Security Update Discussion

First Riot Post
Comment below rating threshold, click here to show it.

Shiister

This user has referred a friend to League of Legends, click for more information

Senior Member

08-20-2013

Quote:
Originally Posted by Lyrinn View Post
People have been complaining about the lack of security features here for years and you're just now getting to work on that?
Haven't seen any of these complaints till recently. Anytime when someone did complain about their account being hacked it was due to keylogger or phishing scam


Comment below rating threshold, click here to show it.

Layla

This user has referred a friend to League of Legends, click for more information

Senior Member

08-20-2013

Quote:
Originally Posted by Shiister View Post
Haven't seen any of these complaints till recently. Anytime when someone did complain about their account being hacked it was due to keylogger or phishing scam
The complaints weren't about hacking. Have you ever tried to change your email? All it asks for is your new email address. They didn't even require you to verify your current email or confirm that you want to change your address -- not even your password. You just enter it and you're done. Of course, to lose your account this way would point to extreme negligence but I've never seen a game or even website not offer something as simple as email confirmation. That's just the tip of the iceberg.


Comment below rating threshold, click here to show it.

Shocco

Junior Member

08-20-2013

Im very happy with the forced security. BUT i think its a bit difficult to make a decent password that i can remeber with these minimum reqs... i mean before i had a number a cap and lower cased. now i have to have all that plus more numbers and special characters. IMO if you allowed spaces it would be a bit easier to make a password. thats just me. Thank you RIOT for getting this done quick.

Regards


Comment below rating threshold, click here to show it.

Solviot

Member

08-20-2013

Hi i was wondering if this effects PBE accounts as well?


Comment below rating threshold, click here to show it.

Raygr

Senior Member

08-20-2013

Quote:
Originally Posted by Vesh View Post
Some clarification here - the transaction IDs are randomly generated guids and do not contain any information about credit cards or other billing info.

this is entirely separated from the hashed cards that were used for a specific payment system in 2011. these transaction IDs do not reveal anything about your billing or payment information. they are basically equivalent to receipt numbers.
Just a quick question. Not sure if this is silly or not so excuse me if it is but are those who strictly used paypal on the ingame league purchase site affect by the credit card theft?


Comment below rating threshold, click here to show it.

Bloodlogic

The Council

08-20-2013

Quote:
Originally Posted by Raygr View Post
Just a quick question. Not sure if this is silly or not so excuse me if it is but are those who strictly used paypal on the ingame league purchase site affect by the credit card theft?
No if you only used PayPal you are fine and are not at risk.


Comment below rating threshold, click here to show it.

Andresh

Junior Member

08-20-2013

I have only one question for you guys at Riot

Why is it that a to change the password you force us to use the common replacement for letters and/or special characters making the password difficult to remember. By enforcing the use of those characters isn't most people inclined to just swap letters and numbers and throw some Upper case into the mix to make an easier to remember password? And still be a potential target to whoever have personal info on them by going through the common replacements and passwords?

Why would a longer password with random words be worse? Or even yet a longer password that tells a small story or is an old saying. I like this joke by the way: http://xkcd.com/936/ not 100% accurate but it did kept me guessing why do we have to use those characters when we almost don't use them.

Or is this a move to force everyone to change so whoever has the hashed passwords can't use them and eventual correct guesses to find the key to unlock all others?

But hey password changed not to what I wanted but then again thank you for informing us and taking action ^^


Comment below rating threshold, click here to show it.

DietDrDrama

Junior Member

08-20-2013

What if you used a 10 minute mail to create your account does that mean those ppl are screwed?


Comment below rating threshold, click here to show it.

Pythonhier

Senior Member

Comment below rating threshold, click here to show it.

Just Mid

Member

08-20-2013

Quote:
Originally Posted by DietDrDrama View Post
What if you used a 10 minute mail to create your account does that mean those ppl are screwed?
Why in the hell would you do that to begin with for something that you would have for more than 10 min?