I recently tried logging into Diablo III after about a year - I still knew my username and password, but the account was locked. The email address to reset the password no longer existed. When I contacted their (very hard to find) support line, the expected wait time was forty five minutes - they wanted me to wait forty five minutes so that I could beg someone to give me access to a product I've already paid for.

The point is - email addresses can be hacked just as easily as account names and passwords. There are plenty of moments when people delete an old email address - maybe they were being harassed. Maybe they were starting a new relationship, and they didn't want old flings trying to get in contact with them - sending a message about casual six while the new girlfriend is surreptitiously looking over your shoulder. (Can I say awkward moment?) It could be a matter of simply wanting a newer (and cooler sounding) email address - I've done two out of four on that list.

If losing an email address, or deleting one without thinking about "Oh, this is used for XYZ games," and that then results in losing access to products that I've paid for - I've been burned twice now. The first was Final Fantaxy XIV, and then with Diablo III. I'm at the point where if something requires email verification to simply use the game - considering that email addresses can be lost, hacked, stolen, or deleted - I probably won't bother purchasing...

Or you could phone up support with the cd key/cc number and get your account back.....

Suggesting that one aspect of security should be dropped simply because there are other ways to get hacked is like saying it's useless to lock your car since you can lock your valuables in your glove compartment- it's two sets of security instead of just one.

If you are concerned about 'losing' your email, I would suggest that you become more responsible and not delete your emails randomly without first checking all of your bank, credit card, and websites that could be tied to it. That's just simple common sense. And if your email gets hacked, you should most likely immediately contact any institution that has ties to it. This is a non-issue if you are using your email system responsibly and reporting any problems.

Considering the large number of games that DON'T require email validation - I'm not going to sit on the phone for forty five minutes to beg for access to a product I've already paid for. I would rather write off the game as a loss, and go do something else. The entire reason I play games is to relieve stress and space out, not so that I can wait forty five minutes to beg someone to let me play a game that I already paid for.

Edit: Are you seriously giving me the two layers of security line? This is a video game. If the account gets hacked, and they're doing proper backups, then recovery should be a non-issue.

You know, you lose credibility when you use words like beg. I'm sure no one made you beg to access your account.

1) if your email is hacked, I would hardly think the situation would be stress free just because one of your games was not tied to the account.

2) Since this game uses your account name publicly, it needs an extra layer of security, since that is half of your login.

Ummm, no. Stop whining, stop making weird random email accounts. Keep the security.

With a proper password system, even with the username disclosed you're looking at billions of potential combinations. Add a 'lock-out' system that shuts down an account after so many failed login attempts (for about thirty minutes), and blocks an IP address for 24 hours after so many failed login attempts, and you're pretty secure at this point. A distributed brute force attack doesn't work if the computers on the botnet get shut out of the server, and you can't crack a single account while it's under lockdown. This is just basic internet security. Additional security against rainbow tables can be implemented by having the server try to autocrack the password before it accepts it - if it fails a cursory rainbow attack, then tell the user it's not good enough and make them pick another.

Fact is - the security questions you get through GMail are pretty weak. Take for instance questions like "What is your father’s middle name?" and "What is your first teacher’s name?" Anyone who knows you can use that information, guess the security questions for your password, and you're right. That won't give them your password. It'll allow them to change it. Then of course if you log into your email on a public terminal - and someone just magically installed a keylogger on that computer while you weren't there - guess what? That library or university computer you just used to check your email, has now given someone the ability to delete it, and thereby cut off access to... everything... That's if they're just having fun - and not out to steal money or destroy your life. With that one little login, you've given someone access to everything in your life - banking, social networks, gaming, everything.

Of course - if we start treating email a bit more like a mail service, rather than an identification system - and put the onus for security onto the people who provide services in the first place, then even if someone DOES get access to your email service, the amount of damage they can do is significantly curtailed.