't care how complex your password is. I don't know how many times or how many different ways I have to say it. Hackers now obtain passwords. Passwords are a fungible resource in cybercrime. So if your password is three letters or a random string of letters number and symbols, both uppercase and lowercase, it is still just a text string to them. So unless you change it regularly or provide 3rd party authentication, if someone already has your password no complexity will save you.

Just look at this [url=https://www.reddit.com/r/gamedev/comments/1jd2t5/protocol_encryption_for_indie_mmos/]thread on reddit[/url] from four years ago to see just some of the concerns I discuss and the kinds of things hackers do to get between the users and the systems.

lothic wrote:
Huckleberry wrote:

And on this I respectfully disagree. But it will be the folks at MWM who will attempt to quantify the business value of risk exposure.

Obviously if MWM chooses to use third-party tokens, EMV based CACs, or even biometrics (which happen to be illegal in Illinois and Texas) I'm sure we'll have hyper obsessive people like you to thank for it.

Actually no. If MWM decides to use third-party encryption you can thank them for it, I know I will. Regardless of whether in your book they are considered hyper-obsessive or not.

[hr]I like to take your ideas and supersize them. This isn't criticism, it is flattery. I come with nothing but good will and a spirit of team-building. If you take what I write any other way, that is probably just because I wasn't very clear.

Huckleberry
Huckleberry's picture
Offline
Last seen: 23 hours 15 min ago
Joined: 01/03/2016 - 08:39
Project_Hero wrote:
Project_Hero wrote:
Dark Ether wrote:

There may be one thing about the game that people won't argue about, but we still haven't discovered it yet.

That it'll be a Superhero game? That seems to be a point everyone agrees on.

I dunno. Some people want to play villains, or anti-heroes. I mean, heck, just look at City of Villians.

(sorry, If I didn't, someone else would have. I have no intention of arguing, its just that you were practically asking for it! =p)

[hr]I like to take your ideas and supersize them. This isn't criticism, it is flattery. I come with nothing but good will and a spirit of team-building. If you take what I write any other way, that is probably just because I wasn't very clear.

Lothic
Lothic's picture
Offline
Last seen: 5 months 6 days ago
kickstarter11th Anniversary Badge
Joined: 10/02/2013 - 00:27
Huckleberry wrote:
Huckleberry wrote:

I can't believe I'm having this discussion with someone who calls herself a software engineer.

I can't believe it either... take the hint.

Huckleberry wrote:

The entire point I'm trying to make is that while passwords will indeed protect against one kind of threat. There are other threats that are now [u]far more prevalent and successful[/u] and that don't care how complex your password is. I don't know how many times or how many different ways I have to say it. Hackers now obtain passwords. Passwords are a fungible resource in cybercrime. So if your password is three letters or a random string of letters number and symbols, both uppercase and lowercase, it is still just a text string to them. So unless you change it regularly or provide 3rd party authentication, if someone already has your password no complexity will save you.

Look at it this way: If I supposedly haven't learned this "Day One" BS yet after decades of professional work experience do you seriously think you'd have a chance to teach me with a handful of alarmist paragraphs on your part? Stop beating your head against the wall and count to 10 on this one. Can you seriously not tell I'm just sort of f***king with you at this point?

The only way this game would have a security methodology as GOOD as the US Air Force would be to issue every player an EMV enabled ID card (CACs for the DoD) and make sure every player had a reader for that card. Tell me you think that's going to happen anytime soon for a MMO being developed on a shoestring budget. The password policy I cited earlier is what the Air Force approves of for systems that do not require CACs. Trust me when I say that to this day that includes plenty of systems that process classified data. Frankly I remain unconvinced CoT would require a security posture anywhere near as remotely convoluted as you insist upon. I'm sorry, you just aren't going to convince me otherwise regardless of your hangups about that.

Huckleberry wrote:

Just look at this [url=https://www.reddit.com/r/gamedev/comments/1jd2t5/protocol_encryption_for_indie_mmos/]thread on reddit[/url] from four years ago to see just some of the concerns I discuss and the kinds of things hackers do to get between the users and the systems.

To be honest I'm not going to bother - the fact that you can easily link to a discussion you had about this topic four years ago tells me all I need to know here. This is obviously a touchy, nerve-tickling subject for you and it's probably safe to say you won't really like anything else I respond with on this topic.

Huckleberry wrote:
Lothic wrote:
Huckleberry wrote:

And on this I respectfully disagree. But it will be the folks at MWM who will attempt to quantify the business value of risk exposure.

Obviously if MWM chooses to use third-party tokens, EMV based CACs, or even biometrics (which happen to be illegal in Illinois and Texas) I'm sure we'll have hyper obsessive people like you to thank for it.

Actually no. If MWM decides to use third-party encryption you can thank them for it, I know I will. Regardless of whether in your book they are considered hyper-obsessive or not.

No, I'm still going to -blame- people like you for it no matter how irrational that sounds or not. Trust me when I say that'll make me feel better in the long run; I've already blamed MWM for enough questionable decisions of their own making so I figure someone else can shoulder some of the extra burden for them.

CoH player from April 25, 2004 to November 30, 2012
[IMG=400x225]https://i.imgur.com/NHUthWM.jpeg[/IMG]

Project_Hero
Project_Hero's picture
Offline
Last seen: 3 years 2 months ago
Joined: 10/09/2014 - 11:21
Huckleberry wrote:
Huckleberry wrote:
Project_Hero wrote:
Dark Ether wrote:

There may be one thing about the game that people won't argue about, but we still haven't discovered it yet.

That it'll be a Superhero game? That seems to be a point everyone agrees on.

I dunno. Some people want to play villains, or anti-heroes. I mean, heck, just look at City of Villians.

(sorry, If I didn't, someone else would have. I have no intention of arguing, its just that you were practically asking for it! =p)

A Superhero game would I assume also include super villains, nice try though :p

"Let the past die. Kill it if you have to."

