|
|
#11
02-13-2014, 05:54 PM
|
||||
|
Quote:
__________________
Gnawlunzs Phrogphry
Master Angler, Baker, Cadger, Drunk "If you can't eat a frog, then eat two." | |||
|
|
||||
|
#12
02-13-2014, 06:00 PM
|
|||
|
Does the login have a limit to failed attempts?
If not, seems like you could figure it out. Non-plain text password is a good thing, but I wonder how complex the password that is stored is? Even if they didn't want to spend the time creating a reset password process to change the pass, giving us the crypt used to create it (or hash+salt formula) and the encrypted pass itself, would allow someone to easily discover the plain text pass they used initially by running it through something.
__________________
Realtime auction logger: http://ahungry.com/eqauctions/
| ||
|
|
|||
|
#13
02-13-2014, 06:04 PM
|
|||
|
I don't think it's the technical difficulties. It's true that reading a hashed password is really hard, but replacing one hashed password with another (ie. changing your password) is really easy.
The hard part (and I imagine the reason the staff won't do password changes until that cellphone thing is ready) is making sure you're supposed to change the password. After all, I could just say "hey GMs , that account of Bob's is really mine; can you change the password for me?" and take over his account. Unless the GMs know for sure that I'm the owner of the account (ie. if I can shoot them a text message from a phone they know owns that account), they don't know whether they're helping a forgetful person or a malicious scammer. Technology = easy ... it's the humans that are hard. | ||
|
|
|||
|
#14
02-13-2014, 06:09 PM
|
|||
|
If you petition on the forum nicely, you might be able to get them to reassign the name and guild leadership on a new character under the same Emu account, but separate login account.
Your other stuff is lost for now though. [You must be logged in to view images. Log in or Register.] | ||
|
|
|||
|
#15
02-13-2014, 06:11 PM
|
|||
|
P.S. You would think that you could verify people with email, but email itself can be easily hacked (see: Sarah Palin's email a few years ago). Regardless of whether email actually gets hacked or not, the devs would have to deal with people claiming that their email was hacked, and I imagine that could easily become a nightmare as it ultimately boils down to a "he said, she said" situation.
They avoid hours and hours (if not days and days) of CSR work with their current policy. | ||
|
|
|||
|
#16
02-14-2014, 06:18 PM
|
||||
|
Quote:
__________________
| |||
|
|
||||
|
#17
02-14-2014, 08:15 PM
|
|||
|
I wonder how Rog would feel about someone trying to brute-force a LS password lol.
__________________
Baalzy - 57 Gnocro, Baalz - 36 Ikscro, Adra - 51 Hileric, Fatbag Ofcrap - 25 halfuid Red99 Baalz Less - Humger, Baalzy - Ikscro If MMORPG players were around when God said, "Let there be light" they'd have called the light gay, and plunged the universe back into darkness by squatting their nutsacks over it. Picture courtesy of azeth | ||
|
|
|||
|
#20
04-03-2014, 01:20 PM
|
||||
|
Quote:
But this basically is an amateur project, soooo... choose passwords you can remember. Write down what you can't. I hate pretty much everything that is related to passwords, but don't let that get the better of you. I didn't play for 4 years and I was able to log in, because master password for everything. Also, is there really no email account tied to our eqemu accounts? | |||
|
|
||||
 |
|
|
Linear Mode
