RIFT Account Security Measures

An Account Security Discussion Thread on the RIFT Forums indicates that an exploit in the authentication system for Trion World's MMORPG has been fixed, after it was recently discovered that it was possible to login to accounts without even knowing the proper username or password. This combines with a newly implemented coin lock feature that required further authentication for attempts to login to accounts from a location significantly different from previous logins to address instances of account hijacking. Thanks Game Genus, where they have further reporting on the circumstances surrounding all this.
View : : :
30 Replies. 2 pages. Viewing page 1.
Newer [  1  2  ] Older
30.
 
Re: RIFT Account Security Measures
Mar 21, 2011, 03:13
30.
Re: RIFT Account Security Measures Mar 21, 2011, 03:13
Mar 21, 2011, 03:13
 
I was providing a solution to the only person I've heard of with an issue with coinlock as the system works fine for a vast majority of users. The system itself goes by the location assigned to the IP not really the IP itself, so if your ISP is assigning you an IP that's wildly different than the one you had before, you get locked. It doesn't go by city, or even state. We're talking large differences geographically. So again, the problem isn't with the coinlock, it's their ISP. It's also very possible the poster here was actually hacked and was in coinlock status because of it... but of course since we're all IT gods that couldn't possibly happen... could it?

It's nothing at all like SecuROM. If you feel like jumping to conclusions, then compare it to what it's really like, the security feature all major credit cards have which locks the card when the card company detects fishy charges, for example... your card being used at a gas station in Chicago then an hour later in China. It's the same concept.

Finally... it's a five digit code sent immediately to your email when you press the coinlock button. FIVE DIGIT CODE. If alt-tabbing to your email, looking at a five digit code, then entering it into the game is a hassle to you then I just don't know what to tell you....

Also it's hilarious the not-so-subtle trolling against anyone who might like a feature or, heavens forbid, even LIKE Rift. We get it, you don't like it, you prefer another MMO, you hate all MMOs, etc... But playing the fanboy card at this point is pretty much the gaming forum equivalent of Godwin's Law.
29.
 
Re: RIFT Account Security Measures
Mar 21, 2011, 01:54
29.
Re: RIFT Account Security Measures Mar 21, 2011, 01:54
Mar 21, 2011, 01:54
 
Yeah, when I was coin-locked, it took me literally 20 SECONDS to alt-tab, go to e-mail, copy code, back to game, control-v, unlocked. That's hardly a hassle.
28.
 
Re: RIFT Account Security Measures
Mar 20, 2011, 23:39
28.
Re: RIFT Account Security Measures Mar 20, 2011, 23:39
Mar 20, 2011, 23:39
 
Even if your IP is changing and you're getting coinlocked it's hardly much of a hassle. You simply check your email (alt tab works fine, or if you have a smartphone you don't even need to do that) copy the 6 digit numeric code (copy/paste from browser to game works as well).

That's why this is a good system, it still lets you in the game to gain xp it just prevents damaging actions until you've entered the code.

If a gold farmer hacks my account he can only do beneficial actions for me and then I'm notified by email that it's happened. If my account hasn't been hacked I enter a code in less than a minute and am on my way.
Avatar 17249
27.
 
Re: RIFT Account Security Measures
Mar 20, 2011, 21:26
27.
Re: RIFT Account Security Measures Mar 20, 2011, 21:26
Mar 20, 2011, 21:26
 
JohnBirshire wrote on Mar 20, 2011, 19:50:
If you like this coinlock feature, then you should be a fan of SecuROM too. They are both similar concepts, punish the legitimate paying user in an attempt to punish wrongdoers.

Can't believe these hypocrite fanboy morons.

LOL! Simply LOL!

I thought you were bored with it anyway?
Avatar 19028
26.
 
Re: RIFT Account Security Measures
Mar 20, 2011, 19:50
26.
Re: RIFT Account Security Measures Mar 20, 2011, 19:50
Mar 20, 2011, 19:50
 
If you like this coinlock feature, then you should be a fan of SecuROM too. They are both similar concepts, punish the legitimate paying user in an attempt to punish wrongdoers.

