Runes of Magic US / AU

Issue #1: There is no simple way to reset secondary password
Issue #2: The game crashes very frequently, even moreso when dealing with dalanis. This is a hassle to every player.
Issue #3: Forcing the secondary password at login makes it easier to be stolen (keyloggers, screengrabs or even mouse tracking don't even have to wait until you open the item shop anymore)

All in all, I applaud the initiative for trying enforce more security, but you have gone about it in the one of the worst ways possible.

At first I had a problem with this, in light of all of the hacks. But once I logged in and saw 'ENTER IT ONLY WITH ON-SCREEN KEYBOARD' I only somewhat changed my mind.

But still, it's like throwing away our accounts

first of all it already takes for ever to login to the game after a crash... or in my case the screen randomly going black when i switch out to change vent channel.

now..
1: start RoM
2: click "start"
3: click "confirm"
4: enter "username" and "primary pw"
5: enter "secondary pw"
6: click "confirm"
7: select char (usally already on the right one)
8: select channel
9: click "enter world"
10: do again on alt account (if you are using one)

and now hope to God your client doesn't crash and you have to do it all over again.


secondly
this doesn't improve security at all...
in fact it makes it less secure.


please remove the secondary PW at login and while your at it remove some of the other un-needed things.
like the confirm TOS/EULA... and adding a static channel would be nice too.

I'm willing to bet at least 90% of players are still typing in the secondary password anyways instead of using the on screen keyboard.

Give us more chances to guess it.... or at least don't lock us out for an entire hour.

@MEGAKICK - it says that, but you can just click into the text field and type it in normally, you just cant hit enter to progress as normal
@toorimakun - you assume people actually select a channel, it isnt a necessary step, but yes, people who use multiple accounts for planting are hindered (or for other things).
@alexpattas - its a 15 minute lockout, not an hour. but then again people might be putting the wrong password into the wrong box

further delaying login after a crash
- you sometimes have to wait a good minute or 2 for the game to fully crash and exit before the client loader will even come up
- even though the window has focus, you can't click on confirm the first time
- even though you are still focused into the login/password fields and start typing it likes to randomly ignore your first keystroke (on a wired keyboard, you can't try to blame wireless peripherals on this)

Personally, I don't see much difference for those who buy item shop stuff regularly - IF you have a key logger running, then the person will get your secondary password either way - doesn't matter if it is when you join the server, or when you buy some thing from the item shop. And if there is a key logger, it would be a stupid programmer who didn't look for ways to read the virtualkeyboard as you click on it.

I personally don't believe key loggers are a part of this - if so, we need to check addons out - there are just to many for it to be a key logger unless it is embeded in an addon.

In general addons don't have access to that information as many aren't even loaded at that point in the game. installing addons should always be drag and drop, if you use an executable to put in an addon, that is a risk.

Yes a keylogger can work regardless of when you type the password. but this has made it into a process, a process that they now know EXACTLY when that secondary password comes in, not through skimming a log file for a strange string of characters or series of clicks on the screen

Quoted from "icishoot;381295"

Personally, I don't see much difference for those who buy item shop stuff regularly - IF you have a key logger running, then the person will get your secondary password either way - doesn't matter if it is when you join the server, or when you buy some thing from the item shop. And if there is a key logger, it would be a stupid programmer who didn't look for ways to read the virtualkeyboard as you click on it.

I personally don't believe key loggers are a part of this - if so, we need to check addons out - there are just to many for it to be a key logger unless it is embeded in an addon.

If you're running addons through curse, it's not possible for them to be infected--unless curse itself is keylogging you.

Quoted from "sertet;381293"

@toorimakun - you assume people actually select a channel, it isnt a necessary step, but yes, people who use multiple accounts for planting are hindered (or for other things).

if you are level 54+ you have to make sure you are in the right channel... mostly channel 1.... or in grimdals case ONLY channel 1.

Instead of using our secondary passwords, they could just implement a random 4-6 digit key that we enter as this added buffer. That way, it's not like we're giving away anymore information we don't want others to see. This would also prevent login spammers since it'll be a different code every single time.

Quoted from "Edmard;381277"

I'm willing to bet at least 90% of players are still typing in the secondary password anyways instead of using the on screen keyboard.

