Forums

Protect User´s Character Names

Quick find code: 278-279-480-66098079

of 6
Vegetto
Dec Gold Premier Club Member 2010

Vegetto

Posts: 5,801Rune Posts by user Forum Profile RuneMetrics Profile
Dear,

The security of players´s character names is really low, so insecure. it is good that ingame you get asked for the bank pin if you try to change your character but this pin is asked only ingame, if you go to account settings on homepage you can change your name without knowing bank pin and since you can access the account setting on homepage of any acc just by knowing the id and password make the name change so vulnerable since you can access the setting even if the acc has authenticator enabled so you can bypass that, which is the weak part of the security of name.

the good thing:

trying to change name from ingame asks for bank pin as showed in pic below.



The bad thing:

trying to change character name from homepage account settings doesnt ask you for any security system as bank pin, auth or email link.



Suggestion:


Send an email link similar to how changing password works to be able to change character name
, cause having a bank pin ingame to change name isnt enough if you can bypass the pin by trying to change the name from account setting on homepage.

there are many cases where hackers and malicious users get id and password details but thanks to authenticator and bank pin those malicious users cant harm the account but none of these security system are required to change character name via account setting from homepage so malicious users who at least get id and pass could easily steal names. Please put security to character name change.
Check Out
----->
[S] Bulk Skilling Supplies & Miscellaneous

Discord
-------->
Vegetto#3119

14-Apr-2019 20:44:18 - Last edited on 14-Apr-2019 21:10:02 by Vegetto

Kopaka
Nov Gold Premier Club Member 2017

Kopaka

Posts: 1,849Mithril Posts by user Forum Profile RuneMetrics Profile
Original message details are unavailable.
Just saying, but IIRC, the bank pin only appears if you haven't already entered it for any other reason.

Otherwise im sure it'll just let you change your name like normal.

Doesn't change the fact the hacker would need to know it to change your display name from in game, though.

16-Apr-2019 23:04:03

Draco Burnz
Dec Gold Premier Club Member 2011

Draco Burnz

Posts: 64,599Emerald Posts by user Forum Profile RuneMetrics Profile
Original message details are unavailable.


How many times have ppl complained about a hacker bypassing their bank pin?

I mean to a well trained hacker knowing someones bank pin would be easy.

You seem to think that having a bank pin means its impossible to decode.

So TBH, if anything you should be forced to enter pin no matter if you have so or not before on top of which you should be forced to enter auth #s.
Draco Burnz
True Collector of Cosmetics
7th year VIP 2013-2019

Support and

16-Apr-2019 23:06:34 - Last edited on 16-Apr-2019 23:32:56 by Draco Burnz

xxqw56chxx
Aug Member 2018

xxqw56chxx

Posts: 527Steel Posts by user Forum Profile RuneMetrics Profile
Draco Burnz said:
Original message details are unavailable.


How many times have ppl complained about a hacker bypassing their bank pin?

I mean to a well trained hacker knowing someones bank pin would be easy.

You seem to think that having a bank pin means its impossible to decode.

So TBH, if anything you should be forced to enter pin no matter if you have so or not before on top of which you should be forced to enter auth #s.


This is how I feel about this as well.

29-Apr-2019 22:09:39

Quick find code: 278-279-480-66098079Back to Top