coin-lock
Latest
Cryptic ups security with Account Guard
Account Guard is not the name of a two-bit villain in Champions Online or a featured episode in Star Trek Online but instead a new security system that Cryptic Studios is installing for its games and websites. The system promises to track which computers you've logged in from and block unauthorized access to your accounts. If your account is compromised, the system will slam the doors closed on your games and send you an email with all of the details. The email also contains a one-time unlock code. This code allows players to open their accounts in the event of a mistaken intrusion. This system sounds very similar to Trion Worlds' coin lock mechanism. Players have a choice whether or not to participate in Account Guard, as they can opt out of the service through the account page. The studio has posted a FAQ with more answers to particular scenarios.
Enter at Your Own Rift: Notes from the front
The past week in RIFT has felt like a bit of a transition period. The world event came to an end, and players have generally put that behind them. Meanwhile, there are some pretty big things coming up soon with the next update, so you can feel the anticipation (and in some cases, concern) from the players over these changes. In this week's Enter at Your Own Rift, I'll discuss a few things that have caught my eye recently in game. Is coin-lock doing its job? Are we winning the battle of the spammers? Will the Dwarf NPC that I'm escorting really be dumb enough to run into that foothold up the road? Read on for the answers!
"Solid one-two punch": Trion responds to account hacks
The saga of RIFT's account security woes continues, as Trion World's Scott Hartsman responded to the hacker attempts, reassuring fans curious about what steps were being taken to secure their accounts. Citing "constant attacks" since the launch of RIFT that have impacted 1% of accounts, Hartsman said that the team is blocking hackers and botnets as quickly as they are identified, but that this will also be an ongoing process. "Both the login fix and the Coin Lock addition have been doing their part in signficantly reducing overall incidents over the last 18 hours," Hartsman wrote. "Neither one is a silver bullet, but so far it is looking to be a solid one-two punch for the weekend." According to his post, Trion will be hiring additional staff to tackle the problem, and is working on a "two-factor authentication" process for the future. Hartsman also praised the efforts of the player who brought a serious log-in vulnerability to the team's attention. ZAM tracked down the player for an interview, who himself had his account hacked in early March. The player is an "ethical hacker" who owns a security software company and realized that these hacks were not the fault of the player, but an exploit that had been discovered.
Player identifies "huge security hole" in RIFT's authentication system, Trion seals it
Hacking and account hijacking have been severe issues for RIFT ever since launch, even though Trion Worlds anticipated the onslaught from the beginning. Yesterday we saw Trion implement the so-called Coin Lock patch to prevent hackers from selling other players' items in-game, which some see as a novel (partial) solution to the problem. However, this may not be enough to stop the truly malicious invaders from getting into RIFT accounts. One player, identified as "ManWitDaPlan" on the forums, claims to have circumvented the account login completely, leaving a "huge security hole" for hackers to exploit: "I have verified the authentication system can be bypassed by successfully logging into another account without needing its credentials. Worse, all it took was about thirty seconds of time once I got all of the details locked down. I did trigger Coin Lock, but I was fully able to access that handy delete-character button, so this exploit is a griefer's dream. I will not post details on how to do this (so don't ask), but I'm positive that I can reproduce this at will and likely on any account on the system." Later in the thread, a Trion representative added: "We have some things in the works right now and have been passing on your feedback, concerns, and thoughts throughout the day (no matter how radical or unlikely). Sharing sensitive information about our actions (no matter how broad) naturally also informs those carrying out these attacks. This puts us in a tight spot with how much information we can provide, and the questions we can answer." And it looks as though the problem may be fixed, as ManWitDaPlan posted late last night: "Got word back from Steve Chamberlin, the development lead for Rift. This hole is sealed."
RIFT adds Coin Lock to improve security... probably
Getting your account stolen in an MMO is generally accepted to be about as much fun as having your car's engine fuse into a solid block of melted parts or getting bamboo slivers shoved under your fingernails. RIFT's newest patch, 1.02, includes a new feature designed to fight precisely that dreaded eventuality, with the new "Coin Lock" system restricting use of a character if the parent account logs in from a different location. While locked, the characters cannot access the auction or trade functions until the player verifies his or her identity. While the system is a great idea in theory, several players are reporting that the coin lock system is not working as intended, with supposedly "locked" characters remaining accessible and capable of using all features freely. There are also several threads devoted to claims that account hacks are still taking place, although as with any account security issue, culpability is difficult to determine. While RIFT's Coin Lock is an excellent idea, it remains to be seen whether it's actually accomplishing the stated goals. [Thanks to Simon for the tip!]
