Why does gamigo not address current issues with account hacking

  • Gamigo needs to start implementing 2 Factor Authentication.
    Whether it's by email, or by text on your phone, or by an app on your phone.

    When a new MAC address (hardware) or IP address (network) location is detected on the account, it should trigger to require to input a code to allow you to login.

    This might take some development time to figure it out but it will prevent over 95% of the current hacks which are happening and will resolve 100% of the tickets.

    Right now if you get hacked, all they say is "You gave your information out, it's your fault."
    But in reality there is no stopping a password generator from spamming random usernames and passwords until it logs into an account.

    If they truly cared about their community, this change needs to be implemented AS SOON AS POSSIBLE.
    But only time will tell.

    Current Guild Master of OneWingedAngels Guild.
    Current Raid Leader of the Alliance.
    Current IQ: 203 (and counting!)
    -
    xRei - Lvl 135 Warlock
    yRei - Lvl 135 Reaper
    zRei - Lvl 135 Gladiator
    -
    Add me on Discord and ask me anything Fiesta related:
    Rei#9999

  • I'm in full agreement that 2-factor should be implemented, it's very necessary given ongoing issues. However I'd maintain that it's still not, I repeat NOT hard to go update your password to a series of characters, numbers, and special characters that give you a substancially better defense against RNG password cracking programs. There are great free online programs like KeePass where you can enter all of your passwords and keep them secure with a master code, so you don't need to be like "Well how am I ever going to remember this long string of random characters I came up with that's nonsense?" You can easily manage your complex and secure passwords this way.


    It's not rocket science to upgrade your passwords to get a huge increase in security and hack prevention, just by avoiding using words/names/dates and other easily identifiable character strings. It's truly the best defense we have without 2-factor.

  • I'm in full agreement that 2-factor should be implemented, it's very necessary given ongoing issues. However I'd maintain that it's still not, I repeat NOT hard to go update your password to a series of characters, numbers, and special characters that give you a substancially better defense against RNG password cracking programs. There are great free online programs like KeePass where you can enter all of your passwords and keep them secure with a master code, so you don't need to be like "Well how am I ever going to remember this long string of random characters I came up with that's nonsense?" You can easily manage your complex and secure passwords this way.


    It's not rocket science to upgrade your passwords to get a huge increase in security and hack prevention, just by avoiding using words/names/dates and other easily identifiable character strings. It's truly the best defense we have without 2-factor.

    Thanks for the pointer.


    Would love a phone app for 2FA or just a text messaging system ?

  • And the people who do not have phones? Or do not have unlimited text? Cannot download phone apps?

    And if you are getting hacked having a code sent to your email, which they probably have as well if they got your login credentials, what is to stop them from hacking the email too?


    i think actual better security to prevent our info from leaking is better, and possibly teaching internet newbies the importance of not giving out their account info, not falling for fake links, and to not trust these random people they meet online with their account stuff.

  • And the people who do not have phones? Or do not have unlimited text? Cannot download phone apps?

    And if you are getting hacked having a code sent to your email, which they probably have as well if they got your login credentials, what is to stop them from hacking the email too?


    i think actual better security to prevent our info from leaking is better, and possibly teaching internet newbies the importance of not giving out their account info, not falling for fake links, and to not trust these random people they meet online with their account stuff.

    Most people have mobile phones if they don’t have one tough luck either get one or don’t secure your account with 2FA. Just so people are aware 2FA does not need to be mandatory it can be implemented as an opt in basis.


    Your last statement defiantly hold some truth. It should be rolled out regardless of the next steps gamigo choose to take.


    Gav


  • And if you are getting hacked having a code sent to your email, which they probably have as well if they got your login credentials, what is to stop them from hacking the email too?

    This is why you should have different passwords for all of your accounts and emails online. :)

  • And the people who do not have phones? Or do not have unlimited text? Cannot download phone apps?

    And if you are getting hacked having a code sent to your email, which they probably have as well if they got your login credentials, what is to stop them from hacking the email too?


    i think actual better security to prevent our info from leaking is better, and possibly teaching internet newbies the importance of not giving out their account info, not falling for fake links, and to not trust these random people they meet online with their account stuff.


