Play Now Login Create Account
illyriad
  New Posts New Posts RSS Feed - Account Hacks
  FAQ FAQ  Forum Search   Register Register  Login Login

Topic ClosedAccount Hacks
 Post Reply Post Reply Page  <1 345
Author
  Topic Search Topic Search  Topic Options Topic Options
Ruarc View Drop Down
Greenhorn
Greenhorn
Avatar

Joined: 04 Dec 2015
Status: Offline
Points: 61 		Direct Link To This Post Posted: 04 Dec 2015 at 10:40
Originally posted by GM Stormcrow GM Stormcrow wrote:

What I can say is that we know who was logged in, what credentials they used to log in - and even the details of their specific browser and session, logged to the millisecond with every single click that anyone makes on anything in the entire game.  

Um. This is actually much more alarming than I had previously thought. You have a blanket policy against reactivating abandoned accounts even if you know that it's unlikely and/or effectively impossible that the person who actually owned the account pressed the Abandon button?

Just by way of example here's the scenario I have in mind: Say you've happy-go-lucky Illyriad player Billy. Billy lives in Australia. Two years playing Illyriad later Billy tries to log in but can't. Apparently his account has been abandoned. He whines a bit about how it's not him that abandoned the account.

Meanwhile, you've got one (or more) of the GMs sitting at a computer looking at the login details for Billy. They know that Billy's account was abandoned from somewhere in the United States. Somewhere that he's never logged in from before. They do nothing.

I'm being (hopefully obviously) a bit flippant here so that you get my point. It's not reassuring, in the slightest, saying that you know all of this information if you have no intention of ever using it to undo clearly malicious actions taken against someone's account. A further layer of player-side security isn't a sideshow in that scenario, in all fairness.


Edited by Ruarc - 04 Dec 2015 at 10:41
Back to Top
BARQ View Drop Down
Greenhorn
Greenhorn
Avatar

Joined: 06 Oct 2015
Location: in Death
Status: Offline
Points: 77 		Direct Link To This Post Posted: 04 Dec 2015 at 14:18
i think GMs Said the have taken the suggetions of email verification etc in consideration so this ends the debate .
they've agreed to what you were suggesting to avoid this type of abandons .
please let me know if i m wrong
Back to Top
Ruarc View Drop Down
Greenhorn
Greenhorn
Avatar

Joined: 04 Dec 2015
Status: Offline
Points: 61 		Direct Link To This Post Posted: 04 Dec 2015 at 14:32
Originally posted by BARQ BARQ wrote:

i think GMs Said the have taken the suggetions of email verification etc in consideration so this ends the debate .

It doesn't sound that way. GM Stormcrow said;

Originally posted by GM Stormcrow GM Stormcrow wrote:

Suggestions about "delays" and "2 factor verification" etc are nice and all... but they're a sideshow to the fundamental truth that we do actually know what buttons were pressed, when they are pressed, and what credentials, IPs and browser session cookies were being used to authenticate their usage.  

That certainly implies (to me at any rate) that they have no intention of implementing any sort of further verification process to the abandon account option.
Back to Top
GM Rikoo View Drop Down
Moderator Group
Moderator Group
Avatar
Community & PR Manager

Joined: 28 Mar 2014
Location: Mars
Status: Offline
Points: 1233 		Direct Link To This Post Posted: 04 Dec 2015 at 15:16
We have answered the questions about this policy very clearly now, so I am closing this thread.

If you have questions about your specific account, please let me know in game or at community@illyriad.co.uk.

If we change or alter the way things are done in any way, we will of course let everyone know as with any other update.


Thanks!


Rikoo
Illyriad Community Manager / Public Relations / community@illyriad.co.uk
Back to Top
 Post Reply Post Reply Page  <1 345
  Share Topic   

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.03
Copyright ©2001-2019 Web Wiz Ltd.