View Single Post
  #91  
Old 11-08-2005, 05:17 AM
busyrobot busyrobot is offline
Registered User
busyrobot's Avatar
Join Date: Dec 2002
Posts: 978
busyrobot is on a distinguished road
I think it would be prudent to add a security check at log in, that ran on the server. Basically, if one IP and/or client app ID logs in to 3 or more accounts within a short interval, the server would scan the three accessed accounts for that IP in their log histories. If the IP is new, then it should email staff of a possible abuse. It wouldn't have taken staff very long to realize the activity (going from many to no items in short time of play) was more than a little suspicious.

Also, it should be very easy for the server to recognize when one IP address is attempting and failing to log into multiple different accounts. That should be an easy red flag to raise.

It is not really graal's responsibility - graal security verified the correct account/passwords afterall, and safeguarding the password is the user's responsibility - but it would be a nice added level of security, and discourage people from attempting phishing in the future.
__________________
Woodsman Padren Talisan Sagesun (Dustari)
Graal Kingdoms

"Uh, Professor, are we even allowed in the Forbidden Zone?"
"Why, of course! It's just a name, like the Death Zone or the Zone of No Return. All the zones have names like that in the Galaxy of Terror."