    Email services like hotmail and gmail have contingency systems when someone tries to login to your account and fails the password 3 or 5 times in a row.
    So trying a password generator is unlikely to hack into your personal (or even alternate) email account to reset/change your Gamigo password.

    Most of the hacks happening right now don't hack your email, only your Fiesta Account username and password.
    Your Gamigo Account password should be different to your Fiesta Account password (surprise they're two separate accounts under the same username).
    This way they can't change the registered email, or the password linked to your account.

    So yes, sending a 2FA code to your email will prevent almost all hacks.
    Unless obviously... you have a keylogger on your computer. Which is an entire issue of itself, but completely on you (and not Gamigo).

    Current Guild Master of OneWingedAngels Guild.
    Current Raid Leader of the Alliance.
    Current IQ: 203 (and counting!)
    -
    xRei - Lvl 135 Warlock
    yRei - Lvl 135 Reaper
    zRei - Lvl 135 Gladiator
    -
    Add me on Discord and ask me anything Fiesta related:
    Rei#9999

  • Add 2fa already plz ty!

    kVJtqk7.png

    。.。:∞♡*♥ 105 Guard - 115 Wiz - 135 Guard - 135 WL - 135 Glad - 135 HK ♥*♡∞:。.。

    looking for sc bonus...

  • So all are these stolen accounts due to people clicking links and sharing their info or is it a hacker stealing info from random players?


    It's a combination from all of the above.
    People who roar about "SC giveaways" which will make you go to an unprotected link which will download a keylogger on your computer (which copies every key you type).
    People account share and get their stuff stolen and character deleted (Gamigo will restore your character, but not your gear).
    People are actively trying to hack others by means of password generators (randomly types username/passwords until it gets information correct).

    Current Guild Master of OneWingedAngels Guild.
    Current Raid Leader of the Alliance.
    Current IQ: 203 (and counting!)
    -
    xRei - Lvl 135 Warlock
    yRei - Lvl 135 Reaper
    zRei - Lvl 135 Gladiator
    -
    Add me on Discord and ask me anything Fiesta related:
    Rei#9999

  • Ahhh i got 3 quoted XD


    Anyways, I think I have mentioned before, but any service where 2FA is implicated, it has never ever been voluntary and only ever mandatory. I do not think this is the way to go, if they make it voluntary then there is not a down side to adding it, but my concerns are valid for people who do not want to go through that step, nor for people who are able to through access to a phone or such.


    nijutu specifically xD sorry I did not mean to imply that the password was same on email and account, I just meant that if they can hack your account, they have your email, and can therefore hack your email.


    While it is true that most email systems offer some sort of measure against randomly plugging in passwords, such as locking out the account from that PC, it is usually done through that kinda identification of your PC, so if the hacker uses tools that mask their presence and just has it changed around every 3 times, they could eventually get in. Nor do people check their emails every day so they may not see a "someone tried to get into your email" email before its too late.

    And yeah people should have different passwords for different things/places/accounts.


  • It's a combination from all of the above.
    People who roar about "SC giveaways" which will make you go to an unprotected link which will download a keylogger on your computer (which copies every key you type).
    People account share and get their stuff stolen and character deleted (Gamigo will restore your character, but not your gear).
    People are actively trying to hack others by means of password generators (randomly types username/passwords until it gets information correct).

    Yea, this is a good point. Although seriously, anyone who's ever played an MMO should know better than to use any link posted in-game. HOW DO SCAMMERS STILL GET AWAY WITH IT? It really boggles my mind and it's super sad.

  • If its voluntary and people don't want to go through the step why does it matter. If they want to leave their account unprotected without the extra 2fa then let them. If its mandatory maybe make it so we have the option of picking email or phone. Obviously email can be hacked like you said but i guess that's the risk you'll have to take if you dont want or cant add a phone. Still would be better than having no 2fa at all.

    kVJtqk7.png

    。.。:∞♡*♥ 105 Guard - 115 Wiz - 135 Guard - 135 WL - 135 Glad - 135 HK ♥*♡∞:。.。

    looking for sc bonus...