That's a suckers bet there Cal

that would only prevent programs from login you in not hacking.

if they want to make it more sucure here is what to do:
1st: login from the very start of the client
-drop down list of user names with only first 3 or 4 letters visible.
-save PW(s) to the client (some one would have to have your computer to get in - optional)

2nd
a 4 digit pin you set up that is "click" only and set the numbers in random order (replaces the 2nd pw at login)

Quoted

if you are level 54+ you have to make sure you are in the right channel... mostly channel 1.... or in grimdals case ONLY channel 1.

I'm 58, and i've never been forced to select a specific channel on login. Sure some things are broken on specific channels in zones that actually have more than 1 channel.

But that is irrelevant, if you HAVE to log into channel 1, select channel 1 on the character screen, log into the character and immediately exit. This should save it in the config files for the game (the game saves all configs on exit, which is why when you crash interface changes are reset). If that doesn't work for you check to make sure your config files arent marked read-only (Usually kept in your my documents folder under runes of magic). Once you have done that once, you will never have to touch the channel selection on character login.

Saving passwords only causes users to forget their passwords when something breaks 2 months down the line so that won't be of use.


A secure route would be to have each installation have a client ID, if the client ID from the last login is not the current client ID, require a secondary password on login. That way it only happens when you use the account for the first time (or if you had to re-install, or are using a different computer for whatever reason). Brute force methods won't work and when it does pop up for the secondary password when you didn't change computers/installs you know there is a problem.

it has more to do with events

Quoted from "alexpattas;381304"

If you're running addons through curse, it's not possible for them to be infected--unless curse itself is keylogging you.

Which is why I don't by the key logger theory. There are too many hacked accounts.

Now, I did do some research on key loggers - and they are nasty little things. One claims to be able to install it self via a screen shot. I have never played around with one, so I don't know if the claims are true. If so, that means every screen shot posted on here by the non-familiar posters is suspect.

But that doesn't answer for those who are hacked who never get on the forums.


The other thought I have is how many of the "hacked" accounts have tried those programs out there that "claim" to be able to give you free diamonds - there are tons of you tube videos on them....

Guess what, I have "tried" one of those - using false information, but I wanted to test some thing out - using a network analizer, I found out those programs send your info to a third party server.


In order for a key logger to work it has to get on your system some how. Is it embeded in rom it self? Curse's client? - I'm pretty sure addons don't have access to the data (have looked through every single lua file, but that doesn't mean I didn't miss some thing).


Every one is quick to yell keylogger, but until we see the common denominator among those who are hacked, its a suspicious claim, or at least to claim it for every case of accounts being hacked.

I agree... Having to enter both your primary and secondary passwords on login is not only a bad idea, but it is VERY ANNOYING!!!

As if the constant crashes (especially in Dalanis or when teleporting) are not bad enough, now we have to keep entering TWO passwords to start the game (or restart, restart, restart... ad infinitum).

What is Runewaker / Frogster thinking?

Why not spend some time trying to fix all the existing bugs instead of adding annoying events that go on too long (Snowflake festival...) and break other things.

I play with my wife and two kids and, right now, the fact that my two kids LOVE being able to sit and play an "adventure game" with mom and dad is the only thing keeping me from switching to something else (Rift for example).

Come On Frogster / Runewaker, Fix the problems!! Don't create more things to annoy your client base and drive them away!!

I actually think having BOTH passwords is a very smart idea.

Quoted from "icishoot;381427"

Which is why I don't by the key logger theory. There are too many hacked accounts.

Now, I did do some research on key loggers - and they are nasty little things. One claims to be able to install it self via a screen shot. I have never played around with one, so I don't know if the claims are true. If so, that means every screen shot posted on here by the non-familiar posters is suspect.

But that doesn't answer for those who are hacked who never get on the forums.


The other thought I have is how many of the "hacked" accounts have tried those programs out there that "claim" to be able to give you free diamonds - there are tons of you tube videos on them....

Guess what, I have "tried" one of those - using false information, but I wanted to test some thing out - using a network analizer, I found out those programs send your info to a third party server.


In order for a key logger to work it has to get on your system some how. Is it embeded in rom it self? Curse's client? - I'm pretty sure addons don't have access to the data (have looked through every single lua file, but that doesn't mean I didn't miss some thing).


Every one is quick to yell keylogger, but until we see the common denominator among those who are hacked, its a suspicious claim, or at least to claim it for every case of accounts being hacked.

15 years of online gaming, visiting countless gaming forums, some being very shady, and I have NEVER been keylogged, let alone hacked at all. I doubt it's that easy.