PDA

View Full Version : Own Password of your choice


PowerProNL
10-19-2010, 11:56 PM
Well, We all have a Graal Online choosed password. and I don't like those passwords, I want an own password to enter, why would it be dangerous if you use your own, we have Account Protection on (: so why would we need a Graal Online choosed password :(

Fulg0reSama
10-20-2010, 12:01 AM
Account Protection isn't fullproof.

If they get your password they can get into your email if same password is used and afterwords can use your email when they log in to allow their computer through thus your account would be officially hijacked.

DustyPorViva
10-20-2010, 12:04 AM
Randomly generated passwords is Graal's idea of security... even though nearly every other single website and game out there doesn't use that kind of security...

ffcmike
10-20-2010, 12:16 AM
If people were able to choose and therefore be able to memorise their passwords less people would be losing access to their accounts and having no choice but to buy a new one, oh wait.

PowerProNL
10-20-2010, 12:21 AM
But if someone lost his email + his password of Graal and he didn't save the password, hmm what would be happened, you will lose ur account.

Own passwords you know what you typed in and most of the peoples (95%) remember their password, when i do Dont save password by accident, I have to go to my email and that will take ages, and hope ill find my password in the assoirtement of my email X_X

Soala
10-20-2010, 12:36 AM
But if someone lost his email + his password of Graal and he didn't save the password, hmm what would be happened, you will lose ur account.

Own passwords you know what you typed in and most of the peoples (95%) remember their password, when i do Dont save password by accident, I have to go to my email and that will take ages, and hope ill find my password in the assoirtement of my email X_X


Ever heard of "search boxes"?

kia345
10-20-2010, 01:05 AM
Because having our own passwords would make sense

Zeke_iPhoneGP
10-20-2010, 02:25 AM
Randomly generated passwords is Graal's idea of security... even though nearly every other single website and game out there doesn't use that kind of security...

Aye, and once you have entered it enough times, it gets stuck in your head. I never thought I'd memorize it, but I did :p

kia345
10-20-2010, 03:07 AM
Aye, and once you have entered it enough times, it gets stuck in your head. I never thought I'd memorize it, but I did :p

Or you could just memorize you own password, the one you potentially use for everything anyway

fowlplay4
10-20-2010, 03:26 AM
In Russia, password chooses you.

TSAdmin
10-20-2010, 04:10 AM
In my experience with people that twisted Bell's or Ibonic's arm until they permitted them use of a custom password in the past (Something I refuse to allow, so don't ask), their account was compromised within weeks. Not pointing out anyone in particular, but I'm certain there are 3 people who are active forum users and will read this thread who I know this has happened to.

That is not to say that I'm against custom passwords, I am all for it if it is made a changeable service on the website, but I certainly do have concern with how much easier it is to guess someone's password based on "What would they typically think of?" and take advantage of that. In my opinion, the current passwords aren't even strong enough. They should include symbols mixed in with the mixed uppercase, lowercase & numerical sequence.

That then draws me to hope that if this ability to change your password were to be implemented, that it would be required to have a "Strong" password.

Fulg0reSama
10-20-2010, 04:15 AM
I don't understand why you're so unwilling to allow a custom password personally. If they change their password that's their decision, why wouldn't you let them?

TSAdmin
10-20-2010, 04:28 AM
I don't understand why you're so unwilling to allow a custom password personally. If they change their password that's their decision, why wouldn't you let them?

If it's not a service provided by Graal (to choose custom passwords), then it's not a procedure that should be undertaken. And as I mentioned, I have my own concerns surrounding people being permitted their own password unless it is a function they can handle themselves through the website.

Fulg0reSama
10-20-2010, 04:34 AM
If it's not a service provided by Graal (to choose custom passwords), then it's not a procedure that should be undertaken. And as I mentioned, I have my own concerns surrounding people being permitted their own password unless it is a function they can handle themselves through the website.

In short because the site doesn't provide the service themselves you hide behind that one factor. Gotcha'. But don't they provide it as long as you provide a transaction ID or did they remove that?

TSAdmin
10-20-2010, 04:40 AM
In short because the site doesn't provide the service themselves you hide behind that one factor.

Perhaps you should read again. That's not all I said.

Gotcha'. But don't they provide it as long as you provide a transaction ID

No

did they remove that?

Pretty safe to assume so, at least within the last couple of years. Sounds like an Ibonic thing.

Fulg0reSama
10-20-2010, 04:43 AM
Okay than allow me to state what I understand from what you said.

If it is not a service provided by the Graal website, than by your decision you will not help because of some "concerns". We're glad you're showing you care about other peoples accounts but don't you think that players should have the choice to change their accounts password? It's as simple as changing the lock on your apartment's door.

TSAdmin
10-20-2010, 04:47 AM
Okay than allow me to state what I understand from what you said.

If it is not a service provided by the Graal website, than by your decision you will not help because of some "concerns". We're glad you're showing you care about other peoples accounts but don't you think that players should have the choice to change their accounts password? It's as simple as changing the lock on your apartment's door.

I think the only way players should have a choice is, as I have already said (Again, please read what I said before replying), if it is implemented as a service the player can access themselves. At this time, if we were to allow such a thing as allowing custom passwords to anyone who contacts us with a transaction receipt, they'd have to tell at least one other person what their new password is: The person doing it for them. We have a statement on EVERY e-mail sent out through the automated service that says something to the effect of (It does vary in words, so just get the idea):
"Do not give out your password to anybody. GraalOnline staff will never ask you for your password."
and setting someone's custom password, thereby knowing what it is, impeaches the global administration.

kia345
10-20-2010, 04:53 AM
and setting someone's custom password, thereby knowing what it is, impeaches the global administration.

No, because they're not asking for it. If I post my password right now, your logic would get you fired!

In my experience with people that twisted Bell's or Ibonic's arm until they permitted them use of a custom password in the past (Something I refuse to allow, so don't ask), their account was compromised within weeks.

Yeah, Graal's support center would get leaked every other day too. Like anyone related to Graal's administration has any right to talk about security.

That then draws me to hope that if this ability to change your password were to be implemented, that it would be required to have a "Strong" password.

That's stupid.

If someone is confident with "password" as their password, it's their information and their account, so let them do with it what they want. I personally get upset by hotmail telling me my social security number and license plate number put together is "medium". I don't care what they think of my password, it's my account, back off.

Crono
10-20-2010, 04:54 AM
hey guys other games and just about any other website/service doesn't let you choose your own password because your stupidity is a security threat to yourself



wait what

Fulg0reSama
10-20-2010, 05:04 AM
I just want to know why TSAdmin needs to play Mommy with this business.

DustyPorViva
10-20-2010, 05:12 AM
Saying custom passwords are too easily compromised is a faulty statement. If they are so unreliable, how is pretty much every other website and game using custom passwords reliably?

Seeya
10-20-2010, 05:32 AM
not many other games don't let you choose your account name either.

Fulg0reSama
10-20-2010, 05:33 AM
Are we going to become like MS and have PINs for logging in accounts?

TSAdmin
10-20-2010, 08:02 AM
Are we going to become like MS and have PINs for logging in accounts?

I'd be careful with the ideas you throw around, especially if they're sarcastic. We've all seen how that can turn out.

To the reply about "TSAdmin playing mummy", though I'd prefer "daddy", I'm only an enforcer of what exists. There is only so far my authority can stretch to change things the players desire. This is not one of those things I can change and can only stick to enforcing. I feel the need to "play daddy" mainly because barely anybody else has the balls to. And yes, I won't hide the fact that I mean Stefan and Unixmad when it comes to stating that. But the fact of the matter is, the ball for changing things like this is in their corner of this court. I just stand out in front waiting for them to pass it to me and/or my team which only occurs when they've done something we can work with.

kia345
10-20-2010, 08:07 AM
So what I get out of this is, you're talking out of your ass on behalf of them.


Obviously your team doesn't have their head in the game, and you're flailing your arms around like an idiot when they don't even know where the ball is.
Yeah, I can make stupid analogies too. I bet I'm better at it.

Maybe you could be productive, and rather than throw out terrible defenses for the sake of people who don't care, you could agree with the obvious logical and good decisions made here and forward it to the people with authority, considering they're less likely to ignore your pleas than ours.