Huckleberry
Huckleberry's picture
Offline
Last seen: 23 hours 15 min ago
Joined: 01/03/2016 - 08:39
Look at it this way: If I
Losthic wrote:

Look at it this way: If I supposedly haven't learned this "Day One" BS yet after decades of professional work experience do you seriously think you'd have a chance to teach me with a handful of alarmist paragraphs on your part? Stop beating your head against the wall and count to 10 on this one. Can you seriously not tell I'm just sort of f***king with you at this point?

You are so right.

And no, I seriously can not tell that you have been anything other than serious. My apologies.

Lothic wrote:

The only way this game would have a security methodology as GOOD as the US Air Force would be to issue every player an EMV enabled ID card (CACs for the DoD) and make sure every player had a reader for that card. Tell me you think that's going to happen anytime soon for a MMO being developed on a shoestring budget. The password policy I cited earlier is what the Air Force approves of for systems that do not require CACs. Trust me when I say that to this day that includes plenty of systems that process classified data. Frankly I remain unconvinced CoT would require a security posture anywhere near as remotely convoluted as you insist upon. I'm sorry, you just aren't going to convince me otherwise regardless of your hangups about that.

Hey, you're the one who brought up Air Force security into this; and you did so by saying that in the Air Force password complexity was all it needed to be secure. [url=https://cityoftitans.com/comment/137846#comment-137846](refer to post #88)[/url] Now you are changing that tune. And really, that's all I was trying to accomplish. Telling people all they need is a complex password is a falsehood, and there are other security measures an IT system needs to enact if it wants to keep itself and its users protected from the [u]most likely[/u] threats.

Lothic wrote:
Huckleberry wrote:

Just look at this [url=https://www.reddit.com/r/gamedev/comments/1jd2t5/protocol_encryption_for_indie_mmos/]thread on reddit[/url] from four years ago to see just some of the concerns I discuss and the kinds of things hackers do to get between the users and the systems.

To be honest I'm not going to bother - the fact that you can easily link to a discussion you had about this topic four years ago tells me all I need to know here. This is obviously a touchy, nerve-tickling subject for you and it's probably safe to say you won't really like anything else I respond with on this topic.

Actually that link was the result of a 15 second search I did on Google this morning and I was not associated with it at all. I would expect a true security specialist to be able to reference far more recent discussion that would show password complexity is but the smallest and simplest form of account security and it can be bypassed quite easily. Complex passwords thwart ONE specific threat. There are so many others.
[hr]
And so, to bring this thread back to one of its original tangents. It was suggested by Radiac in [url=https://cityoftitans.com/comment/137805#comment-137805]post #69[/url] that adding 4 random digits to everyone's display name might be a security measure instituted by Arenanet when they made GW2. This idea had some merit since those 4 digits were not displayed as part of the user's global name unless there was a duplicate name. While it was probably not done for security purposes, doing so actually would add a layer of security [b]if[/b] those numbers really were unknown to any but the owner and the system.

However, looking at the GW2 forums, you can see that those four digits show up after everyone's name. So whatever security they would or could have provided is moot since they are, in fact, on public display. Thus I put my money on what others have suggested: It was a convenience issue to allow players to choose whatever display name they want; and maybe even to pre-empt other issues associated with server mergers and the like.

[hr]I like to take your ideas and supersize them. This isn't criticism, it is flattery. I come with nothing but good will and a spirit of team-building. If you take what I write any other way, that is probably just because I wasn't very clear.

Huckleberry
Huckleberry's picture
Offline
Last seen: 23 hours 15 min ago
Joined: 01/03/2016 - 08:39
Project_Hero wrote:
Project_Hero wrote:

A Superhero game would I assume also include super villains, nice try though :p

Oh well. It was worth a try. I hope someone chuckled, somewhere..

[hr]I like to take your ideas and supersize them. This isn't criticism, it is flattery. I come with nothing but good will and a spirit of team-building. If you take what I write any other way, that is probably just because I wasn't very clear.

Project_Hero
Project_Hero's picture
Offline
Last seen: 3 years 2 months ago
Joined: 10/09/2014 - 11:21
Huckleberry wrote:
Huckleberry wrote:
Project_Hero wrote:

A Superhero game would I assume also include super villains, nice try though :p

Oh well. It was worth a try. I hope someone chuckled, somewhere..

Nope. In fact your post eradicated laughter for ALL TIME O.O

"Let the past die. Kill it if you have to."

Radiac
Radiac's picture
Offline
Last seen: 1 year 3 days ago
kickstarter11th Anniversary Badge
Joined: 10/19/2013 - 15:12
I just want to point out that

I just want to point out that my global name on this or any game is not a part of my role playing experience per se. I mean, if I have to be identified as @Radiac1234 on the forums, you could argue that the @ symbol is an immersion breaker as well as the numbers are, and I see all of that stuff as added mechanical crap that we all have to deal with and ignore it. Now, for my characters, their names are whatever comes before the @ symbol, to me. I like the double barrel name structure, because it allows me to make a guy named WhateveMan@Radiac1234 and someone else to make their WhateverMan@somedude1235 and we can both coexist.

So in short, I'm willing to suspend my disbelief in names like Radiac1234.

R.S.O. of Phoenix Rising

Project_Hero
Project_Hero's picture
Offline
Last seen: 3 years 2 months ago
Joined: 10/09/2014 - 11:21
In Champions Online you can

In Champions Online you can hide the global names in the chat box, and they don't show up above people's heads. So based on that model everyone should be able to get the immersion they're looking for.

"Let the past die. Kill it if you have to."

Lothic
Lothic's picture
Offline
Last seen: 5 months 6 days ago
kickstarter11th Anniversary Badge
Joined: 10/02/2013 - 00:27
Huckleberry wrote:
Huckleberry wrote:
Lothic wrote:

Look at it this way: If I supposedly haven't learned this "Day One" BS yet after decades of professional work experience do you seriously think you'd have a chance to teach me with a handful of alarmist paragraphs on your part? Stop beating your head against the wall and count to 10 on this one. Can you seriously not tell I'm just sort of f***king with you at this point?

You are so right.

And no, I seriously can not tell that you have been anything other than serious. My apologies.

Use a bit of that famous "logic" you claim I needed to provide here: Would someone be able to maintain a successful multi-decade career working for various programs for the DoD if he/she didn't "follow the rules" when it comes to basic cyber awareness and IA?

Also your assumptions that "20+ cyber security courses" (it's frankly been more like 100+ related training courses/events across various industry and government programs over the years) were not "effective" in my case is somewhat insulting at the very least. I'll sadly assume that was your intention in your references to that. I'll also continue to mention my so-called "CV" in these forums whenever it's relevant - and it was in the case when it was suggested that adding four random numbers to our global names would somehow, to paraphrase the poster in question, make the game "work better" in some unspecified way.

Huckleberry wrote:
Lothic wrote:

The only way this game would have a security methodology as GOOD as the US Air Force would be to issue every player an EMV enabled ID card (CACs for the DoD) and make sure every player had a reader for that card. Tell me you think that's going to happen anytime soon for a MMO being developed on a shoestring budget. The password policy I cited earlier is what the Air Force approves of for systems that do not require CACs. Trust me when I say that to this day that includes plenty of systems that process classified data. Frankly I remain unconvinced CoT would require a security posture anywhere near as remotely convoluted as you insist upon. I'm sorry, you just aren't going to convince me otherwise regardless of your hangups about that.

Hey, you're the one who brought up Air Force security into this; and you did so by saying that in the Air Force password complexity was all it needed to be secure. [url=https://cityoftitans.com/comment/137846#comment-137846](refer to post #88)[/url] Now you are changing that tune. And really, that's all I was trying to accomplish. Telling people all they need is a complex password is a falsehood, and there are other security measures an IT system needs to enact if it wants to keep itself and its users protected from the [u]most likely[/u] threats.

Really? Did you just completely gloss over what I actually said to cherry-pick the part your liked? I said that not only are there Air Force systems that require CACs there are plenty of systems that still DO NOT and probably never will. What part of "changing my tune" did you get from that? I literally reiterated (for like maybe the sixth time, sorry I'm not bothering to keep an exact count) that the US Air Force has no problem having systems (again many of which are processing classified data) be protected ONLY via a proscribed password policy. I get that might seem shocking/nonsensical to you in this day and age but that doesn't change the facts here.

The only reason I mentioned the DoD's use of CACs is that I wanted you to realize that the DoD understands that differing levels of security posture are adequate in different situations and if even they don't bother with CACs (much less something like third-party tokens) in ALL situations then certainly it's completely questionable/debatable whether a mere MMO really calls for that degree of overkill.

Huckleberry wrote:
Lothic wrote:
Huckleberry wrote:

Just look at this [url=https://www.reddit.com/r/gamedev/comments/1jd2t5/protocol_encryption_for_indie_mmos/]thread on reddit[/url] from four years ago to see just some of the concerns I discuss and the kinds of things hackers do to get between the users and the systems.

To be honest I'm not going to bother - the fact that you can easily link to a discussion you had about this topic four years ago tells me all I need to know here. This is obviously a touchy, nerve-tickling subject for you and it's probably safe to say you won't really like anything else I respond with on this topic.

Actually that link was the result of a 15 second search I did on Google this morning and I was not associated with it at all. I would expect a true security specialist to be able to reference far more recent discussion that would show password complexity is but the smallest and simplest form of account security and it can be bypassed quite easily. Complex passwords thwart ONE specific threat. There are so many others.

You have claimed the existence of a vague Dark Web cyber "threat" but haven't really made a case for why a game like CoT should bend-over-backwards to employ any/every kind of security measure to supposedly protect itself from such a threat. Third-party tokens in CoT would be a [b]"nice to have"[/b] feature if that could be implemented with absolutely no additional impact to development budgets/schedule but it's hardly a security scheme that would be strictly necessary here. A true security specialist would weight the pros and cons of any situation and implement accordingly, not reflexively. We don't need to employ an 18-wheeler when a pick-up truck would likely suffice.

Huckleberry wrote:

And so, to bring this thread back to one of its original tangents. It was suggested by Radiac in [url=https://cityoftitans.com/comment/137805#comment-137805]post #69[/url] that adding 4 random digits to everyone's display name might be a security measure instituted by Arenanet when they made GW2. This idea had some merit since those 4 digits were not displayed as part of the user's global name unless there was a duplicate name. While it was probably not done for security purposes, doing so actually would add a layer of security [b]if[/b] those numbers really were unknown to any but the owner and the system.

However, looking at the GW2 forums, you can see that those four digits show up after everyone's name. So whatever security they would or could have provided is moot since they are, in fact, on public display. Thus I put my money on what others have suggested: It was a convenience issue to allow players to choose whatever display name they want; and maybe even to pre-empt other issues associated with server mergers and the like.

At least I think we can generally agree on this original point - the overall security "benefit" of having 4 random numbers attached to our global names is dubious at best.

CoH player from April 25, 2004 to November 30, 2012
[IMG=400x225]https://i.imgur.com/NHUthWM.jpeg[/IMG]

Redlynne
Redlynne's picture
Offline
Last seen: 4 months 1 week ago
kickstarter11th Anniversary Badge
Joined: 10/28/2013 - 21:15
Battlenet accounts for

Battlenet accounts for Blizzard games force a 4 digit code suffix onto account names, presumably to help disambiguate them in such a way that multiple people can have the same "name" but different "numbers" on their accounts. That way, you don't wind up with a Name Squatters situation in which every name has to be unique in a way that can then block other people from using that name (unless the name gets used 10,000 times, of course).

[center][img=44x100]https://i.imgur.com/sMUQ928.gif[/img]
[i]Verbogeny is one of many pleasurettes afforded a creatific thinkerizer.[/i][/center]

blacke4dawn
blacke4dawn's picture
Offline
Last seen: 1 year 8 months ago
Joined: 03/28/2015 - 03:02
Huckleberry wrote:
Huckleberry wrote:

And so, to bring this thread back to one of its original tangents. It was suggested by Radiac in [url=https://cityoftitans.com/comment/137805#comment-137805]post #69[/url] that adding 4 random digits to everyone's display name might be a security measure instituted by Arenanet when they made GW2. This idea had some merit since those 4 digits were not displayed as part of the user's global name unless there was a duplicate name. While it was probably not done for security purposes, doing so actually would add a layer of security [b]if[/b] those numbers really were unknown to any but the owner and the system.

However, looking at the GW2 forums, you can see that those four digits show up after everyone's name. So whatever security they would or could have provided is moot since they are, in fact, on public display. Thus I put my money on what others have suggested: It was a convenience issue to allow players to choose whatever display name they want; and maybe even to pre-empt other issues associated with server mergers and the like.

I can tell you that those 4 extra digits have absolutely no bearing on account security since the display name and account name are separate things and don't depend on each other.
Same thing with Battle.net, and it was the same with CoH.

From what I have read here MWM will have a very similar structure to how NCSoft has/had it. One Master Account for handling one or more Game Accounts that don't need to have the same or related name to the Master Account, and then (hopefully) a global handle that can be completely different to those.

So, adding random digits to the global handle will most likely have no bearing on security what so ever since it won't be used in those situations.

Cobalt Azurean
Cobalt Azurean's picture
Offline
Last seen: 1 month 3 weeks ago
kickstarter11th Anniversary Badge
Joined: 10/03/2013 - 16:39
55 posts in a day? Yeah, this

55 posts in a day? Yeah, this thread took a turn for the worse.

Nos482
Nos482's picture
Offline
Last seen: 4 years 6 months ago
kickstarter11th Anniversary Badge
Joined: 08/25/2013 - 14:50
TitansCity wrote:
TitansCity wrote:

"forcing" people to have a global name like @name1234 would, to my opinion, be really against the philosophy of customization provide by the game ^^

Eh, could be worse. =P

[url=https://www.youtube.com/watch?v=W_HUdf89hI8]Send out your signal, call in your hero
I kidnapped his lady, now his power's are zero.
[/url]

DesViper
DesViper's picture
Offline
Last seen: 2 years 11 months ago
Developer11th Anniversary Badge
Joined: 03/10/2014 - 00:55
yeah wow this took a turn....

yeah wow this took a turn....

I vote 32, size of a byte or something. :p

[hr]
[color=red]PR, Forum Moderator[/color]
[url=http://cityoftitans.com/forum/desvipers-creative-impulsivity]My Non-Canon Backstories[/url]
Avatar by MikeNovember

Lin Chiao Feng
Lin Chiao Feng's picture
Offline
Last seen: 2 months 2 days ago
Developerkickstarter11th Anniversary Badge
Joined: 11/02/2013 - 09:27
TitansCity wrote:
TitansCity wrote:

I don't know why but your answer Lin, makes me think about the gold sellers (or banned players).

We've got to worry about them, too.

TitansCity wrote:

If a gold sellers is banned due to mass reporting actions from players, is the global will be available since this is the account (e-mail) which will be banned or the global name will still unavailable because that the global name which is banned ?

Policy isn't final, but the default strategy is "don't recycle globals." Recycling globals can result in player confusion ("Hey, @supersport, long time no see!" "Who are you? I just signed up today.") and also causes problems with tracking these guys. Also, the possibility of recycling globals cheapens the value of the "pick your global early" perk. IMHO the most we'd probably do is rename a global (like the old "GenericHero1234" thing) in extreme cases. But by default, no.

TitansCity wrote:

But, i'm interesting to have your answer about if the social com pack supports tab completion :)

If the social comms package supports completions, the trick would be figuring out what pool of globals to complete against. Tab completion could become useless if there are a million gobbledygook globals...

Radiac wrote:

I have a question about the global part. In GW2 they assign you your global, and they do so by asking you to type a global you want, then adding like 4 numerals on the end of it, which numerals are I think pseudorandomly generated. Is there a really good reason for doing this? And will CoT work the same way?

Aside from when we smack someone with out equivalent of "GenericHero1234" for using a disallowed name, I have no idea why we'd want to adopt this system.

Radiac wrote:

One good outcome of the "add 4 random numbers, but keep them hidden from everybody but the user" system is that it makes it harder for someone to hack into your account by guessing your password.

Irrelevant. Your login name will be different from your global handle (and website username, though website username and global can be the same if you want), will be something chosen by you so long as it's not already taken, and should never be shared in public. That way, if either your global or login name is compromised, we can change it with minimal account disruption.

We're also tossing around ideas for the login process. The one in the lead is that you login to the launcher with your account login and password, then after you update and launch the game, you get asked in the game app for your global before you get to character selection. Alternatively, a 6-digit PIN could be requested. The goal of this two-factor-ish setup is to make it harder for an attacker to spoof your login. Comments?

[i]Has anyone seen my mind? It was right here...[/i]

blacke4dawn
blacke4dawn's picture
Offline
Last seen: 1 year 8 months ago
Joined: 03/28/2015 - 03:02
Lin Chiao Feng wrote:
Lin Chiao Feng wrote:

We're also tossing around ideas for the login process. The one in the lead is that you login to the launcher with your account login and password, then after you update and launch the game, you get asked in the game app for your global before you get to character selection. Alternatively, a 6-digit PIN could be requested. The goal of this two-factor-ish setup is to make it harder for an attacker to spoof your login. Comments?

Do we really need to login before we can update the game? I hate that since I can't just initiate launch and walk away to do something else (like getting snacks/drinks) and come back to an updated one, I have to either update when I come back or stay and login before I can do whatever else I wanted to do.

As for this two-factor-ish setup, as long as I can authorize my computer, even if for a limited time, so that I don't have to type it in every freaking time I login then I won't really care which method you use.

