Remove wrong-password ban

[nimeralos]

You don't get blocked if you type a wrong password on www.twinstar.cz, i.e. I suggest it's still possible to brute-force people. Then, this 10-minutes-autoban we all know serves nothing but to cause frustration.

Inb4 "makes no sense to change it now when Kronos is so old"

 

[lanevegame]

The server response might be too slow to make any brute force attack effective, also I bet it detects when it's receiving too many passwords attemps in a relatively short time.

 

[Blueblack]

I suggest it's still possible to brute-force people.

Yes, if you publish your account name, or if you have similar account name as forum or ingame nickname.
If you do, you are stupid.

 

[Safiyani]

Hi all,

I think that this also serves as some kind of protection in case someone has your account name and is trying to guess your password. This will either discourage him or give you some time to take an action.

Maybe IP-lock (chosen as an option by user) used in other games would do the trick after that.

Just my opinion.

 

[nimeralos]

I suggest it's still possible to brute-force people.

Yes, if you publish your account name, or if you have similar account name as forum or ingame nickname.
If you do, you are stupid.

It confirms that the autoban we're talking about is absolutely useless, doesn't it?

Offtop:

Spoiler

On "stupid": I wouldn't agree that the account name should even be a secret tbh, we already have a password to protect the account... I mean, for example, our mailbox name is public, but it doesn't make it easy to hack if you have a unique strong password. Right now, the only thing a bad guy can do with an account name is to block it by typing the wrong password. But this is exactly the presumably useless Twinstar-specific feature we're discussing.

I think that this also serves as some kind of protection in case someone has your account name and is trying to guess your password. This will either discourage him or give you some time to take an action.

See the above: it's still possible to do this kind of attack, a hacker just needs to guess on twinstar.cz but not in the client.

 

[Safiyani]

Yes, you are right. I did not realize, that account manager is not affected by ban as I am no longer playing here.

 

[bl4ckc0d3r]

Yes, if you publish your account name, or if you have similar account name as forum or ingame nickname.
If you do, you are stupid.

Half the people are stupid. The security measures are there to protect us from ourselves just as much as from others. And I would bet that many have same account name on forum and in game.

 

[nimeralos]

Bump. Please do it while working on the account manager anyway, will ya?

 

[Lharts]

Yes, if you publish your account name, or if you have similar account name as forum or ingame nickname.
If you do, you are stupid.

You misunderstood everything he said, secondly your whole point is moot.
If its impossible to bruteforce when you don't share your information or don't use repeating names then why keep the bruteforce protection?

The only thing that really annoys me is that if I get 3 failed login attempts (on different accounts...) I get banned for 10 minutes, but am still able to login on the page.
Now, obviously I had the password as I was able to login successfully on the webpage. Why not allow me to remove the tempary ban from my account?

 

[Relix]

yo im really pissed cause of this temp ban, i was in a dungeon random dcd and used wrong password 3 times didnt even know there is this **** tempban. Now the party members are waiting and mb dungeon is getting called cause of this

 

[FREEinsec]

Yes, if you publish your account name, or if you have similar account name as forum or ingame nickname.
If you do, you are stupid.

Nah YOU are Stupid and so is the temp lock system. Go ahead and moderate deez nuts :angry: