Account Hacks

It doesn't sound that way. GM Stormcrow said;

That certainly implies (to me at any rate) that they have no intention of implementing any sort of further verification process to the abandon account option.

Um. This is actually much more alarming than I had previously thought. You have a blanket policy against reactivating abandoned accounts even if you know that it's unlikely and/or effectively impossible that the person who actually owned the account pressed the Abandon button?

Just by way of example here's the scenario I have in mind: Say you've happy-go-lucky Illyriad player Billy. Billy lives in Australia. Two years playing Illyriad later Billy tries to log in but can't. Apparently his account has been abandoned. He whines a bit about how it's not him that abandoned the account.

Meanwhile, you've got one (or more) of the GMs sitting at a computer looking at the login details for Billy. They know that Billy's account was abandoned from somewhere in the United States. Somewhere that he's never logged in from before. They do nothing.

I'm being (hopefully obviously) a bit flippant here so that you get my point. It's not reassuring, in the slightest, saying that you know all of this information if you have no intention of ever using it to undo clearly malicious actions taken against someone's account. A further layer of player-side security isn't a sideshow in that scenario, in all fairness.

GM Rikoo wrote: We have successfully used this system for years, with tens of thousands of abandons, with barely any issues.

i read this as "the burden of proof is on you (BobTron) to demonstrate there is a problem with a system that has worked so well for so long." if information will help you construct a timeline, ask for that (privately, not via the forum).

GM Rikoo wrote: 2) We will not add a delay or a chance to "take back" an abandon. Imagine: Tony marks his account as abandoned, gets a bunch of attacks coming in, then claims it back and goes "HELP!!" - drama ensues.

i'm not sure i'm in favour of this, but the way to make this work is to allow a player to register his/her intention to abandon and then execute the actual abandonment after a three days absence (or appropriate period). nothing is done to the account during the countdown. if the player signs into the game during those three days, s/he is greeted with a "glad you changed your mind" message and the game tosses out the timer. if the player stays out for the required time, the account is abandoned at the end of the waiting period. (again, not trying to convince anyone of this, just laying out how it might be done *if* the devs were interested.)

2) We already discussed why a delay would be a bad idea. We cannot allow a player to mark themselves as abandoned, only to return shortly... for many reasons.

3) We have already taken suggestions for email verification, etc, in this thread and in communications with you.

4) We do not register problems only when people complain. We have other ways of noticing when an issue is an issue. Again, the system has worked almost perfectly for many years. 

If anyone has any new suggestions, please feel free to post them here. Going over the same points we have already gone over would do no good, as I can only copy them down once.

Thanks all!

Rikoo

if I sign in and see my caravans going to your castle I pretty much know whos the bad guy 

(Brand you are not a bad guy. in fact a hero type) 

But Just saying