Fulg0reSama
10-20-2010, 08:12 AM
I'd be careful with the ideas you throw around, especially if they're sarcastic. We've all seen how that can turn out.

My idea wouldn't be taken for about three reasons.

1. Total Negative choice to be made If they wish to keep their players in any way.

2. It would fall under "Unnecessary work to be made."

3. The players would utterly reject having such a feature put in place.

To the reply about "TSAdmin playing mummy", though I'd prefer "daddy", I'm only an enforcer of what exists. There is only so far my authority can stretch to change things the players desire. This is not one of those things I can change and can only stick to enforcing. I feel the need to "play daddy" mainly because barely anybody else has the balls to. And yes, I won't hide the fact that I mean Stefan and Unixmad when it comes to stating that. But the fact of the matter is, the ball for changing things like this is in their corner of this court. I just stand out in front waiting for them to pass it to me and/or my team which only occurs when they've done something we can work with.

Thanks for being honest about the situation. So we can safely assume unless Stefan makes a call about this being available or not then there is nothing more to talk about right? you claim you have the balls to be "daddy" about this yet when It comes to the actual problem being approached you'd rather stay in the dark being the secretary telling us to wait for an appointment to get things done. Isn't it your job to be the bridge between the players and the big boys along with being administration?

Crono
10-20-2010, 09:16 AM
guys u cant make ur own passwords, it never works. havent you seen the internet and irl banks??

Crono
10-20-2010, 09:17 AM
like seriously making ur own passwords and codes no1 does it just look around u blind

Fulg0reSama
10-20-2010, 09:22 AM
guys u cant make ur own passwords, it never works. havent you seen the internet and irl banks??

like seriously making ur own passwords and codes no1 does it just look around u blind

hey guys other games and just about any other website/service doesn't let you choose your own password because your stupidity is a security threat to yourself



wait what


http://img801.imageshack.us/img801/9692/notamusedsnake.png

usoright

TSAdmin
10-20-2010, 09:46 AM
you claim you have the balls to be "daddy" about this yet when It comes to the actual problem being approached you'd rather stay in the dark being the secretary telling us to wait for an appointment to get things done. Isn't it your job to be the bridge between the players and the big boys along with being administration?

We as the PWA have pitched a LOT of ideas (simple and otherwise) to Stefan of our own, as well as enforced our backing on ideas the players have pitched. Tig went out of his way looking for new support software/services. I, and the team together, have suggested many times that such things as player-controlled e-mail changes, security questions, alternate e-mail addresses and much much more be left at the fingertips of players themselves. So trust me, there is nothing "dark" about where I stay when topics such as this are brought up. I just don't think a single one of you understand (or even try to) and when any one of us tries to explain it, we are faced with ignorance a lot of the time because it really is true that people don't tend to care how it happens or who the blame should fall on when something doesn't happen, they just care if someone is listening; regardless of whether it's the right person or not, or if that person has already done all they can do to help.

I fully support people being able to choose their own password, and I have stated that already, obviously to the deaf ears of the previous readers and responders who choose to blindly shoot at anything they think they can hit everytime I speak. Try taking a step back and rather than trying to explode every word someone of authority speaks, make an effort to understand it just as we make an effort to try and understand you. We've been where you are and are only in our positions because we cared to try and make a difference only to be stonewalled half the time.

Deas_Voice
10-20-2010, 11:26 AM
just a question, how many in this thread have their password customized?
i know i do, but it is based on my previous password, due the wikileak.(<-what?)

Fulg0reSama
10-20-2010, 01:24 PM
Personally you seem to be a lot of talk but no action to me TSA.

TSAdmin
10-20-2010, 02:07 PM
Personally you seem to be a lot of talk but no action to me TSA.

Your examples of expected actions include...? Try to keep your mind within the constraints of my rights. I'm sure you know what they are going by how you've been answering.

Fulg0reSama
10-20-2010, 02:15 PM
Your examples of expected actions include...? Try to keep your mind within the constraints of my rights. I'm sure you know what they are going by how you've been answering.

..? What's to expect if all you do is give me excuses. I do have an idea of your rights and they're not great. I expect you if anything to shrug off anything we've asked and give a pitiful defense because that is all I can expect.

TSAdmin
10-20-2010, 02:16 PM
..? What's to expect if all you do is give me excuses. I do have an idea of your rights and they're not great. I expect you if anything to shrug off anything we've asked and give a pitiful defense because that is all I can expect.

I notice you've avoided my question.

Fulg0reSama
10-20-2010, 02:26 PM
It'd be a lot easier to answer that if there were any actions you actually had done that I knew of. Just asking have you actually done anything..?

TSAdmin
10-20-2010, 02:31 PM
It'd be a lot easier to answer that if there were any actions you actually had done that I knew of. Just asking have you actually done anything..?

My job seems like a good thing to have been doing and continue to do. So yeah, I have done quite a lot. Playerworld Administration and Accounts Administration.

Fulg0reSama
10-20-2010, 02:36 PM
My job seems like a good thing to have been doing and continue to do. So yeah, I have done quite a lot. Playerworld Administration and Accounts Administration.

Okay. Now one more question.

You're the guy to deal with account wise right so I'm going to ask If I asked you right now, Ignore for the moment of your "concerns" that I have my password changed to BlankityBloopBlankBlop, Would you be able to do it?

TSAdmin
10-20-2010, 02:41 PM
Okay. Now one more question.

You're the guy to deal with account wise right so I'm going to ask If I asked you right now, Ignore for the moment of your "concerns" that I have my password changed to BlankityBloopBlankBlop, Would you be able to do it?

I have the right to edit the "password" field, yes (Though I dont see existing passwords, and characters I enter are listed as ********). But the use of that is for when the automatic e-mail system is malfunctioning, only. So no, I would not set a custom password for you. Aforementioned concerns and the like truthfully aside. I'm a procedure man, and everyone is treated equally. I would say no to you, so I would say no to "Mr Smith" asking for his password to be **1uRkewL._52*_rawr also.

Fulg0reSama
10-20-2010, 02:47 PM
I have the right to edit the "password" field, yes (Though I dont see existing passwords, and characters I enter are listed as ********). But the use of that is for when the automatic e-mail system is malfunctioning, only. So no, I would not set a custom password for you. Aforementioned concerns and the like truthfully aside. I'm a procedure man, and everyone is treated equally. I would say no to you, so I would say no to "Mr Smith" asking for his password to be **1uRkewL._52*_rawr also.

Okay so you're a blind sheep in a flawed system. Thanks for pointing that out :D

I'll even make a "proper" situation and let you answer and pray that you're willing to use common sense in your answer. I want you to explain your reason. This statement doesn't matter but I will pretty much make a further judgment on you for account administration because under that title this is practically 101 easy task. I'm trying to help you figure how simple it'd be to actually allow this than rather to ignore it and piss more players off.

Mr. Smith:"HALP HALP MY CLIENT CANT REMEMBURR MY PASSWORD AND DONT HAVE THE EMAIL ANYMORE!!!! CAN YOU CHANGE MY PASSWORD??? HERES THE TRANSACTION ID FROM LIEK AFTER I BOUGHT MY [email protected][email protected][email protected]@! PLEASE I CAN'T LIVE WITHOUT MY GRAILZ! THERE ARE SO MANY ERA PLAYURS WHO DEPEND ON ME AND SO MANY HATS ON UN WILL BE LAWST!"

-10 more players give similar complaints within a month due to a client bug-

You: ..?

Yes... Mr. Smith is 7 years old.

TSAdmin
10-20-2010, 02:55 PM
Okay so you're a blind sheep in a flawed system. Thanks for pointing that out :D

I'll even make a "proper" situation and let you answer and pray that you're willing to use common sense in your answer. I want you to explain your reason. This statement doesn't matter but I will pretty much make a further judgment on you for account administration because under that title this is practically 101 easy task.

Mr. Smith:"HALP HALP MY CLIENT CANT REMEMBURR MY PASSWORD AND DONT HAVE THE EMAIL ANYMORE!!!! CAN YOU CHANGE MY PASSWORD??? HERES THE TRANSACTION ID FROM LIEK AFTER I BOUGHT MY [email protected][email protected][email protected]@! PLEASE I CAN'T LIVE WITHOUT MY GRAILZ! THERE ARE SO MANY ERA PLAYURS WHO DEPEND ON ME AND SO MANY HATS ON UN WILL BE LAWST!"

You: ..?

I would say something to the effect of:

Since you have the transaction ID, you must have a copy of the receipt. With a copy of the receipt which includes the all-important WebOrder ID, Item number, Item description (Usually "X months gold/xxx amount of gralats for account <account> (Price)"), etc. it is possible to completely do away with the forgotten e-mail address associated with the account and associate it with a new one which you can then use to change the password, yourself. We need to contact Stefan to compare the receipt to the records.

and then quote the below about e-mail changes (This is not my choice, this is something Stefan's outlined and I've worded it better):

Some points to note about e-mail changes:
*If the account is a trial and has been both trial and inactive for more than 5 years, the above is not necessary at all and the account is eligible for reassignment.
*If the account contains the old “Classic Subscription” and the account is not currently upgraded to Gold, the “Classic Subscription” will be removed if you choose to go ahead with the change to the e-mail association. Proof of ownership is still required for a recently expired or long expired Gold Subscription, however.
*If the account is currently upgraded to Gold, nothing will be removed so long as proof of ownership has been confirmed.

ending with (Depending on the current standing of the account subscription) the question of whether or not they wish to proceed and if so, what e-mail address it should be associated with.


Pretty sure, though, you could have given me this little test privately. I don't mind this being public, but we have to keep in mind forum rules.

Fulg0reSama
10-20-2010, 03:05 PM
I feel like I was slightly unclear on one tiny tiny thing.

By email in the mr smith example I meant email message with the password. Not email address.

Other than that very well handled of course. Just modify your answer to accommodate with my error if you please. Though I will say that Stefan's work of password change for classic and gold differences is pretty low, so low that it compares to that of cell phone company phone plans.

Also I think forum rules would have shut this thread down if it really was that big of an issue.

TSAdmin
10-20-2010, 03:11 PM
I feel like I was slightly unclear on one tiny tiny thing.

By email in the mr smith example I meant email message with the password. Not email address.

Other than that very well handled of course. Just modify your answer to accommodate with my error if you please. Though I will say that Stefan's work of password change for classic and gold differences is pretty low, so low that it compares to that of cell phone company phone plans.

Okay, accommodating the alteration to the scenario, I don't need their receipt so long as they are e-mailing me from the associated e-mail address directly. This is a bit of lenience I am allowed to dictate, myself. Although, I do realise that the e-mail address could just as easily have been hacked. If that were the case though, the PayPal linked to that e-mail address is just as likely compromised. As such, I'm stuck with what I have to go on regarding that.

That aside, I also have something prepared for when the automatic e-mailing system fails.
(Link approved by me)
http://www.tsadmin.org/graal/passwordgenerator/generator.php

Fulg0reSama
10-20-2010, 03:18 PM
Alright. I do have a question more to ask. Just need your opinion.

Don't you think If we did something like this below?

Example: Complete Graal Password reset that can only be activated through your email message for your account to allow the password to be reset to what you want it to be for that one time.

I understand of course there's a very small exploit in here but If they were attempting anyways and got far enough to go into the email already than really they deserved to have been hacked in the first place. I get that because of the very hackish rules you're basically bound by your nuts to the rules, but now I wanna discuss a possible compromise instead so that this thread isn't a complete waste. You've said you want to get ideas through and working. Don't you think maybe through some good ol' chatting up the players and you(perhaps others) could discuss how to make this happen?

TSAdmin
10-20-2010, 03:25 PM
Alright. I do have a question more to ask. Just need your opinion.

Don't you think If we did something like this below?

Example: Complete Graal Password reset that can only be activated through your email message for your account to allow the password to be reset to what you want it to be for that one time.

I understand of course there's a very small exploit in here but If they were attempting anyways and got far enough to go into the email already than really they deserved to have been hacked in the first place. I get that because of the very hackish rules you're basically bound by your nuts to the rules, but now I wanna discuss a possible compromise instead so that this thread isn't a complete waste.

