Jump to content

Security concerns


Recommended Posts

Posted (edited)

Hey there,

 

I wanted to pre-order this game really really bad for a while now but I simply can't

get myself to do so with the state the website is in. What I'm talking about is the

absolute lack of secure connection for registration and logging in via HTTPS/SSL.

This means everytime I'm logging in and when registering, my password and e-mail

is send plain text through the web. This is screaming for account theft and is

even worse when money is bound to the account. I already tried to get contact to the

people who are responsible via E-Mail multiple times but never got an answer so I hope

I'll be lucky in here.

 

I know there were already the same concerns for RoF by some people and they were

dismissed by saying there never was a problem with it, but I don't think it's the right move

to wait until something bad happens. I get the feeling that the topic is being avoided.

 

So my questions were why there is no https site for this (it shouldn't be a big deal to set it up)

and if they plan to do this so I can do a save order in the future. Also I hope the game itself

does secure connections. Else it would be even worse.

 

I am thankful for every bit of information. Would be really sad if this would prevent me from playing

the game (I'm sure it's great).

Edited by Anatta
Posted (edited)

I hope you aren't using the same password for this account as you are on the email account you would use to register, that's a security issue that no SSL can fix.

 

No personal information is retained, unless you fill in your full name, on the website. I have to manually enter CC information everytime, but I go through Paypal and that redirects to their SSL site for payment. Additionally, if you use a credit card you are again redirected to a SSL based site.

 

No games utilize SSL for communications, that would add entirely too much overhead.

 

So you could have your account password changed here and someone could malisciously post as you, but beyond that - no damage. Just email support and request a new password.

 

In four years I can count how many times my account in RoF has been compromised - zero.

 

All monetary based communications are secured.

Edited by FuriousMeow
  • Upvote 2
Posted (edited)

Thanks for answering.

 

Yes, all you say is right and of course I use different passwords everywhere. I am aware that

paypal uses SSL and that is not the problem I see. The payment part is absolutely fine.

The problem is that as far as I can tell, the game is bound to my account, meaning if my account

is compromised, the game and everything I may buy is potentially gone. And this account theft

part is stupendously easy accomplished via a MITM attack.

 

Edit: And about your RoF account being fine: As I said, that also was the argument used when I

read the same concerns in the RoF-forums and I absolutely believe that nothing happened yet. Yet.

That was my point.

Edited by Anatta
Posted (edited)

The problem is that as far as I can tell, the game is bound to my account, meaning if my account

is compromised, the game and everything I may buy is potentially gone.

It is not. If anything like that would ever happen (which is highly unlikely unless you're target of attacks but then game account should be the least of your concerns) all you have to do is to email support with request to reset password to your account - all they need is number of banking transaction of your payment and eventualy ID scan. And that applies to literaly every game out there. Once you've purchased something with credit card or paypal in game (or the game itself from the developer) it's child easy to retrieve access, regardless if your account was stolen or you decided to sell it on ebay and then scam the buyer. (except that selling game accounts is allways forbidden in the EULA, but that's not important in this example) Edited by Marrond
  • Upvote 2
  • 1CGS
Posted

As I said, that also was the argument used when I read the same concerns in the RoF-forums and I absolutely believe that nothing happened yet. Yet.

That was my point.

 

Your fears are unfounded. 

Posted

Well I think you guys actually convinced me and now I feel a little stupid

because this made me mad for weeks now and I just didn't see that retrieval

should be trivial (I hope) and basically nothing can be stolen... . Sometimes you

just need that little push to notice. So thank you. Just wish my e-mails would have been

answered. Would have made it much simpler.

 

Thanks

  • Upvote 1

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...