Thu Feb 02, 2006 4:30 am
Two ways to deal with that:
1. First thing you do each day is send PIN since it can be requested only once per day.
2. Still have the option to email PIN (you need to have some way of getting it in case it is forgotten) but require an answer to a secret question first.
1. First thing you do each day is send PIN since it can be requested only once per day.
2. Still have the option to email PIN (you need to have some way of getting it in case it is forgotten) but require an answer to a secret question first.
Thu Feb 02, 2006 4:49 am
I had suggested re: the scenerio of someone getting into your account, changing and having your pin sent to whatever email they chose - have a pin for your password and email. Unless they know the pin, which would be hard unless you chose something too simple, then no one could change your password or change/access your email.
This one would be different than the one you use for the various parts of the site (shop/bank/sdb/pets/equipped items, etc.).
Yes, you'd probably need to write these down (I know I have to write everything down), but in the long run, if the bad guys can't do anything they hopefully will stop trying to hack/crack/cg or whatever peoples' accounts. It is unfortunate that it almost has to be this way, but such is life, especially with people paying for premium. And considering right now Neo's score on the BBB site - they need to do something to get peoples' trust back and to help us protect ourselves. We can do what we can do - TNT does have to do something other than say, Oh well.
This one would be different than the one you use for the various parts of the site (shop/bank/sdb/pets/equipped items, etc.).
Yes, you'd probably need to write these down (I know I have to write everything down), but in the long run, if the bad guys can't do anything they hopefully will stop trying to hack/crack/cg or whatever peoples' accounts. It is unfortunate that it almost has to be this way, but such is life, especially with people paying for premium. And considering right now Neo's score on the BBB site - they need to do something to get peoples' trust back and to help us protect ourselves. We can do what we can do - TNT does have to do something other than say, Oh well.
Thu Feb 02, 2006 5:04 am
I agree that a PIN on the userinfo page would be a good idea, to protect against more different kinds of scams.
However, the biggest problems of late have been cookie grabbers, and apparently when you're cookie-grabbed the hacker doesn't actually know your password. I don't think they could change your email without entering a password.
However, the biggest problems of late have been cookie grabbers, and apparently when you're cookie-grabbed the hacker doesn't actually know your password. I don't think they could change your email without entering a password.
Thu Feb 02, 2006 5:06 am
Edit : Nevermind, im stupid. @_@
Last edited by Ken on Thu Feb 02, 2006 5:10 am, edited 2 times in total.
Thu Feb 02, 2006 5:09 am
I understand what you're saying, but at the same time I don't understand ... mainly because some people who were cg'ed did lose access to their account - password and emails were changed. Is confused here. On that subject, a few people on the BDC were posting that they had been cg'ed within the last few days. Is this possible?
I hope that the pin thing does get whatever bugs are in it sorted out and we all have the opoprtunity to pin whatever we want, and that something is put in place in the event of someone gaining access to your account (getting the pin).
I hope that the pin thing does get whatever bugs are in it sorted out and we all have the opoprtunity to pin whatever we want, and that something is put in place in the event of someone gaining access to your account (getting the pin).
Thu Feb 02, 2006 5:23 am
In case anyone wants to see what it looks like to withdraw NP from the Bank:
Thu Feb 02, 2006 5:36 am
Jasujo wrote:Dusket wrote:Whoa, hold on now guys. Won't this get annoying after awhile if it was on EVERY major page?. Honestly!. Priority sections like banks, pound and SDB should be the limit. Sticking it on Stock Markets, Neohomes, and anything else you can think of seems a little.. over dramatic. If a hacker actually breached your account you'd be lucky with them running off with things like that, for if you were actually hacked it wouldn't be too damage intense.
Hm. But I'm planning my pin number regardless.
Well, there really wouldn't be a problem because you can choose what you want to put the PIN on. It's all optional and you can pick and choose, so you'd only PIN what you want to protect. Different people would PIN different things depending on their priorities.
Ohh, that explains things!. Excellent then. I'm all for it.
Thu Feb 02, 2006 10:23 am
This all looks good. Regarding security, I was going to make a suggestion to neopets. When you change your email address, they should make it so that you have to confirm the change through clicking on an activation link (or something similar) through both your old and new email addresses. They have this feature on a few sites I am signed up to, and it seems like that would make it a lot less easy for people to change your email address and therefore get your PIN number.
Thu Feb 02, 2006 11:02 am
^ I agree. It would keep you from being able to change your email if your old email died, but if so you could email support and go that route.
I'm beta testing the PIN as well, and will be submitting a request to get it on stocks as well. My portfolio isn't big, but it's bigger than my bank account
I'm beta testing the PIN as well, and will be submitting a request to get it on stocks as well. My portfolio isn't big, but it's bigger than my bank account
Thu Feb 02, 2006 12:28 pm
Is TNT reading this thread? I think it would be easier on them if they just read this thread, and posted that they are reading it, instead of getting all of our idea emails. (not that sending the emails is a bad idea, just that it would be more efficient if they read it here once.)
lol I think all TNT staff should be required to browse PPT on a regular basis... at least the Gen Chat for the ideas/comments everyone here comes up with! Neopets would be a better place!
Edit: But until they do something about making it easy to change your email address like that without your pin, the pin is virtually useless. Even if you request your pin once a day, they could just change your email, and request it the next day. I'm surprised that TNT didn't think of that.
Edit again: Which way of sending comments do we use? Do we send it in to the betatester email? Or the comment form on the contact us page?
lol I think all TNT staff should be required to browse PPT on a regular basis... at least the Gen Chat for the ideas/comments everyone here comes up with! Neopets would be a better place!
Edit: But until they do something about making it easy to change your email address like that without your pin, the pin is virtually useless. Even if you request your pin once a day, they could just change your email, and request it the next day. I'm surprised that TNT didn't think of that.
Edit again: Which way of sending comments do we use? Do we send it in to the betatester email? Or the comment form on the contact us page?
Thu Feb 02, 2006 1:13 pm
Starry Angel wrote:This all looks good. Regarding security, I was going to make a suggestion to neopets. When you change your email address, they should make it so that you have to confirm the change through clicking on an activation link (or something similar) through both your old and new email addresses. They have this feature on a few sites I am signed up to, and it seems like that would make it a lot less easy for people to change your email address and therefore get your PIN number.
That'd be great... as long as you still HAD your old e-mail address. I went back and changed my password for my older account a few days ago and the old e-mail for it was an e-mail address from Hotmail I didn't even remember having. Being that it was Hotmail since I hadn't accessed the e-mail in so long it was deleted from inactivity.
Thu Feb 02, 2006 7:27 pm
Q wrote:*wonders how many people will use 1337 for their pin*
You know some people will, and think they're being clever XD
It seems like a great idea, but I haven't set mine yet. Maybe I'll go stare at it a bit more lol.
GOD you found me out... XD
I was really going to use that, but now i'll have to be EVEN MORE clever XD