Also, please please Please gives us the ability to set as many game options as possible directly from the launcher, hate it when I have to launch the game, sometimes even load a character, before I can change settings.

Lothic
Lothic's picture
Offline
Last seen: 5 months 6 days ago
kickstarter11th Anniversary Badge
Joined: 10/02/2013 - 00:27
Redlynne wrote:
Redlynne wrote:

Battlenet accounts for Blizzard games force a 4 digit code suffix onto account names, presumably to help disambiguate them in such a way that multiple people can have the same "name" but different "numbers" on their accounts. That way, you don't wind up with a Name Squatters situation in which every name has to be unique in a way that can then block other people from using that name (unless the name gets used 10,000 times, of course).

Yes this is likely the only "purpose" the random 4 digit suffix thing was ever implemented by any game. The "it might help with security" angle was always questionable at best.

I get that if you want the name "Xardos" and that name is already taken the game could randomly give you "Xardos4582" instead. The advantage of that scheme is that it's clean and simple and let's the player avoid having to sit there for a few minutes thinking of another name. But consider the negative ramifications of that for CoT.

In our case it's likely that the player will only ever have to think of a global name ONCE during their entire time playing CoT. How much time are you really going to save the player in the long run in the relatively unlikely "name conflict" scenario? Instead of CoT RANDOMLY FORCING you to accept a random set of numbers attached to your name why not just let the game tell you when you type "Xardos":

[code]Sorry that name is already taken, Please choose another...[/code]

Now the player can CHOOSE if they want to try something completely different or the player could always decide to manually type in "Xardos4582" if that's what THEY WANT for themselves. There's really no reason for CoT to be forcing players to accept ANYTHING related to their selection of names. The whole reason we are using the @global naming system is to ensure players can name their characters anything they want. Why would we not want the same freedom to make sure that our single global name is spelled out exactly the way we want it to be?

Frankly I'd much rather have to re-try several times to finally get the global name I'd want than the game force me to accept anything it wants to assign to me. it's just that simple.

CoH player from April 25, 2004 to November 30, 2012
[IMG=400x225]https://i.imgur.com/NHUthWM.jpeg[/IMG]

Lothic
Lothic's picture
Offline
Last seen: 5 months 6 days ago
kickstarter11th Anniversary Badge
Joined: 10/02/2013 - 00:27
Lin Chiao Feng wrote:
Lin Chiao Feng wrote:

Your login name will be different from your global handle (and website username, though website username and global can be the same if you want), will be something chosen by you so long as it's not already taken, and should never be shared in public. That way, if either your global or login name is compromised, we can change it with minimal account disruption.

We're also tossing around ideas for the login process. The one in the lead is that you login to the launcher with your account login and password, then after you update and launch the game, you get asked in the game app for your global before you get to character selection. Alternatively, a 6-digit PIN could be requested. The goal of this two-factor-ish setup is to make it harder for an attacker to spoof your login. Comments?

If our login names will definitely be different than our global handles are you really expecting there to need for a second tier of protection like this? Despite what people like Huckleberry would have you believe I am NOT against this game being a secure as it reasonably needs to be. On the other hand there needs to be some consideration for just how "annoying" it's going to be for legitimate users to be able to play the game. I mean you could always could up with a ten-tier scheme of protection for CoT; sure the game would be hyper secure but who would want to spend 30 minutes "logging in" to a game?

If you seriously want to have a two-tier log in scheme I'd suggest you keep it as simple as possible. The mere fact that you'd basically be making us use two passwords instead of one is already going to be giving us that much more protection. A four or six digit pin is probably good enough for this. The only problem with using the global name is that it's a string that's going to be publicly available - at least the pin would technically be another private piece of PII.

CoH player from April 25, 2004 to November 30, 2012
[IMG=400x225]https://i.imgur.com/NHUthWM.jpeg[/IMG]

Radiac
Radiac's picture
Offline
Last seen: 1 year 3 days ago
kickstarter11th Anniversary Badge
Joined: 10/19/2013 - 15:12
If I understand the system

If I understand the system being talked about correctly, assuming I only play CoT, a game run by MWM, I would have:

1. An account name (with password, and possibly pin number) that logs me into my account on the MWM site. This account will be where I buy stuff, like games, i.e. City of Titans. So when the time comes, if I'm a brand new customer, I go to MWM's website and make a new account for myself, then use that account to buy a game like CoT with a credit card, or(hopefully) PayPal. No persons but MWM and me will ever see this login account name and no person besides me will ever know my password and/or pin. I will need to use this account login and password just for when I want to buy new games , or other products from MWM.

2. Once I have purchased a game, I need a game account to log into that game. So I buy the game, download the front end, and when it's setting me up, it asks me to pick a new, unique account name for that game only and asks me to pick a sufficiently secure password. This account name will be the name that identifies me on the game website forums etc. (or alternatively, maybe it asks me to make a global website handle in this setup step, which is separate from my login, but connected to that account). I will log into this account when I want to buy in-game stuff like Stars, or when I want to spend Stars on in-game stuff.

3. Once I have a game account, and I go to make a character, if its the first toon I ever made, it will ask me to pick a unique global chat handle -- the letters that go after the @ in the double-barrel name "Hero@SomeDude". Once I pick my global handle (SomeDude), it get's applied to all my toons from there on (I would have to buy the game again in step 1 then make a second game account in step 2 if I wanted to have a second set of toons with their own unique in-game global chat handle).

In this system, the only publicly visible names that could identify me as a person playing the game are the global chat handle (in game) and the game-specific public account name (on the forums).

I don't hate this system, even though it requires one person to have multiple levels of codenames and passwords/pin numbers.

I would just point out that it's important to remind people what name they're choosing when they're choosing it. I might want to have my game account be "Radiac" and my first toon on that account is named "Radiac@Radiac", but my MWM account might be "TheDudeAbidesSTFUDonnie!" or some such.

If there's going to be a rule that you can't re-use your MWM account login as your CoT game account login, OR that you can't use either of those as your as your in-game global chat handle, that should be a warning people see when they're choosing their account logins in the first place.

The LAST thing I want is to pick the account login "Radiac" in an irreversible way only to find out later that this choice is now PRECLUDING me from making "Radiac" my forum handle and/or my global in CoT.

R.S.O. of Phoenix Rising

Wolfgang8565
Wolfgang8565's picture
Offline
Last seen: 3 years 4 months ago
Developer
Joined: 10/31/2014 - 14:51
My brain hurts

My brain hurts

-----------

[color=#FF0000]Graphic Designer[/color]

TitansCity
TitansCity's picture
Offline
Last seen: 1 year 7 months ago
11th Anniversary Badge
Joined: 10/28/2013 - 02:09
Lin Chiao Feng wrote:
Lin Chiao Feng wrote:
TitansCity wrote:

I don't know why but your answer Lin, makes me think about the gold sellers (or banned players).

We've got to worry about them, too.

Are you saying you didn't handle that subject yet ? ^^

[hr]
Suivez l'avancement du jeu City of Titans en Français sur https://titanscity.com
http://forum.titanscity.com | www.facebook.com/titanscity | http://twitter.com/TitansCity
[color=red]PR - Europe[/color]

Redlynne
Redlynne's picture
Offline
Last seen: 4 months 1 week ago
kickstarter11th Anniversary Badge
Joined: 10/28/2013 - 21:15
Radiac wrote:
Radiac wrote:

3. Once I have a game account, and I go to make a character, if its the first toon I ever made, it will ask me to pick a unique global chat handle -- the letters that go after the @ in the double-barrel name "Hero@SomeDude". Once I pick my global handle (SomeDude), it get's applied to all my toons from there on (I would have to buy the game again in step 1 then make a second game account in step 2 if I wanted to have a second set of toons with their own unique in-game global chat handle).

Speaking just for myself here ...

The only part of a game account that MUST be unique is the account name after the @ symbol. For that reason, I would honestly think that it's a better idea to do any @global account setup through a secure web page, rather than on a log in screen inside the game client itself. That way, you MAKE your @global account before you can even try to log in on the client. And the web page used for this can tell you if the @global you've chosen has already been taken or not (because it's already in the account database).

After that, there's the "broom and dustpan" housecleaning method of wanting to ensure that Name Squatters aren't rewarded for making accounts that don't get used (or which don't get used much). This would involve periodic (bi-weekly?) sweeps of the account database when the servers are down for maintenance and patching checking activity levels on accounts, and that if an account falls below a threshold of inactivity, it is flagged for possible removal and the account owner gets notified by email. If there is no response, according to posted policy, an inactive @global will be deleted, so as to free up the name.

In this case, I'm thinking about "orphaned" accounts where people create an @global and then for whatever reason wind up never logging in to play or create a character on the account. Put in a caveat that an account which has at least 1 character who has reached the Level Cap (whether that was 30, 40 or 50 at the time) and created another character in the "free" character slot thus opened up, such accounts would never be subject to flagging and eventual removal by this account names cleanup process. Basically a "grandfather" clause that safeguards your account because you played at least 1 character all the way to the level cap.

[center][img=44x100]https://i.imgur.com/sMUQ928.gif[/img]
[i]Verbogeny is one of many pleasurettes afforded a creatific thinkerizer.[/i][/center]

Radiac
Radiac's picture
Offline
Last seen: 1 year 3 days ago
kickstarter11th Anniversary Badge
Joined: 10/19/2013 - 15:12
Name squatting happened in

Name squatting happened in CoX because one perosn could buy the game and make umpteen toons.

In this system, if I understand it right, the name to the left og the "@" is not unique and cannot therefore be squatted on, and the name after the "@" is the one and only global you get with your purchase of the game. So to squat on global names would require you to pay an additional $50 or whatever to buy an additional copy of the game to make an additional global.

I mean, I assume that's how it would work. I can't see why you'd let a person buy the game once then make like 10 different globals.

R.S.O. of Phoenix Rising

Redlynne
Redlynne's picture
Offline
Last seen: 4 months 1 week ago
kickstarter11th Anniversary Badge
Joined: 10/28/2013 - 21:15
Well I'd assume that there's

Well I'd assume that there's going to be a limit of one @global per purchased game key.

But then let's also assume that someone registered @Radiac before YOU could ... and then they wind up never logging into the game or creating a character or doing anything with the account. Should that @Radiac registration be allowed to stand ... UNUSED ... forever? Or should it be "recycled" back into the list of possible available @global names?

Of course, in any scenario where an @global gets released/rescinded like that, the game key would be "refunded" the right to create a new @global for that particular game key (so it's not like they'd have to buy the game all over again just to register a new @global).

This is why having some sort of "broom and dustpan cleanup" to free up names that get registered, but then wind up never being used (for whatever reason), is something to account for in terms of both policies and systems design.

[center][img=44x100]https://i.imgur.com/sMUQ928.gif[/img]
[i]Verbogeny is one of many pleasurettes afforded a creatific thinkerizer.[/i][/center]

Lothic
Lothic's picture
Offline
Last seen: 5 months 6 days ago
kickstarter11th Anniversary Badge
Joined: 10/02/2013 - 00:27
Radiac wrote:
Radiac wrote:

Name squatting happened in CoX because one perosn could buy the game and make umpteen toons.

In this system, if I understand it right, the name to the left og the "@" is not unique and cannot therefore be squatted on, and the name after the "@" is the one and only global you get with your purchase of the game. So to squat on global names would require you to pay an additional $50 or whatever to buy an additional copy of the game to make an additional global.

I mean, I assume that's how it would work. I can't see why you'd let a person buy the game once then make like 10 different globals.

Yes under the system this game will use you could have a team made up of the following five characters:
[list]
CaptainWonderful@ABC
CaptainWonderful@XYZ123
CaptainWonderful@JKLMNOP
CaptainWonderful@CaptainWonderful
CaptainWonderful@Borat
[/list]

Now as far as the idea of "squatting" global names goes I don't think it's quite so clear cut. For example if a single player wants to spend $500 to have 10 different accounts (with 10 different global names) can you really call that squatting? The person paid for the "privilege" to have those 10 different global names associated with him/her. Would it really matter if that person equally used all 10 accounts or maybe just regularly used one and left the other nine fallow? I don't see the obvious "crime" there. *shrugs*

CoH player from April 25, 2004 to November 30, 2012
[IMG=400x225]https://i.imgur.com/NHUthWM.jpeg[/IMG]

Project_Hero
Project_Hero's picture
Offline
Last seen: 3 years 2 months ago
Joined: 10/09/2014 - 11:21
During my time playing both

During my time playing both CoX and Champions Online I had on occasion taken a year or multi-year long break from the game. And I'm someone who doesn't tend to max level characters. With your supposed method Red I'd likely need to either re-activate my old global every time I came back, log into the website even while I'm not playing, make a new global every time I come back, or force myself to get a level 50 so that doesn't happen.

I'd rather not have to do any of that. Especially for returning players the more hassle they need to put up with to return the less likely they'll return at all. If I need to jump through a bunch of hoops just to play a game again, I likely won't. I don't imagine I'm alone in this sentiment.

"Let the past die. Kill it if you have to."

Radiac
Radiac's picture
Offline
Last seen: 1 year 3 days ago
kickstarter11th Anniversary Badge
Joined: 10/19/2013 - 15:12
I would be willing to live

I would be willing to live with Radiac@Radiac1234 (or any other random 4 digit number) in order to get the "Radiac" part and not have to change it. Given that everyone else would have numbers on their global too, I don't think it's that big a problem. I'd rather be ONE of the Radiac#### people than have to use any other global. I think this is where the argument of "at least you get to choose your name, not have a number foisted upon you" is actually not better, it's worse, at least for me.

I wonder, would more people prefer "Guy@NameYouWant####" while knowing that everyone else has to live with the numbers too, and that there may or may not be others with "@NameYouWant###" with different digits, or would more people want to try for "@NameYouWant" not get it, and have to settle for "@NameYouAgreedToAsACompromiseAndActuallyDetestForThatReason"

Personally, as I said, I think more people would just take the numbers in order to get the words they actually want in there, but that's because that's what I prefer.

Edit: And my original point, which I forgot to actually mention, the number system doesn't require any kind of "dustpan" mechanics, you just let people keep the accounts they paid for forever.

R.S.O. of Phoenix Rising

Fireheart
Fireheart's picture
Offline
Last seen: 5 months 2 weeks ago
11th Anniversary Badge
Joined: 10/05/2013 - 13:45
Well, as interesting as the

Well, as interesting as the Account name argument might be, I'm Fireheart on these forums (and others) so I expect to be Fireheart in CoT (as I am in other games). I mean, none of You Folks want to be 'Fireheart', I hope? Anyone out there looking at another forumite's handle and thinking 'I wish I could be them!'?

I'm just not sure if this is a genuine problem, or not.

Be Well!
Fireheart

Project_Hero
Project_Hero's picture
Offline
Last seen: 3 years 2 months ago
Joined: 10/09/2014 - 11:21
*plots to buy many copies of

*plots to buy many copies of the game to steal all the forum peeps handles*

MWAHAHAHAHAHA!!! I er... I doubt anyone is going to do that

"Let the past die. Kill it if you have to."

Interdictor
Interdictor's picture
Offline
Last seen: 5 years 3 weeks ago
11th Anniversary Badge
Joined: 08/22/2013 - 05:26
Fireheart wrote:
Fireheart wrote:

Well, as interesting as the Account name argument might be, I'm Fireheart on these forums (and others) so I expect to be Fireheart in CoT (as I am in other games). I mean, none of You Folks want to be 'Fireheart', I hope? Anyone out there looking at another forumite's handle and thinking 'I wish I could be them!'?

I'm just not sure if this is a genuine problem, or not.

Not really. If I understand correctly your game account name has no bearing on your forum handle, nor does it have anything to do with your individual character's names. I'm not even sure how often your account name will have to come up in-game . . . maybe if someone wants to send you an in-game mail or something and you're not around to just right-click on? The rest should be able to be handled "behind the scenes" via the UI.

Wolfgang8565
Wolfgang8565's picture
Offline
Last seen: 3 years 4 months ago
Developer
Joined: 10/31/2014 - 14:51
I do genuinely think mine

IM sure mine will. Wolfgang is always taken so I have to add numbers.

-----------

[color=#FF0000]Graphic Designer[/color]

Lin Chiao Feng
Lin Chiao Feng's picture
Offline
Last seen: 2 months 2 days ago
Developerkickstarter11th Anniversary Badge
Joined: 11/02/2013 - 09:27
blacke4dawn wrote:
blacke4dawn wrote:

Do we really need to login before we can update the game? I hate that since I can't just initiate launch and walk away to do something else (like getting snacks/drinks) and come back to an updated one, I have to either update when I come back or stay and login before I can do whatever else I wanted to do.

I like that, too, but the brass wants the server to be sure you bought the game before downloading it to you, to save us from some griefer who could spawn a bunch of VMs just to tax our update servers. (We’ll be able to launch more than one game, or version of the game, e.g. a test server version as well as the live version, and some of these are only available to a subset of players.)

So we have to verify who you are first. We’re trying to make it so there’s little time between launching the launcher and getting the login prompt, and maybe give you an option to launch as soon as updates complete, so you can launch the launcher, login, and then go make a sandwich until the music starts playing, then come back, enter your global, pick your character, and get into Titan City.

blacke4dawn wrote:

As for this two-factor-ish setup, as long as I can authorize my computer, even if for a limited time, so that I don't have to type it in every freaking time I login then I won't really care which method you use.

Also, please please Please gives us the ability to set as many game options as possible directly from the launcher, hate it when I have to launch the game, sometimes even load a character, before I can change settings.

Noted.

