Logins

[Cheese]

so i have been hearing this happen to way too many people recently

 

today i tried to log in with a name that i hadnt used for a long time, on which the password was not what i expected

after some incredibly small number of tries, i got a message which said

lol u forgot your password, please try again in a couple of HOURS

 

i know that this has been around for eternity, but it was always measured in minutes

so i get back on my main name and hit the play button only to get this same message AGAIN

 

when was this changed?

 

because this is REDICULOUS

 

so then im banned from the game for the rest of the day

 

this has been happening to an extremely large number of innocent people

when is this getting fixed?

[»Blocks]

It's always been like this. The fix is that after it happens to you once, you never let it happen to you again.

[Dr Brain]

Yeah, it's always been ridiculously long. Since only the undead control the biller, there's nothing we can do about it.

[Avast]

Lol it's like he has nothing to complain about so he complains about old ass things which have already been complained about a long time ago..

 

But anyway I agree it should be changed. The best option is that it should allow you to login on your normal name no matter how many failed attempts you have on a previous name, since the password would be correct on your normal name. But it wont let you login on the name you attempted more than 5+ times, for the rest of the day.

 

Basically it should be counted per name, and not total tries despite the name.

Edited July 29, 2011 by Avast

[Cheese]

in a decade i have never been locked out once

clearly something changed

 

and there is absolutely no reason to ignore a correct password on a different name

[Dr Brain]

Yes, this time you did more incorrect passwords than any other time. Nothing has changed on the server side of things. It did that to me back in '04, for sure, and it was old news even then.

 

You obviously don't understand the point of a lockout if you want it to accept correct passwords. The point is to prevent brute forcing accounts. Accepting a correct password is the same as no lock out.

[Avast]

Brain something about your nickname and what you just said doesn't add up.. especially when you claim people don't understand..

 

Assume I had an old name called Tycho Celchu, I think I might remember the password. I try five different passwords, they don't work. I now give up. And change to Troll God nickname, or Falconeer, or Avast. I put my correct password, and I get locked out of the game. The game says I tried to login to many times.

 

Explain how it's brute force when I changed nicks I am trying to login to? Really did this escape your thought? If the point of lockout is to prevent brute force, YOU ARE NO LONGER brute forcing if you changed the nick your logging into. It's a new nick with correct password, you shouldn't be locked out. That's why it should count logins per name. Not logins in total.

 

Suppose however I go back to Tycho Celchu and try login for the 6th time. Then it should just lock me out from logging into that name for a few days. That is what I call preventing brute force. Whatever you call what they are doing now, is obviously wrong, and not logical.

Edited July 29, 2011 by Avast

[Dr Brain]

Brute forcing can be done with names as easily as with passwords. More easily, in some respects, as it's easy to get a list of common passwords and have a bot give you valid player names. Without the lockout, you could get into a sizable percentage of accounts with very little effort.

[Avast]

I'm not disputing the lock out, I am saying to make the lockouts specific to the names people are trying to access to much. Edited July 30, 2011 by Avast

[Cheese]

dr brain, clearly you are unaware of what brute forcing is if you think that 5 tries before a multi hour lockout is correct

[»Lynx]

The wait is too long (i agree) but still...

 

Since only the undead control the biller, there's nothing we can do about it.

[Samapico]

Yeah... giving 5 tries for each different name would be more than enough to prevent bruteforcing...

 

But whether we like it or not, there's not much we can do

[Avast]

Yeah... giving 5 tries for each different name would be more than enough to prevent bruteforcing...

 

But whether we like it or not, there's not much we can do

 

Lets assume right now the system is something like 5 tries a day. (even though its probably more) No matter the name you use. Since I can do 5 tries on Tycho Chelchu, and then switch back to Falconeer with a proper pass, and it counts as too many login attempts. This means basically 5 to 10 tries a day, maximum.

 

If we switch to five tries per a name. This means If I have 20 names I want a password to, I can brute force each name 4 times. And keep going for as many names as I want passwords to. And then tomorrow do the same thing.

 

But either way even with the current 5 tries a day, as opposed to 5 tries a name. That's still 365x5 attempts. And to a hacker, or a troll time doesn't really matter, they are not in rush to get passwords. It doesn't have to be that very same day. If it takes 5 attempts everyday for a year, they will do it, and be happy with that. So all this does is just annoy us players. And if a player really wants a secure password, they should just make it long and have letters, and numbers in it.

 

In my opinion you could even make it so attempts on names you dont use are limited to maximum 5 tries per a day, no matter the name. But the billing server recognizes valid names you have passwords too, and will treat those names separately for you. Or just make it like other systems where if you attempt to login to many times, it sends an e-mail to the e-mail that the name is signed up with.

Edited July 30, 2011 by Avast

[Cheese]

tl;dr

 

if priit is in charge of fixing it, its never going to be fixed

ever