EQEmulator Forums

EQEmulator Forums (https://www.eqemulator.org/forums/index.php)
-   General::General Discussion (https://www.eqemulator.org/forums/forumdisplay.php?f=586)
-   -   No I can't help you - LOST PASSWORDS (https://www.eqemulator.org/forums/showthread.php?t=31238)

KLS 05-05-2010 02:13 AM

No I can't help you - LOST PASSWORDS
 
I get a couple requests a week to help someone with a login password recovery.

I cannot help you. I don't know if Rogean can help you but if anyone can he can.

trevius 05-05-2010 07:09 PM

Yeah, I get the same thing about as often. Hopefully at some point, there will be a password recovery option for Login Server accounts. I am sure it would save everyone time and frustration.

I don't have access to Login Server account stuff at all and I don't have admin rights on these forums to change accounts/emails/passwords/activations/etc, so please don't PM me asking me to do so or I will just link you this thread.

KLS 05-06-2010 12:15 AM

Yeah, I'd really like to just stop wasting everyone's time. Now everyone knows who they need to bug (also bug him to implement password recovery!).

llllmvllll 05-06-2010 07:02 AM

Can you delete a account I have that I no longer use ?
If so how do I go about getting that done ?

MattWitt 05-07-2010 03:23 AM

Quote:

Originally Posted by llllmvllll (Post 187564)
Can you delete a account I have that I no longer use ?
If so how do I go about getting that done ?


This, if we can't get PWs reset can we at least get the defunct accounts deleted so we can make new ones?

wolfwalkereci 05-20-2010 09:10 PM

about time someone posted this shit. I remember when I had lost my passwords and was posting asking if anyone could help or knew who to talk to.
Was completely fucking ignored then and it sucked.

Sorrow*qc 01-25-2011 10:00 PM

ok so i lost all of my characters if that happened to me???

KLS 01-26-2011 01:59 AM

You can try talking to Rogean or you can talk to the server operators where the characters are and see if they'll transfer them to new accounts for you.

Rogean 01-27-2011 10:13 PM

The reason we don't allow password recoveries is because it is a security issue.. thats why loginserver accounts are seperate from forums to begin with.

I'm open to ideas for how a password recovery tool will be handled, but I'm afraid any solution will be open for the possibility of accounts being compromised.

Akkadius 01-27-2011 10:19 PM

Quote:

Originally Posted by Rogean (Post 196536)
The reason we don't allow password recoveries is because it is a security issue.. thats why loginserver accounts are seperate from forums to begin with.

I'm open to ideas for how a password recovery tool will be handled, but I'm afraid any solution will be open for the possibility of accounts being compromised.

I vouch for generic security questions upon setting up an account as well as the option to set them up as an existing account. Of course this wouldn't do anyone any good for those who have lost their account information now, but would start helping those in the future.

Rogean 01-27-2011 10:33 PM

Solutions that require additional information at user creation aren't going to work as it wouldn't be applicable to the other 135k login accounts. The majority of account recovery requests are those coming back after years.

trevius 01-28-2011 04:11 AM

If people can get into their forum accounts, then it should be possible to recover their LS information, which is the issue I see posted about here 99% of the time (can log into forum account, but not LS accounts).

My suggestion would be to setup a new field that stores registration email address from the forums also into a registration email address for the Login Server. The forum email address can be changed by logging into the forums, but the LS email address can't be changed (or at least not without logging in with an LS account password). Then, let them have an option to send a password recovery email to their LS email address, which should have to be owned by the correct person.

Unfortunately, that won't work for people who no longer have the same email address, but it should work in a good number of the cases. I can't really think of any other way to make password recovery retro-active and secure without doing a mass email that requires every member to set a security question (which just causes emails to get tagged as spam). A less secure option would be to just give forum accounts access to do a LS password recovery based on that they authenticated into the forums.

jlocke 01-30-2011 06:02 AM

It's kind or ridiculous to set up any security beyond accessing a forum account for login passwords. Wouldn't it be kind of easy just to copy the forum password field data into the login password field data in a SQL table upon requesting a "password reset"? I'm assuming they're both in the same type of encryption. Like the man said, if someone has access to their forum account (like me) they should be the owner. It's not like you're holding billions of EQLive Plat on a mule here nor any super secret squirrel stuff.

Huppy 01-30-2011 05:10 PM

I always just go through 5 minutes of tedious, trivial computer work to solve
this problem - Put your eqemu client account(s) info in a standard text file
and burn it on a 40 cent blank disc. Some might want to use a marker and
label the disc "Passwords I Forgot" :)

Rogean 01-30-2011 06:11 PM

The reason the loginserver accounts were kept seperate is because with forum software involved and when this entire system was set up, SQL Injections into forum software was a common occurance. In order to protect the game accounts, they were kept seperate for that reason, neither having any more power to reset the other.

We also have to consider the fact that theres still a compromised database from 2007 floating around somewhere. They haven't been able to do damage to loginserver accounts with that unless people were stupid enough to make their passwords the same. Opening up the option for forum accounts to reset loginserver accounts would be bad times for anyone who hasn't changed their forum password yet.


All times are GMT -4. The time now is 09:08 PM.

Powered by vBulletin®, Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.