Can't believe these hypocrite fanboy morons.
25.
 
Re: RIFT Account Security Measures
Mar 20, 2011, 14:50
25.
Re: RIFT Account Security Measures Mar 20, 2011, 14:50
Mar 20, 2011, 14:50
 
WyldKat wrote on Mar 20, 2011, 14:24:
If your IP is changing and you are getting coinlocked, it's not Trion's fault. Call up your ISP and ask them about static IP options.

Yeh, its your own dumb fault for not forking over the extra cash for a static IP!

Oh wait - that sounds fucking ridiculous. Thanks for reminding us how fanboys think.
24.
 
Re: RIFT Account Security Measures
Mar 20, 2011, 14:28
24.
Re: RIFT Account Security Measures Mar 20, 2011, 14:28
Mar 20, 2011, 14:28
 
Thought most if not all consumer ISPs rotate/change IPs once a week/month. Seems like a huge issue with this security measure. Everytime there is a power outage you get a new IP, unless you have a paid dedicated line (most don't).

Haven't tried the game yet, can you just email Trion anytime for a new password, when your IP changes, like forgetting your password?
‘What is this bullshit that you people are doing?’
The worst criminal in human history, undeniably.
Beating and Gassing Americans for Jesus!
Ain't no tweetin, in jail jammies!
Avatar 1858
23.
 
Re: RIFT Account Security Measures
Mar 20, 2011, 14:24
23.
Re: RIFT Account Security Measures Mar 20, 2011, 14:24
Mar 20, 2011, 14:24
 
First of all, the Coin Lock system is simply brilliant and I'm surprised no other MMO company has thought of this before, especially since it's extremely similar to what credit card companies do when they detect shady charges.

If your IP is changing and you are getting coinlocked, it's not Trion's fault. Call up your ISP and ask them about static IP options.

As for the account exploit, Trion had it fixed within hours of the white hat posting that he found an exploit and for Trion to PM him. You can find the full story here: http://rift.zam.com/story.html?story=25684

Trion has been on top of their game regarding staying on top of gold spammers, hackers, and getting lost items/gold back to those who have been hacked. Something that Blizzard STILL cannot seem to get a handle on, let alone handle promptly. All that and Trion is doing while having an understaffed CS department during one of the largest MMO launches in awhile.

I should also mention that Trion is banning credit cards, too. Especially in circumstances where credit card fraud is used to purchase many copies of the game to use for farming and spamming purposes with stolen cards. Other MMO companies are happy to accept dirty money, it's refreshing that Trion is taking the higher ground.
22.
 
Re: RIFT Account Security Measures
Mar 20, 2011, 11:36
22.
Re: RIFT Account Security Measures Mar 20, 2011, 11:36
Mar 20, 2011, 11:36
 
If you are on an ISP that routinely changes your IP address, you will get re-coin locked every time. It might require an email to Trion support.

If you've not done that, and just complained here; i don't know what to tell you.
21.
 
Re: RIFT Account Security Measures
Mar 20, 2011, 10:40
21.
Re: RIFT Account Security Measures Mar 20, 2011, 10:40
Mar 20, 2011, 10:40
 
Did you put in the code you got via email? /facepalm
As for the poster below who talked about being coin locked everytime he logs in since the new patch, read the fracking notes!

Listen to these fanbois. Just like Trion assumed it was the user's fault that their accounts were being hacked, the game's fanclub thinks it's the user's fault when their new system is bugged. YES I put in the code, every single time I login I have to check my email and do so. Hence, the complaint. /facepalm that

20.
 
Re: RIFT Account Security Measures
Mar 20, 2011, 08:10
K
20.
Re: RIFT Account Security Measures Mar 20, 2011, 08:10
Mar 20, 2011, 08:10
K
 
JohnBirshire wrote on Mar 19, 2011, 18:39:
Everytime I log in since the last patch it says I'm "coinlocked" for logging in from multiple IP addresses. Simply. Not. True. Good job guys, A+.

Oh well, I am bored with how generic the game is anyways, wasn't planning on playing past the first month.

Did you put in the code you got via email? /facepalm
19.
 
