It appears that ever since Rift launched, there’s been a real pandemic of hacked accounts around – to a degree that is baffling considering this is a new MMO which only just launched a few weeks ago. I’ve not ever had anyone hack accounts of mine in the past, but then I take all sorts of security measures on my PC (as far as that’s possible) and I’ve used a WoW authenticator for years, being paranoid that the same thing might happen to me like to several mates. If you’ve invested a lot of time into an MMO account, it’s a horrible idea that someone else might break into it and tear it apart. I even had a good friend quit the game for good over this.
Many bloggers have complained about Trion’s lack of security measures for Rift, some blaming them for the 16 characters password limitation. Personally, I don’t think this is the real issue, but then I’m not an expert in password security. I’ve commented a few times on other pages though, that I can’t understand why Trion would launch a new MMO without any security measures or authenticators being in place from the start. Surely, Blizzard’s past troubles in this area have shown everyone else how important this is?
Anyway, Trion did finally react; the following Email has been sent to Rift subscribers in the past 24 hours, introducing a Coin Lock system for their accounts:
Users will be coin locked if they log in from a new or different location or computer. When their account is coin locked, they will be sent an email to the address that they have on their account (their login email) with a code to enter into the game.
Users will see the Coin Locked icon in the spot where their tutorial button shows up. Deactivating the tutorial tips will not turn off the Coin Locked button.
While in a Coin Locked status, users will have the following limitations:
- No access to the auction house
- No ability to SEND mail. Users can still receive and view mail as well as remove items from mail
- No ability to SELL to vendors. Users can still purchase items from vendors
- No ability to salvage, runebreak or destroy items
- No ability to trade
- Users can continue to play and gain coin and items, but cannot get rid of them.
If you are Coin Locked, simply click on the Coin Locked icon and enter the code found in your email from Trion. You will only have to enter the code once for each computer at a given location. If you play from multiple locations, or on multiple computers, you will have to enter your code the first time you log in from each new location or computer. If you log in and your account is coin locked, check your email! Someone may have logged in from another location with your account.
It sounds simple enough – although I’ve no way of judging how secure this really is (am happy to be educated). It appears to be a good way to manage account security to me, without the need of some sort of “hardware” or extra tool involved. That said, they’ve also announced in the Email, that they’re currently looking at options for additional two-factor authentification, in form of a smarthphone app or other. I reckon that will be for free.
Ever since I subscribed for Rift, I have been spammed “Preorder Registration Information” Emails, coming from a no-reply account at direct2drive; I must have received 50 of them by now and haven’t really found any way to stop this (although I did contact them directly, but received no reply). I don’t assume these are phishing attempts, in all likelihood it’s just a mistake or auto-notification of theirs gone bonkers. Still, I’m really glad to hear Trion finally introduced a coin lock system, for what its worth.
I am very impressed with the speed at which Trion implemented this! It also works very well for me.
I never used an authenticator, but a ~20 char password that consists of all kinds of stuff. Nobody is going to hack that without some serious work. And nobody did for the last 6 years 😉
Indeed, it’s nice to see that they react to concerns so swiftly. Overall I have the impression that they keep in touch with the playerbase a lot and consider the feedback which is great.
and a 20char password…oh my god lol
I’d have to copy-paste that! 😉
I’m not sure how great this protection really is. I know when my brother had his WoW account hacked, it was because someone from China had hacked/keylogged their way into his Gmail. They purposely got his account “locked” by logging on from an IP that was unusual. Blizzard then sent him an automatic email to have his password changed…which the hacker then intercepted and changed to whatever they liked.
This Coin Lock system sounds very similar to what Blizzard did. So really, your Rift account would probably only be as safe as your computer/password security.
Correct me if I’m wrong of course.
@Faeldray
I’m not sure myself really, indeed there will always be ways to hack somebody if you want to (know how to). I applaud Trion for doing something though and as they said, they’re still working on a better tool.
But of course the biggest prio for every user is still to surf carefully and protect his machine to his best knowledge. I myself use several addons like adblockers and no-script, besides the mandatory “don’t click / open / download what you don’t know”. so far I’ve never encountered security breach issues.