Robbed Account

[Amanda44]

It's more like borrowed than stolen though seeing as how you are on it, are you certain sure, like Ramones says, that you didn't let someone else have the use of it whilst you were gone. Going by other posts you have made, that is what you have done in the past.

But if it has been stolen, that is the 4th time I have heard of someones account being stolen since Christmas! I don't understand why more can't be done to prevent this or why the devs can't just return stolen accounts and ban the person using them from the game. It may not stop it altogether but it would certainly be a good deterrent.

Ahh Loftar, it is happening so much though, why can't you make a public example of ppl who steal others accounts and ban them from the game?

[ramones]

Please do some changes to changing email. So stealing accounts wouldnt be so easy.

I don't think it is particularly "easy" as it is, but if you have any good suggestions, I'm more than willing to listen.

Why not just make it so you cannot change email?

[Jesus_Smith_Nandez]

I want to say "thank" for the rings and the 2mil LPs.

I'm pretty sure those are the RoBs I gave them as a gift after I died lol.

[loftar]

Why not just make it so you cannot change email?

Because what if you change e-mail accounts? Then I'd have to deal with people who've lost their password and can't reset it instead. :)

Ahh Loftar, it is happening so much though, why can't you make a public example of ppl who steal others accounts and ban them from the game?

Literally all account issues I deal with end up in one of these cases:

• Shared accounts (this is 90%+ of issues)
• Transferred accounts (which is arguably a sub-case of shared accounts)
• Pure mistakes, like having changed the password to something unintended (despite the verification field)
• Keylogging clients
• Using some really stupidly simple password, like 123

None of those are things that stronger site security can remedy.

[Xcom]

Why not just make it so you cannot change email?

Because what if you change e-mail accounts? Then I'd have to deal with people who've lost their password and can't reset it instead.

Make it so you have to wait 7 days before you can change email without having direct email verification. Annoying if you lost both email and pass but that's your own fault for doing so.

Another option is to simply give the user said option as a checklist in the character tab with a clear warning that if checked no aid will be given.

[Amanda44]

Ahh Loftar, it is happening so much though, why can't you make a public example of ppl who steal others accounts and ban them from the game?

Literally all account issues I deal with end up in one of these cases:

• Shared accounts (this is 90%+ of issues)
• Transferred accounts (which is arguably a sub-case of shared accounts)
• Pure mistakes, like having changed the password to something unintended (despite the verification field)
• Keylogging clients
• Using some really stupidly simple password, like 123

None of those are things that stronger site security can remedy.

No, quite, I see your point .................... yes, a lot of ppl do seem to share accounts.

[Kaios]

This is a strange thread, I really don't understand how this situation occurred in the first place. Some guy quits the game for awhile and allegedly has given his account information to no one. Somehow, someone gains access to said account and plays it as if it is their own? Also got 2 Mil LP & rings of brodgar on it, wtf. Then they kept the character in a village which was seemingly still active with friendly people knowing full well the owner of the account could log on at any time...

To top it all off, OP considers himself to have been robbed despite not actually losing access to the account at all and essentially all the activity that was done on it came out as positive for him though he still decided to slaughter the poor animals. A strange thread indeed.

[loftar]

Make it so you have to wait 7 days before you can change email without having direct email verification.

What does "direct email verification" mean? A verification e-mail is sent to the new e-mail address, and a "receipt" e-mail is sent to the old.

[borka]

[*]Keylogging clients

Ever seen one ?!? Parsing the account data isn't keylogging - i guess we should be aware what terms we use

What does "direct email verification" mean? A verification e-mail is sent to the new e-mail address, and a "receipt" e-mail is sent to the old.

which is a proper solution in my opinion

What i'd like is more transparency about brute force attempts and whether the brute forcer could have been identified (if possible)

[loftar]

Ever seen one ?!? Parsing the account data isn't keylogging - i guess we should be aware what terms we use

I dunno. That's a matter of definition in my mind. It sends the characters you've typed in, so in a way it is a keylogger. :)

What i'd like is more transparency about brute force attempts and whether the brute forcer could have been identified (if possible)

It is true that brute-forcing used to be a potential problem, but to my knowledge, the only ones who ever were bruteforced were those who used extremely simple passwords. Truly at the level of "123". I'm fairly confident that my current solution has put an effective end to that, though, and it has thwarted quite a number of attempts thus far. I'm not sure if it's wise to divulge the details of how it works, though.