Account security

Post here for suggestions, artwork, or things you would like to see in future updates.

Account security

Postby UNF404 » Sun Aug 10, 2014 7:44 pm

Alright. First off, I know I was previously banned on my "404" account and then I got an IP ban for ban evasion and that's what I'm doing right now. I'm sorry. But you may have seen the thread in General Discussion about how some idiot got into my Facebook account and my ingame account and was scamming people for most of today while I was at work.

Because of this, I've closed down my Facebook account (I rarely used it as it wasn't my "real life" Facebook account), enabled 2-step verification on my Gmail and changed my ingame password.

Here's my suggestion(s):

When you log in, have the game check your IP address. It should also store that IP address and a count of how many times you've logged in from it to determine the most commonly used IP address. This way if someone else logs into your account like what happened to mine, and their IP address is noticeably different, the game should kick the person back out to the login screen or even lock the account (not a ban, a new function idea called a "lock").

The lock would last for a day and would prevent the account from being logged into (even by the actual owner). The lock would give the actual account owner time to change the password to it. If you want to get extreme, may I suggest IP banning the hacker if they fail the IP check? It would result in people coming here to the forums to appeal a ban and everyone would find out why they were banned and that person would be laughed off of Helmet Heroes.

Alternate method: Hacker attempts to login, game detects different IP address. Game sends email or text message (2-step verification system I've outlined below would be needed for this) with a confirmation code that the player needs to enter to verify that yes it is their account and their IP address just changed. Obviously the hacker would not be able to get access to a text message on someones phone and thus they'd fail the confirmation code check and get IP banned.

Downsides to the IP check system: Country-based would be bad, what with the large concentration of filipino players. I would personally stick to checking the most commonly used IP address.

As for the password reset setup....Yahoo? Really? I'd honestly like to see a proper account system in place allowing players to link a cellphone or alternate email address to their ingame account so when they request a password reset, they would also have to check their phone/alternate email to get a confirmation code and enter that into the site before being allowed to reset their password.

If anyone reading this has any ideas for better account security, toss 'em up. I had to deal with ~100 people PMing me ingame a few minutes ago because of the idea who hacked my FB and scammed them all while using my account ingame. I don't wish that on my worst enemies.
UNF404
 
Posts: 22
Joined: Sun Aug 10, 2014 6:50 pm

Re: Account security

Postby itblobboy » Sun Aug 10, 2014 7:51 pm

UNF404 wrote:When you log in, have the game check your IP address. It should also store that IP address and a count of how many times you've logged in from it to determine the most commonly used IP address. This way if someone else logs into your account like what happened to mine, and their IP address is noticeably different, the game should kick the person back out to the login screen or even lock the account (not a ban, a new function idea called a "lock").


My ISP creates a new IP address every time I reconnect to the internet...
Ey yeah I'm gonna host a helmet heroes event on 4/20/2069 an and wqe're gonna go fishing in snowly flatts
http://giveadamn.co.uk/give/itblobboy
User avatar
itblobboy
 
Posts: 9316
Joined: Fri Aug 02, 2013 10:55 pm
Location: I'm gonna host a helmet heroes event on 4/20/2069 an and wqe're gonna go fishing in snowly flatts

Re: Account security

Postby BroSoldier » Sun Aug 10, 2014 7:53 pm

SUPPORT
Nothing ventured, nothing gained
User avatar
BroSoldier
 
Posts: 1540
Joined: Fri Jul 18, 2014 4:12 am
Location: Hong Kong

Re: Account security

Postby UNF404 » Sun Aug 10, 2014 7:55 pm

itblobboy wrote:
UNF404 wrote:When you log in, have the game check your IP address. It should also store that IP address and a count of how many times you've logged in from it to determine the most commonly used IP address. This way if someone else logs into your account like what happened to mine, and their IP address is noticeably different, the game should kick the person back out to the login screen or even lock the account (not a ban, a new function idea called a "lock").


My ISP creates a new IP address every time I reconnect to the internet...


Alternate method: Hacker attempts to login, game detects different IP address. Game sends email or text message (2-step verification system I've outlined below would be needed for this) with a confirmation code that the player needs to enter to verify that yes it is their account and their IP address just changed. Obviously the hacker would not be able to get access to a text message on someones phone and thus they'd fail the confirmation code check and get IP banned.