Re: RIFT Account Security Measures
Mar 20, 2011, 05:40
19.
Re: RIFT Account Security Measures Mar 20, 2011, 05:40
Mar 20, 2011, 05:40
 
Coming from WoW for the last 4 years to Rift due to boredness, I have to say I love it so far. Had it a couple of weeks and enjoying it tremendously.

As for the poster below who talked about being coin locked everytime he logs in since the new patch, read the fracking notes! You get coin locked on first log-in with new patch - check your email for the code to unlock it. Its a security measure for your benefit. Once code is put in then it will unlock and be fine from then on.
18.
 
Re: RIFT Account Security Measures
Mar 19, 2011, 23:49
18.
Re: RIFT Account Security Measures Mar 19, 2011, 23:49
Mar 19, 2011, 23:49
 
While the security thing is a big deal in my opinion of the company, I can't deny how great the game has been and how responsive the devs have been as a whole. Not being affected by it has to have something to do with my being able to get past it.
I've still got people from other games flowing in based on the experiences my gaming circle is having. Its hard to imagine Rift going f2p or flopping within a year if they keep on as they have.
17.
 
Re: RIFT Account Security Measures
Mar 19, 2011, 23:11
17.
Re: RIFT Account Security Measures Mar 19, 2011, 23:11
Mar 19, 2011, 23:11
 
fatguy wrote on Mar 19, 2011, 22:33:
I can't see your lips.

Be that as it may, I have to agree with him. There's no way I'm going to run out and buy a copy of this game just so I can pay a subscription for a month, get bored, and quit.
16.
 
Re: RIFT Account Security Measures
Mar 19, 2011, 22:33
16.
Re: RIFT Account Security Measures Mar 19, 2011, 22:33
Mar 19, 2011, 22:33
 
I can't see your lips.
15.
 
No subject
Mar 19, 2011, 21:34
15.
No subject Mar 19, 2011, 21:34
Mar 19, 2011, 21:34
 
Read my lips, free to play with in a year or fail...:)
14.
 
Re: RIFT Account Security Measures
Mar 19, 2011, 19:25
14.
Re: RIFT Account Security Measures Mar 19, 2011, 19:25
Mar 19, 2011, 19:25
 
Shame it took until an honest person discovered the massive security exploit that allowed anyone to log into whatever account they wanted, just as long as they knew the character name ingame. Even worse they kept hinting that the problem rested with the user instead of with Trion's coding. Yes some people lost their account due to an infected machine or being dumb, the the majority of these problems rested on Trion's shoulders.

The sheer number of compromised accounts should have sent off red flags with Trion, yet they wouldn't admit it other than suggest people run AV software. And now, there has been no sincere apology from the company for what had happened when this has to be one of the biggest security breaches in AAA MMO history. Thankfully personal account information wasn't compromised (that we know of).
13.
 
Re: RIFT Account Security Measures
Mar 19, 2011, 18:51
13.
Re: RIFT Account Security Measures Mar 19, 2011, 18:51
Mar 19, 2011, 18:51
 
Does it still coin lock you after you put in the code and log in again? It coin locked everyone the first time the patch went out, it was supposed to.
12.
 
Re: RIFT Account Security Measures
Mar 19, 2011, 18:39
12.
Re: RIFT Account Security Measures Mar 19, 2011, 18:39
Mar 19, 2011, 18:39
 
Everytime I log in since the last patch it says I'm "coinlocked" for logging in from multiple IP addresses. Simply. Not. True. Good job guys, A+.

Oh well, I am bored with how generic the game is anyways, wasn't planning on playing past the first month.
11.
 
Re: RIFT Account Security Measures
Mar 19, 2011, 18:14
11.
Re: RIFT Account Security Measures Mar 19, 2011, 18:14
Mar 19, 2011, 18:14
 
Grounded wrote on Mar 19, 2011, 16:43:
WoW 2.0 here we go!

What's wrong with that? I rather enjoyed WoW 2.0. It's 3.0 and 4.0 that sucked.
Avatar 13977
30 Replies. 2 pages. Viewing page 1.
Newer [  1  2  ] Older