  • WE WANT TWO-FACTOR AUTHENTICATION.

    AND WE WANT IT NOW.

    Current Guild Master of OneWingedAngels Guild.
    Current Raid Leader of the Alliance.
    Current IQ: 203 (and counting!)
    -
    xRei - Lvl 135 Warlock
    yRei - Lvl 135 Reaper
    zRei - Lvl 135 Gladiator
    -
    Add me on Discord and ask me anything Fiesta related:
    Rei#9999

  • If its voluntary and people don't want to go through the step why does it matter. If they want to leave their account unprotected without the extra 2fa then let them. If its mandatory maybe make it so we have the option of picking email or phone. Obviously email can be hacked like you said but i guess that's the risk you'll have to take if you dont want or cant add a phone. Still would be better than having no 2fa at all.

    I am pretty certain that I said if its voluntary it does not matter, but my focus is on if its mandatory, and I will always bring it up, because I have never seen any service that has two factor authentication have it set as voluntary, it is always mandatory, which has very valid concerns.

    Another issue is, what if a player age 13 or so uses a parents email for their account, because the parent wants to keep tabs on the child (like if they start charging SC without permission or some such) so the player, does not have access to the original email, so would the child have to ask the parent every time they not only wanted to play but every time they get disconnected and need to relog in?

    Which I do not see why anyone wants 2fa on a game with so many stability issues. (The connection issues HAVE gotten better, but are still there). So every time in DDF ice room you get binned and need to relog back on you will have to dig around for some passcode sent to you? Type it in. Connect. Log on. Then rejoin raid. Seems like a waste of charms and time.



    If they did implement it, maybe a better solution is a way to turn it on and off? So while you know you are going to play you have it turned off, but then after you are done playing you can turn it on? Then it will only bother hackers, not yourself.

  • Isnt discord voluntary? Blizzard? Steam? Twitch? Amazon? Paypal? Theres alot of other games that offer 2fa too. And for your disconnection/binning issue about ddf farming, blizzards way -> "If you login consistently from the same location, you may not be asked for an authenticator code. This makes login faster when you're at a secure location." Most of the time if you put the code once you dont need to again. Only if youre logging at a different location/ip. Im not really sure why youd be against it even if its mandatory. If it helps people to not get hacked, like sure its a little inconvenient but thats nothing compared to being hacked and losing everything. Then getting 0 help from support. Even with 2fa its not 100% safe but its still better than no 2fa.

    kVJtqk7.png

    。.。:∞♡*♥ 105 Guard - 115 Wiz - 135 Guard - 135 WL - 135 Glad - 135 HK ♥*♡∞:。.。

    looking for sc bonus...


  • What.
    That's not how 2 Factor Authentication works??
    If I'm playing on my own computer and get disconnected, I won't need another code to log back in.
    It's only if a new MAC Address (Computer), or IP Address (Network) is detected, the system will assume someone is accessing your account without your permissions.

    2FA does not mean you need another code every time you get disconnected.

    Please don't respond to anything regarding 2FA, if you don't know how it works.

    Current Guild Master of OneWingedAngels Guild.
    Current Raid Leader of the Alliance.
    Current IQ: 203 (and counting!)
    -
    xRei - Lvl 135 Warlock
    yRei - Lvl 135 Reaper
    zRei - Lvl 135 Gladiator
    -
    Add me on Discord and ask me anything Fiesta related:
    Rei#9999

  • If numerous people keep reporting same person, even if you dislike their evidence (from my observation u guys label any evidence as "unworthy" though), it should be enough to check logs of person in question.

    One of oldest veterans of game, 2008+.
    Leader of oldest guild alive in game, BandOfTheHawk (2008+).
    Godliest free players alive, 0$ invested.

    Almost full cards collection.
    Author of numerous challenging videos and speed raids, top scorer of many GTs.
    Husband of a goddess.
    Facebook, Youtube, Site.... Find them on your own.

    ---------------

    And what did YOU achieve?

    About time to answer that question.

    -------------
    Discord: Yaseeda#3171