[i]Has anyone seen my mind? It was right here...[/i]

TitansCity
TitansCity's picture
Offline
Last seen: 1 year 7 months ago
11th Anniversary Badge
Joined: 10/28/2013 - 02:09
Lin, except if my computer is

Lin, except if my computer is not a personnal one (i.e i'm in a cyber-café or i'm in my grand'ma house or i use my cousin's computer..oh wait... what's this picture on you computer Greg ???!), why are we obliged to log in ?
I mean, if i log in once, you can catch the mac address right ? and maybe pair it with my IP (xx.xx.xxx.xxx) or my mail ? Or you can maybe put some cookies or something like that (sorry, i don't really know this kind of things). Then, we are not obliged, next time, to log in :)
Ok, maybe this could be an option only ?

[hr]
Suivez l'avancement du jeu City of Titans en Français sur https://titanscity.com
http://forum.titanscity.com | www.facebook.com/titanscity | http://twitter.com/TitansCity
[color=red]PR - Europe[/color]

Lin Chiao Feng
Lin Chiao Feng's picture
Offline
Last seen: 2 months 2 days ago
Developerkickstarter11th Anniversary Badge
Joined: 11/02/2013 - 09:27
Radial, it’s late and I might

Radiac, it’s late and I might not get these right, but I’ll try anyway. Answering by number:

1. Not quite. You login to the CoT site to buy CoT stuff, from the game itself to starts to whatever. That’s this site you’re on, that you logged in to post here. You’ll just go to the Store link that’ll replace Merchandise in the menu, toss what you want in the shopping cart, and pay with Stripe, Amazon Pay, or any other payment processor we’ve set up. (Noted that you want PayPal as an option.)

Things will be set up so that your credit card number never passes through our hands; the payment info section is an iframe like the YouTube videos are, and your browser will be talking straight to Stripe or Amazon or whoever. We’ll just see whatever token they give us to track the transaction. They say you paid, we record the cart contents, update your account with the loot, and off you go.

The stuff you bought can be managed through a tab (to be added) on your user page. That’s where you can burn a game token to make a game account, at which point you’ll set an account name (the one you don’t share, and yes, we’ll put text in there telling you not to share it and that your global must be different) and password for logging into the launcher. Later on, we’ll add the ability to choose a global. Since a Kickstarter reward perk is “early choice of global names”, we can’t open that up during the Second Chance, and have to do it in stages later.

2. You download the launcher and login to it with the credentials set above. It updates itself and the game and launches the game. Once that’s loaded, punch in your global or PIN (TBD) and you’re off to the create or choose your character screen and it’s not my problem past that. :P

3. If you want to multibox, create a new Web account, go to the store, and go through the process above. If you have all your game tokens on the first acccount, transfer one to the second account. This will be either via a generated reg code or directly. Later, you’ll link the second account to the first in a “family” mode, which is where parental controls come in (which you won’t use, but they’re there). At least, that’s the process on the whiteboard.

Wolfgang, my brain hurts too.

[i]Has anyone seen my mind? It was right here...[/i]

Lin Chiao Feng
Lin Chiao Feng's picture
Offline
Last seen: 2 months 2 days ago
Developerkickstarter11th Anniversary Badge
Joined: 11/02/2013 - 09:27
TC, your cyber cafe machine

TC, your cyber cafe machine has a keylogger so you're already out of luck. :P

The general rule is “trust the client as little as possible”. We’ve got “little” down and are moving on to “as possible”. We don’t want to get calls from people whose kids logged on as Dad and ran up a thousand dollars on the card buying stuff for this game, and have to manually revert it and refund, all because we had authenticated the machine and didn’t ask for a password. Likewise, as noted by others above, nobody wants to feel like they have to deck their way past three levels of black ice to play the game. (That’s a Shadowrun reference, sorry.)

[i]Has anyone seen my mind? It was right here...[/i]

TitansCity
TitansCity's picture
Offline
Last seen: 1 year 7 months ago
11th Anniversary Badge
Joined: 10/28/2013 - 02:09
lol ! when i wrote that word,

lol ! when i wrote that word, i didn't even know if this kind of stuff as the same in USA xD
I don't even have a coffee machine :p i prefer drinking tea :p

But, ok, i understand why you need a log in ^^ At least, the launcher could be updated wihtout any loggin ? if it needs to be updated ^^

[hr]
Suivez l'avancement du jeu City of Titans en Français sur https://titanscity.com
http://forum.titanscity.com | www.facebook.com/titanscity | http://twitter.com/TitansCity
[color=red]PR - Europe[/color]

Cobalt Azurean
Cobalt Azurean's picture
Offline
Last seen: 1 month 3 weeks ago
kickstarter11th Anniversary Badge
Joined: 10/03/2013 - 16:39
Lin Chiao Feng wrote:
Lin Chiao Feng wrote:

three levels of black ice to play the game. (That’s a Shadowrun reference, sorry.)

^This made my morning.

Lin Chiao Feng
Lin Chiao Feng's picture
Offline
Last seen: 2 months 2 days ago
Developerkickstarter11th Anniversary Badge
Joined: 11/02/2013 - 09:27
TitansCity wrote:
TitansCity wrote:

At least, the launcher could be updated wihtout any loggin ? if it needs to be updated ^^

Sure, it could, but that takes a random amount of time that nobody wants to sit and watch? So it would be nice to get login out of the way immediately, so you can do something else while the launcher and/or game updates, and just wait for the music to start?

[i]Has anyone seen my mind? It was right here...[/i]

TitansCity
TitansCity's picture
Offline
Last seen: 1 year 7 months ago
11th Anniversary Badge
Joined: 10/28/2013 - 02:09
whatever, as long as i can

whatever, as long as i can play the game xD

[hr]
Suivez l'avancement du jeu City of Titans en Français sur https://titanscity.com
http://forum.titanscity.com | www.facebook.com/titanscity | http://twitter.com/TitansCity
[color=red]PR - Europe[/color]

Pages