I don't know if I'm reading it wrong, or if it was worded oddly, but I'm not sure what your example pertains to. As mentioned much earlier on the first page (Thread view set to show maximum posts per page), I'm open to ideas that support players choosing their own passwords, but it is not me that needs convincing to make the change or a compromise supporting a change. Again, I may have read wrong/misunderstood what you just asked. Sorry if that's the case. Yes, my nuts are pretty bound. It's in the fine-print for this job that I probably missed.

Deas_Voice
10-20-2010, 03:26 PM
*feels ignored*

TSAdmin
10-20-2010, 03:29 PM
*feels ignored*

Sorry. You're welcome to post lol. I guess two people did seem to hijack this thread and still managed to remain on-topic rofl.

kia345
10-20-2010, 04:17 PM
TSA, you come off as a smart guy, but you're really bad at actually coming up with valid reasons for, well, anything. Everything you posted in response to me has been "haha ur hostile" rather than actually making a point to prove me wrong, and with Fulgore, all you did was sit back and be stagnant

HirakoShinji
10-20-2010, 04:20 PM
TSA, you come off as a smart guy, but you're really bad at actually coming up with valid reasons for, well, anything.

I agree... sort of.
kia345, he can come up with valid reasons.
He just barely does. :mad:

TSAdmin
10-20-2010, 04:37 PM
TSA, you come off as a smart guy, but you're really bad at actually coming up with valid reasons for, well, anything. Everything you posted in response to me has been "haha ur hostile" rather than actually making a point to prove me wrong, and with Fulgore, all you did was sit back and be stagnant

Talking to you tends to be a needless waste of energy. I might as well stand in front of a well structured wall and hope it falls on me before hoping to get through to you. What makes me think this?

and with Fulgore, all you did was sit back and be stagnant

Things like that. Fulgore and I have had what is far from a "stagnant" conversation. We actually got somewhere productively. You seem to lack the ability to involve yourself in doing the same, much in a hostile way. I saw what you posted before Darlene deleted your post and in a way I kinda regret it got deleted because it would have been the best thing to quote right now to prove my point about your hostility overriding your productivity in conversing with other's. Your own signature stems from you arguing with people. You'd be a good, passionate debater, but you're obviously not open to much more than the debating part of things. The longer you can draw out a debate, the happier you usually are.

Rufus
10-20-2010, 04:45 PM
I know the password for two of my accounts and only one of them is custom. The one that is custom has never been compromised (so far!) so I don't see what the fuss is about. People should be informed on how to keep their accounts secure either way.

Fulg0reSama
10-21-2010, 03:41 AM
So.. After a long needed busy day. Can you try and seem to find a way about getting this kind of feature going? I think It's a good start.

TSAdmin
10-21-2010, 03:51 AM
So.. After a long needed busy day. Can you try and seem to find a way about getting this kind of feature going? I think It's a good start.

I could do what the PWA have done oh so often and nag Stefan to death to at least listen to the idea, but I'm sure if he even cared in the slightest, he would have posted in this thread when he was on earlier posting. It's usually the easiest way to figure out if he's even interested in something: Wait until he's on the forums and see what he does. If he posts in a completely silly thread (in comparison) as well as the Beta threads or other important ones, but avoids the one in the "Feature request" section that has an obvious thread name for what it's about to ask, then it's safe to assume it's not even crossing his mind.

Fulg0reSama
10-21-2010, 03:54 AM
Instead of nagging him to death try a simple pointing in the direction instead. After you get him to read THAN you nag him senseless with good points and reason as to why it's a good idea, give the pros and cons of it (a good bunch of them were placed in this very thread!). Don't you know the process to nagging? :rolleyes:

TSAdmin
10-21-2010, 03:58 AM
Instead of nagging him to death try a simple pointing in the direction instead. After you get him to read THAN you nag him senseless with good points and reason as to why it's a good idea, give the pros and cons of it (a good bunch of them were placed in this very thread!). Don't you know the process to nagging? :rolleyes:

I know the process of nagging, but in words, here on the forums, it's easier to cut down the explanation of the process and just generalise that "nagging will take place" :p

Fulg0reSama
10-21-2010, 04:09 AM
I know the process of nagging, but in words, here on the forums, it's easier to cut down the explanation of the process and just generalise that "nagging will take place" :p

Fair enough :p