• Play
  • About
  • News
  • Forums
  • Yppedia
  • Help
Welcome Guest   | Login
  Index  | Recent Threads  | Register  | Search  | Help  | RSS feeds  | View Unanswered Threads  
  Search  


Quick Go »
Thread Status: Normal
Total posts in this thread: 4
[Add To My Favorites] [Watch this Thread] [Post new Thread]
Author
Previous Thread This topic has been viewed 384 times and has 3 replies Next Thread
Eruru

Member's Avatar


Joined: Feb 10, 2021
Posts: 1
Status: Offline
Hide Account Names on Forums Reply to this Post
Reply with Quote

Ahoy fellow Pirates!

I am writing this suggestion on the forums as I've recently had the unfortunate event of having my account hacked, coming back after 2 & a half years just to go through the process of recovering my account after it was Banned with the reason: Account Compromised, and picking up the scraps of what was left over after the ordeal.

I would like to suggest that the Account Names on the Forums be Hidden if possible, as it allows a novice hacker to see our Account Name that we use to Login to the Game.

Upon Learning a persons Account Name, it would be very easy for a novice hacker to brute force a password until one worked, or to match a password leak database.

I definitely will be making my password a lot more complex & longer, using a new account that isn't linked to my main account to post on the forums, just to make it harder for any malicious pirate to try to jack my account after a heated blockade.

I'd like to further thank the Ocean Masters for their professionalism in dealing with all the enquiries and helping me recover my old account.
----------------------------------------
Emerald - Elu
----------------------------------------
[Edit 2 times, last edit by Eruru at Feb 11, 2021 6:09:34 PM]
[Feb 11, 2021 5:50:48 PM] Show Printable Version of Post        Send Private Message [Link]  Go to top 
Thunderbird

Member's Avatar


Joined: Sep 4, 2003
Posts: 5771
Status: Offline
Re: Hide Account Names on Forums Reply to this Post
Reply with Quote

A long time ago (in the early years of the game, back when these forums used different software), it was mentioned that it was intended to eventually have people posting with their pirate names instead of their account names. I don't know how feasible it actually is with either the software that was in use at the time (phpBB) or the current one.

I think in terms of brute-forcing passwords, I feel like the system should lock out an account (and require recovery via email) after a certain number of invalid password attempts.

There's other options, such as two-factor authentication, but I don't know what all would go into that.

The easiest solution for players on this front is as you said, use a different account for posting on the forums.
----------------------------------------
Pirate tells you, "my, that's one BIG wad o' chewing gum ye have mounted on yer bonce! oO'"
Sungod officer chats, "I wonder if anyone's sailing the harpsichord"
Pirate tells you, "ZOMG CANDYFLOSS!!! *munches*"
[Feb 12, 2021 6:41:51 AM] Show Printable Version of Post        Send Private Message [Link]  Go to top 
Robyns090

Member's Avatar


Joined: Nov 30, 2016
Posts: 148
Status: Offline
Re: Hide Account Names on Forums Reply to this Post
Reply with Quote

I mean, it's not like you actually have to make your forum account name the same as the one you use to log into PP.
----------------------------------------
Robyns
<3
----------------------------------------
[Edit 1 times, last edit by Robyns090 at Feb 12, 2021 10:39:14 AM]
[Feb 12, 2021 10:38:51 AM] Show Printable Version of Post        Send Private Message [Link]  Go to top 
LJAmethyst

Member's Avatar


Joined: Jul 19, 2007
Posts: 4151
Status: Offline
Re: Hide Account Names on Forums Reply to this Post
Reply with Quote

 
I mean, it's not like you actually have to make your forum account name the same as the one you use to log into PP.


QFT. I have never had pirates on the "LJAmethyst" account.

I think MFA is a good idea in general. Let's move toward that for even the most trivial use cases. Let's use strong factors such as TOTP authenticators, and not, not, not SMS or e-mail. Let's also streamline account recovery so that it's not a headache for administrators.

Account names are exposed on the YPPedia as well. Once again, you can create a special account just for that use, with no gameplay and no pirates.

Having your account hacked means more was disclosed than simply your username. Usernames can be a very guessable thing, even if they are not exposed (Morgan Freeman voice: they are commonly exposed.) It is not necessarily a security vulnerability to expose usernames.
----------------------------------------
Retired as of August 2015.
Sic transit gloria mundi.
----------------------------------------
[Edit 1 times, last edit by LJAmethyst at Feb 13, 2021 7:27:44 AM]
[Feb 13, 2021 7:24:41 AM] Show Printable Version of Post        Send Private Message    http://www.newadvent.org/bible/jon001.htm [Link]  Go to top 
[Show Printable Version of Thread] [Post new Thread]

Puzzle Pirates™ © 2001-2020 Grey Havens, LLC All Rights Reserved.   Terms · Privacy · Affiliates