Internet Protocol Security

Gambet · #1 11-09-2005, 10:44 PM

I believe, to make it impossible for one to steal anothers account, that Graal should use an Internet Protocol (IP) security system in which when you log on the client with your account, your IP is saved and the game will ask you to give a security password for your account, and only that IP can access the account from then on, unless you input the security password. Basically, what will happen is that whenever you log into client, your IP is scanned, and if it matches the one that was registered into the client, then you will be able to use that account as you normally would. If the IP does NOT match, then a box should come out in which it will ask you to type in the security password that you inputed upon registering your computer IP (meaning the password that was asked of you to input when you first logged onto the account while the system is in affect). After putting in the security password, whatever IP the computer you are using currently has, will then override the previous IP saved by the account and you will have full access to the account as you normally would. Of course, if you have not yet registered your IP to your account, then upon logging into your account, you will be asked to write up a security password that you will be able to use to access your account if the IP that the client will save does not match the IP of which a computer that you use in the future may have. This would work for users both with static IP's and those without static IP's, or simply those that use different computers to play Graal. This will completely prevent users from ever getting into ones account, unless of course someone is foolish enough to reveal their security password.

If you want to get even more technical, then instead of registering your own security password, it would be even more protection if Graal gave you a password instead (like the passwords it gives you upon registration). With this security password that Graal gives you, each time you use it, whether the IP matches or not, you will be able to gain access to the account.

NOTE: The IP that the client recognizes as yours for a specific account will only change if you are trying to log in with a different IP and you have to use the security password to log in.

Also, to prevent users from forgetting their security password, it would be nice if the client displayed a users security password in the interface or so as a reminder. To prevent account stealers from stealing a users security password, I believe that their should not be an email function in which you can request your password by email, since account stealers will try to hack into your email account and take your password.

Questions? Comments? Please, don't be shy. Just remember that I can only post once every eight hours.

EDIT:
For the two posts below mines: I believe that their should be as much security as possible. If you find it annoying to have to type in a simple password, then you shouldn't complain if your account was ever accessed into. Those that complain about this based on laziness do not deserve any help when they are in a situation where someone has hacked into their account. Although people are secure or think they are secure, ANYTHING CAN HAPPEN. I mean, just take this whole Velox thing as an example. You never know what people are going to try to do to gain access into your account. It's always nice to have extra security preventing users from getting into your account. Also, just because one manages to steal your account password does NOT mean they will manage to take your security password. Stealing one thing is not the same as stealing two. By being secure and having this system in full function, you will NEVER have a problem with someone getting into your account for as long as you play Graal.

petro1212 · #2 11-09-2005, 10:57 PM

No offense gambet but this just a whole bunch of extra work. I for one have an IP that changes on a regular basis and I would hate to remember extra passwords.

Ontop of that if you don't want your account to be "stolen" or something like that. Change your password on regular basis and use unique passwords such as x34PDEzE3 ect.

Above all people should keep their anti viral programs up to date and preform scans on a regular basis.

Your idea is good but not so practical. The value of an account isn't so great and if you would follow guide lines your account(s) will never get stolen.

Incase someone else manages to obtain your password simply make a helpdesk ticket. It ain't that hard :S

Your idea would be lovely for people who love to share their password with their friends but not for the people who are secure about their accounts.

Fry · #3 11-09-2005, 10:58 PM

Please explain to me in what way this has any use besides annoying users who have a dynamic IP? What will happen if one of these evil "hackers" acquires both your passwords? Usually, if people get access to one password, they can also easily access the other. Please, explain.

Zero Hour · #4 11-09-2005, 11:44 PM

Quote:

Originally Posted by Fry

Usually, if people get access to one password, they can also easily access the other.

Indeed.

Dach · #5 11-09-2005, 11:59 PM

So, what you're saying is, we should have a password?

Mykel · #6 11-10-2005, 12:02 AM

Quote:

Originally Posted by Dach

So, what you're saying is, we should have a password?

It's the way of the future.

GrowlZ1010 · #7 11-10-2005, 12:19 AM

Firstly, I assume you mean the IP address, since we wouldn't get much uniqueness if we assign every player the identifier "4" (or 6, but let's not go into that). Clarity is everything!

Secondly, IP addresses are not intended for authentication and certainly aren't tied to an individual computer, so let's not pretend that they are. Users with dial-up or even many kinds of residential DSL will be assigned addresses randomly from a pool of available ones; if they have to type in a password every time they reconnect, they'll not only be annoyed, but they'll also make the password as easy to remember as possible - maybe the same password, maybe the email address, maybe the username with some numbers appended, whatever - which kinda negates the security of such a scheme. (If you'd proposed some kind of psuedo-unique hardware-based hash featuring MAC addresses, or installed devices, or some other exotic combination, then maybe, but the IP just isn't good enough.)

Thirdly, there's not much GraalOnline can realistically do if you're prepared to type in all your passwords and details into third-party websites. If you're really determined to give your account away to someone, you will, no matter how many hurdles are thrown in your way, and disabling useful functionality because it might be misused is a bad idea.

The internet is a dangerous place full of electronical muggers and cyber banditos, but as long as you exercise some basic common sense - your car key isn't the same as your front door key, back door key, garage key, bank vault key, and Fred's Super Honest Happy Budget No-Fraud Credit Discount Emporium account key, is it? Do you make a habit of giving complete strangers your home address and duplicates of your keys? - and only hand out your details when you absolutely have to, you'll be fine.

Shiftk03- · #8 11-10-2005, 12:28 AM

Yeah. I have residential DSL and my IP changes with each connection. That would just annoy the hell out of me, forcing me to quit Graal all together. Also: Hunky Doo Diddlysplat kazoo woohoo

Mark Sir Link · #9 11-10-2005, 01:55 AM

Quote:

Originally Posted by Shiftk03-

Also: Hunky Doo Diddlysplat kazoo woohoo

amen.