Also what kind of internet do you have that does that? Jesus that sounds...well...awesome if you tend to get banned from a lot of places. My IP hasn't changed at all in ages.

As for the IP check, I assume if it's even possible to code, it could be refined to spot specific IP ranges to prevent issues for people who are in a similar situation to yours. Your ISP probably cycles you through a specific set of IP addresses. That would be your "range".
UNF404
 
Posts: 22
Joined: Sun Aug 10, 2014 6:50 pm

Re: Account security

Postby itblobboy » Sun Aug 10, 2014 7:57 pm

UNF404 wrote:Also what kind of internet do you have that does that? Jesus that sounds...well...awesome if you tend to get banned from a lot of places. My IP hasn't changed at all in ages.


It has it's other uses... But yes, it's very awesome.

The alternate method could work, I could see me using an email. However, it would be more ideal if it were optional to have this security setting at all. :?
Ey yeah I'm gonna host a helmet heroes event on 4/20/2069 an and wqe're gonna go fishing in snowly flatts
http://giveadamn.co.uk/give/itblobboy
User avatar
itblobboy
 
Posts: 9316
Joined: Fri Aug 02, 2013 10:55 pm
Location: I'm gonna host a helmet heroes event on 4/20/2069 an and wqe're gonna go fishing in snowly flatts

Re: Account security

Postby UNF404 » Sun Aug 10, 2014 8:26 pm

I can also offer anyone who plays Helmet Heroes and uses Facebook a tip. Disassociate yourself with the Helmet Heroes page on Facebook. Un-like it, un-follow it, etc. I'm not trying to drive people away from the page or anything, I'm being dead serious. The further away you distance yourself from the game on Facebook, the better.

I'm an admin and I guess you could say owner of the Helmet Heroes Wikia (because the founder AbysLord left after I revamped the Wiki, he didn't want to ruin anything with his apparent inexperience in wiki-coding despite me trying to get him to stay). I also had a secondary Facebook (the one that got hacked) that I used just for gaming and I liked and followed the Helmet Heroes page on Facebook.

Look what happened. Someone got into my Facebook account, scammed a ton of people in a short period of time, may have logged into my account ingame (though I'm not missing any items or cash so the scammer may have used a similarly-named account to confuse people) and got a lot of people mad at me. This could happen to you. Someone could break into your Facebook and start messaging all your friends asking them if they play Helmet Heroes and whatnot.

If you do want to continue following the Helmet Heroes Facebook page, I highly suggest going to your FB account settings under "Security", assigning a cellphone to your account and enabling login alerts to let you know if someone else logged into your account, and also 2-step verification which I believe uses the Facebook app's "Code Generator" feature to generate a code that you need to use to fully login to the site, similar to World of Warcraft's Battle.net Authenticator device.

I suggest using the same tips on other sites. If other sites you're on have a 2-step verification system (such as Gmail and Facebook), take full advantage of it.
UNF404
 
Posts: 22
Joined: Sun Aug 10, 2014 6:50 pm

Re: Account security

Postby fallenangel » Sun Aug 10, 2014 9:54 pm

No support on having based on ip becuz I mainly use it on my laptop but when I go to my grandmas or grandmothers house u play there and sometimes my laptop randomly loses wifi so I have to play on my moms computer
Credits to miso
Image
please give a damn (click signature)
Spoiler: show
Image

If I could kill you, I would
But it's frowned upon in all fifty states
Having said that, burn in hell!
fallenangel
 
Posts: 2492
Joined: Wed Jan 01, 2014 11:28 am
Location: The land of invisible blue unicorns where it rains nutella daily

Re: Account security

Postby StormNinja » Mon Aug 11, 2014 12:27 pm

ooh or maybe you can only log on to accounts that you made! :O
Image

Pusheen.com

S.W.A.G = SOMETHING. WE . ASIANS. GOT
User avatar
StormNinja
 
Posts: 1733
Joined: Thu Mar 13, 2014 5:15 pm
Location: Banging my gorgeous old leader Naruto.


Return to Suggestions

Who is online

Users browsing this forum: No registered users and 1 guest