Security Update Discussion

First Riot Post
Comment below rating threshold, click here to show it.

Only Viktor USA

Senior Member

08-20-2013

I wasn't prompted to change my password upon logging in. Is this because it fits their "one lowercase, one capital, one number" restrictions?

-_-


Comment below rating threshold, click here to show it.

FatedTitan

Senior Member

08-20-2013

So Korea had some downtime earlier this year and received the opportunity to purchase Silent Night Sona. Could we have that same opportunity as compensation for this?


Comment below rating threshold, click here to show it.

SargeantAnonymos

Senior Member

08-20-2013

Any timetable when the 2 factor authentication will be in place? I work for a part of microsoft and ever since they implemented 2 factor account security has increased exponentially. I fully support this and want is as soon as possible.


Comment below rating threshold, click here to show it.

TeddyGrams

Junior Member

08-20-2013

is the client still donw? i cant log on


Comment below rating threshold, click here to show it.

GrooveRave

Junior Member

08-20-2013

Quote:
Originally Posted by SargeantAnonymos View Post
Any timetable when the 2 factor authentication will be in place? I work for a part of microsoft and ever since they implemented 2 factor account security has increased exponentially. I fully support this and want is as soon as possible.
The 2 factor authentication implementation you're talking about, is it done during log in? Because according to the post, this authentication step won't take place unless the hacker is trying to change the email or password. Which makes me wonder if this will apply to changing the mobile number...


Comment below rating threshold, click here to show it.

RepossessedSoul

Junior Member

08-20-2013

I have no wish to hate on RIOT staff or affiliates, after reading what most people are complaining about and how most can't be bothered to understand what they should do to protect themselves I'm really depressed about the state of the community.

There's people here that are asking the right sorts of questions; requests for a statement saying that you(RIOT) will be moving to a stronger password encryption method, requests that contact be made with those whose information may of been comprimised, and a promise that you will get some sort of security audit done by a external third party company. These are all valid and decent questions.

If for some reason you think you shouldnt tell me what encryption method was used because you dont want that info to reach the hacker then i am sad to inform you that it doesnt matter and the ecryption itself will reveal what it is. Hashcat (a open source free tool that is used by industry professionals) can be run against a unknown encryption algorithm and can identify it (if he didnt already identify it by simply looking at the descriptors for the files when he took them) while still going through and breaking it down. Just cause you have salted the passwords means relatively bumpkis if you have everything encrypted with MD5 MD7 (which you can break out on a sheet of frickin paper with only a pen and a working knowledge of the alphabet and the way how the encryption algorithm works, which is easier for that encryption method then remembering how to last hit under turret. honestly) or SHA1 then you should let people know that its just been plain old stolen and they have your stuff. I dont need to know exactly which algorithm you are moving to, just tell me that your moving to one of the big ones that are way more secure and that's it.

This all is moot now though, the empathy I had for you is pretty much gone now. Purely because your solution to this has been, at first decent with how you are at least talking to people about it, but now it's done a about face and started marching in the other direction.

A sale? A SKIN SALE NOW OF ALL TIMES? YOU INSTEAD OF RELEASING WORKING REPORTS OF WHAT EXACTLY HAS OCCURED OR ANSWERING ANY OF THE REALLY IMPORTANT SECURITY CONCERNS (the information has been stolen, anyone that hasnt taken measures to change and secure anything that has had contact with this site after the notice has earned what will happen to them) YOU HAVE A STINKING SKIN SALE?!?!?!?!?!?!?

Not saying i dont want the skins, but i sure as hell am not planning on buying anything from you all now, of all times after you've been hacked, or in the near future.

The message you are broadcasting is "Ignore the security updates and people telling you to make sure your stuff is secure, not panic and start to just foam at the mouth but make sure you take measures to protect yourself, instead GIVE US MOAR MONEY WE NEED IT ALL OR CORPERATE MUNDO WILL BEAT US MOAR!!!" and to be honest its really insulting.

I'm not saying make a monsterous deal out of it, just broach the subject. Give us the facts of what occured, show us some examples of how you are going to fix it, and inform us of ways to protect ourselves and move on. It's simple, and doesnt need to be complex.

In the relationship that we have i'd like to think of this as a "hey i got drunk, and may or may not of fooled around with another man/woman i dont know, im still trying to recall what happened" sort of event in our relationship. Take the time to talk to me in a civil manner and i will be civil with you. Giving me a new suit to wear makes me happy for the suit but also question why i'm getting a brand new suit out of nowhere. get the point?

sry for the long posts, dont take them the wrong way. I appreciate the effort to at least talk with us here, but most people wont know what to do to protect themselves online. Not only that but i have high hopes for you(RIOT) becoming an even greater mover and shaker in the eSports scene and actually help develop that fanbase here in NA.

thx for reading if you did, shame on you if you didnt for not trying to understand wtf someone would spend so much time talking about with such a absurdly long post.

-REPO


Comment below rating threshold, click here to show it.

Splendid Cake

Senior Member

08-20-2013

Quote:
Originally Posted by Vesh View Post
Some clarification here - the transaction IDs are randomly generated guids and do not contain any information about credit cards or other billing info.

this is entirely separated from the hashed cards that were used for a specific payment system in 2011. these transaction IDs do not reveal anything about your billing or payment information. they are basically equivalent to receipt numbers.
vesh, pls


Comment below rating threshold, click here to show it.

Anti1460

This user has referred a friend to League of Legends, click for more information

Senior Member

08-20-2013

i logged in and was not told to change my pw.


Comment below rating threshold, click here to show it.

MrD3VIN3

Junior Member

08-20-2013

I did the reset password, however I am still unable to login. Why is that?


Comment below rating threshold, click here to show it.

Skyhawke

Senior Member

08-20-2013

Quote:
Originally Posted by RepossessedSoul View Post
snip
The official announcement was today. Is it too much to ask for more than a few hours to provide more information? And the skin sale has absolutely nothing to do with this. It wouldn't even be the same department handling the two things. They've been working on the skins since April. Do you think they just held on to it so they would have the perfect time to cover something else up? Lay down the tinfoil hat and have some patience, grasshopper.