I would love a password recovery option for LS logins.

[Wr3c0niz3]

It doesn't have to be fancy. Just something that recovers your Account password for your log in so you can play those characters that you worked so hard on. Would be awesome if something like this was implemented, Thanks.

[GreatDondeen]

Oh, that is a nice idea! I have lost track of 2 passwords now. I have to keep coming up with new char names! =P

[keithHen]

Please, please account recovery!! I've worked so hard only to lock myself out! This should be so important withthe thousands who play..

[KLS]

Rogean may or may not be working on this.

[Rogean]

Allowing a way to reset loginserver passwords would cause huge amounts of problems for the accounts that currently exist. We have yet to come up with an easy way to confirm the legitimate owner of an account.

[trevius]

It wouldn't help people who have old accounts with lost passwords, but I think it would be possible to make a secure enough way for accounts going forward.

I think we could just have the original email address get copied into a new table field upon registration that would be used only in relation to Login Server accounts. Then, allow people to log in with their forum account and then again with one of their LS accounts on that forum account to change that email address at any time. Since it requires the LS info to be able to change the email address, only people who have access to their forum and LS account could change it. Then just allow them to send a password reset email to the email address tied directly to their LS accounts. It would be a single email address tied to all LS accounts on the same forum account, but they can chose which LS account they want to have the password reset on. Then, as long as they still have access to that LS email account, they can complete the process.

That should resolve password issues going forward, but again it doesn't really fix any existing accounts. It would probably only be able to apply to newly registered forum accounts, or maybe only forum accounts past a certain date. I don't know of any secure way to make a system that is backwards compatible due to the security breaches of the database in the past, but that doesn't mean we can't resolve this issue for the years to come.

[dannym3141]

I like the sound of trev's idea.

I don't really even understand how adding a password recovery system based around a person's email address would compromise accounts in any way.

People currently have their own accounts, and if someone breaks into their account, they're screwed - they can change the password, and the person loses access to the account and cannot redeem the password.

If the password recovery system is based around someone's email, that's THEIR personal security and responsibility, all it would do is email a password reset, then email a new password if it was reset. If you wanted to change your email, you do that via email too. The only time that's problematic is if your email provider closes your account before you have time to change your email.

Granted, i don't know how security was breached or what they did or gained, but for the life of me i can't understand why a recovery system which works for just about every other mmo in the world wouldn't work here where theoretically even less is at stake.