Runes of Magic US / AU

Quoted from "svrStewey;382224"

If you have a key-logger on your system, and it wasn't detected, then I suggest you go and buy a good AV or buy a good AV and dump that free AVP crap. A key-logger needs to install on your system for it to work correctly.

Unless it is a wide-spread/well-known key-logger, chances are your AV program will not catch it, and probably not your anti-spyware either. I speak from professional experience. I am a software developer that created a program that logs keystrokes and records the screen, and we have 1000s of installs, and almost never does AV/AS software give any warnings at all. We even connect to our web server and send notifications of certain keywords being typed (which could just as well be used to send passwords to us). In our case, our software is legit, and designed for parents to keep an eye on their children on-line. Yes, it even records RoM in full-screen mode, and does happen to record the password as well (if they type it in), which some parents like knowing their kids passwords.... all totally legit (even if kids don't like it :p).

If you have UAC enabled or run as a non-admin account, you do get one warning and/or prompt for admin credentials, but it is the same warning you see anytime you try to do just about anything in Windows... so most users probably just click OK without thinking about it much.

Anyway, don't assume you are safe just because your AV software is good and updated.

Best way I've found to avoid being hacked is to play the game 24/7, that way you'll know if someone is trying to access your account.

is it fixed yet?
i don't even feel like trying to login to see for my self...

Quoted from "Toorimakun;386592"

is it fixed yet?
i don't even feel like trying to login to see for my self...

Fixed? If you mean fixed by removing the secondary password protection the answer is no. I doubt they're going to any time soon either.

Quoted from "wolfowl77;386665"

Fixed? If you mean fixed by removing the secondary password protection the answer is no. I doubt they're going to any time soon either.

yep... that is what i meant.... well damn... guess i will start looking for a guild in the game i have been playing to try and pass the time until this crap is fixed.

this kind of "protection" is like using 2 condoms... it is more likely to break... in this chase some one is more likely to REALLY mess up your account... like say deleting your chars and spending your Dias and stuff that the 2nd PW is suppose to protect.

I have read the thread and the many complaints, but somewhere I got the impression that the secondary password would only be used under certain circumstances.

I get asked for my secondary password EVERY TIME I log in to the game.

Is that supposed to be the way it works? Every single time? Or is there something fubarred on my account causing the secondary to always be required?

Quoted from "vershana;393352"

I have read the thread and the many complaints, but somewhere I got the impression that the secondary password would only be used under certain circumstances.

I get asked for my secondary password EVERY TIME I log in to the game.

Is that supposed to be the way it works? Every single time? Or is there something fubarred on my account causing the secondary to always be required?

It's the new security feature runewaker came up with tohelp protect accounts from getting hacked... by immediately giving keyloggers access to both passwords at once!

Don't worry, you are not alone in thinking it is a dumb idea.

What I think is really funny is I am still required to use my secondary password to buy CS items. I dont know, maybe the person who hacks my account will forget my secondary password after they log in and wont beable to use my diamonds.

Quoted from "Pointandshoot;393412"

What I think is really funny is I am still required to use my secondary password to buy CS items. I dont know, maybe the person who hacks my account will forget my secondary password after they log in and wont beable to use my diamonds.

This is the bit I don't like about it. The password that was supposed to keep my diamonds safe and add an extra step in deleting characters has now become a general password. If a person learns enough to log into my account my characters and diamonds don't have that extra protection any more.

Quoted from "ghostwolf82;393400"

It's the new security feature runewaker came up with tohelp protect accounts from getting hacked... by immediately giving keyloggers access to both passwords at once!

Don't worry, you are not alone in thinking it is a dumb idea.

Heh. Okay, I guess as I'm fine with it as long as I know others are sharing my pain!

Just didn't want to be the only one.

Thanks!

Quoted from "shopguy;385834"

Unless it is a wide-spread/well-known key-logger, chances are your AV program will not catch it, and probably not your anti-spyware either. I speak from professional experience. I am a software developer that created a program that logs keystrokes and records the screen, and we have 1000s of installs, and almost never does AV/AS software give any warnings at all. We even connect to our web server and send notifications of certain keywords being typed (which could just as well be used to send passwords to us). In our case, our software is legit, and designed for parents to keep an eye on their children on-line. Yes, it even records RoM in full-screen mode, and does happen to record the password as well (if they type it in), which some parents like knowing their kids passwords.... all totally legit (even if kids don't like it :p).

If you have UAC enabled or run as a non-admin account, you do get one warning and/or prompt for admin credentials, but it is the same warning you see anytime you try to do just about anything in Windows... so most users probably just click OK without thinking about it much.

Anyway, don't assume you are safe just because your AV software is good and updated.

Best way I've found to avoid being hacked is to play the game 24/7, that way you'll know if someone is trying to access your account.

Wow.

Stop giving bad advice concerning combating Keyloggers.

At first I had a problem with this, in light of all of the hacks. But once I logged in and saw 'ENTER IT ONLY WITH ON-SCREEN KEYBOARD' I only somewhat changed my mind.

It makes this game way more secure, if anything you should like it. I think people who don't like it are just lazy and don't want to type a simple password in.

Quoted from "cetrex;394821"

It makes this game way more secure, if anything you should like it. I think people who don't like it are just lazy and don't want to type a simple password in.

I feel the same way, and considering there has been no "help I been hacked" posts, this method seems to be working. Other online games I play either use a verification code that gives you 5 chances, or they ask for the secondary password, but only if you have changed your ip address.

Quoted from "cetrex;394821"

It makes this game way more secure, if anything you should like it. I think people who don't like it are just lazy and don't want to type a simple password in.

Or they're concerned about the potential security threat of typing in the secondary password in conjunction with the main one.

Maybe they could have used a triple-password system and REALLY ticked everyone off.

still not fixed. >.>

Quoted from "SundayForever;394794"

At first I had a problem with this, in light of all of the hacks. But once I logged in and saw 'ENTER IT ONLY WITH ON-SCREEN KEYBOARD' I only somewhat changed my mind.

if that is really all it would take they could have added that to the FIRST PASSWORD.
you can still enter the second pw with the keyboard... and im sure most people do.

Exactly it doesn't stop keyloggers, and it gives us an extra thing to remember, which for me is difficult. They should just create an option to have it removed, and make it easier to reset if we forget it.

you should defiantly remember it and it should not be easy to reset... it is the most important security part of the game.... witch is why it SHOULD NOT be required at the start of every game.

the more you use it the more likly it is to get jacked... and the way that you can enter it at the start of the game is no different then the first pw other then you have to CLICK enter instead of PRESS enter.



PLEASE FIX THIS ALREADY!!!



i kinda want to play..... but just thinking about HOW LONGGGG it will take to login makes me change my mind.

The funny thing is, that if you reconnect (When you swap accounts, dc etc) it automatically puts in the last secondary pass you entered. So just wait for the person to DC then hack him, or just hack him and hopefully you'll have his secondary password, after that he is royally stuffed.

Quoted from "marco1234;410149"

The funny thing is, that if you reconnect (When you swap accounts, dc etc) it automatically puts in the last secondary pass you entered. So just wait for the person to DC then hack him, or just hack him and hopefully you'll have his secondary password, after that he is royally stuffed.

This.

The addition of the secondary password entry has added no more security.
A friend of mine was hacked multiple times because they were kicked off and the hacker didn't need to know their secondary password. I believe the timer between logging out and having to re-enter the secondary password is 5 minutes.

Without being hacked on this toon, I've even noticed this - I crash, log back in and do not have to enter my secondary password. I'm sure it would be the same for someone who isn't me, trying to log into my account.

This needs to be fixed.

how about just putting options in the settings see i like it for cash shop reasons and if i am deleting a char but not for logging in and if i leave my char loged in witch we all do for mems or to get rid of exp debt i have crashed and reloged to have 1 failed attempt and i know its a bug from being loged in i wounder if i dont crash or log out for 5 days is my account getting locked wow