I believe, to make it impossible for one to steal anothers account, that Graal should use an Internet Protocol (IP) security system in which when you log on the client with your account, your IP is saved and the game will ask you to give a security password for your account, and only that IP can access the account from then on, unless you input the security password. Basically, what will happen is that whenever you log into client, your IP is scanned, and if it matches the one that was registered into the client, then you will be able to use that account as you normally would. If the IP does NOT match, then a box should come out in which it will ask you to type in the security password that you inputed upon registering your computer IP (meaning the password that was asked of you to input when you first logged onto the account while the system is in affect). After putting in the security password, whatever IP the computer you are using currently has, will then override the previous IP saved by the account and you will have full access to the account as you normally would. Of course, if you have not yet registered your IP to your account, then upon logging into your account, you will be asked to write up a security password that you will be able to use to access your account if the IP that the client will save does not match the IP of which a computer that you use in the future may have. This would work for users both with static IP's and those without static IP's, or simply those that use different computers to play Graal. This will completely prevent users from ever getting into ones account, unless of course someone is foolish enough to reveal their security password.
If you want to get even more technical, then instead of registering your own security password, it would be even more protection if Graal gave you a password instead (like the passwords it gives you upon registration). With this security password that Graal gives you, each time you use it, whether the IP matches or not, you will be able to gain access to the account.
NOTE: The IP that the client recognizes as yours for a specific account will only change if you are trying to log in with a different IP and you have to use the security password to log in.
Also, to prevent users from forgetting their security password, it would be nice if the client displayed a users security password in the interface or so as a reminder. To prevent account stealers from stealing a users security password, I believe that their should not be an email function in which you can request your password by email, since account stealers will try to hack into your email account and take your password.
Questions? Comments? Please, don't be shy. Just remember that I can only post once every eight hours.
EDIT:
For the two posts below mines: I believe that their should be as much security as possible. If you find it annoying to have to type in a simple password, then you shouldn't complain if your account was ever accessed into. Those that complain about this based on laziness do not deserve any help when they are in a situation where someone has hacked into their account. Although people are secure or think they are secure, ANYTHING CAN HAPPEN. I mean, just take this whole Velox thing as an example. You never know what people are going to try to do to gain access into your account. It's always nice to have extra security preventing users from getting into your account. Also, just because one manages to steal your account password does NOT mean they will manage to take your security password. Stealing one thing is not the same as stealing two. By being secure and having this system in full function, you will NEVER have a problem with someone getting into your account for as long as you play Graal. |