At this point, the @username system is by far my biggest worry about this game's future.

It effectively hands half of one's login information to anyone they are friends of guilded with. Even if you are cautious about who you friend and don't join a large guild, if any of your friends of guildies get hacked, half your account info still gets stolen.

I would be shocked it at least 50% of players didn't have a PW that was one of the top few hundred most common, and I'd be shocked if more than 15% actually use a PW that can't be brute forced (long, random without words, using uppercase lowercase numbers and special characters).

IDK what kind of brute force protection measures are in place, but my guess is that it's probably at least 10-15 fails before they kick in, and they likely only look at a 15 to 30 minute window at most.

If this system doesn't change, a massive percentage of the playerbase will get hacked. It wouldn't be surprised if it's near or even more than 50%. I can virtually guarantee anyone with an 8 character password using just words and numbers will.

People don't like getting hacked, and expect decent security measures in any online service they use. If 25%+ get hacked, I think it could easily sink the game completely.

I see two possible solutions:

1. Do away with account bound guilds and friends entirely or make them optional. I think this should be done even without security concerns, because sometimes people just want to play an alt others don't know about to enjoy some time to themselves.

2. Use an identifier other than username.

If this is not fixed, I suggest people create strong passwords. One good way to do this is generate a list of at least 10 random words, write them down, take two letters from each that do not form a complete word on their own, capitalize half of them, and mix in at least a few numbers and special characters. In theory, such a password is borderline impossible to brute force.

I hope the devs are listening and take this seriously. Players are not as forgiving about security breaches as they used to be, and the @username system is one of the most glaring security failures I've seen in recent memory.

This should be priority one before launch, because it could singlehandedly destroy the game.

That is why i was relectant to join a Guild in beta, and possibly will be joining pugs alot after release

It would be fine if we could select an account name for the @username system that is separate from the one we use to log in.

I have a good PW, but I'm very wary of joining a guild, which is too bad because I enjoy trade and crafting, and guild AHs are the only semi-functional form of economy at the moment.

Agreed. I believe Zenimax as well as Bethesda need this game to do well, like Skyrim well and if people get hacked it will tank faster than MC Hammer. (old reference sorry if you don't get it... google him.)

Agreed, it needs to change.

Sooo much ignorance in here of how securitu actually works.

I could see it being an issue if your username was your email and you used your email password for the game maybe...

Ha! I'm old enough, lol.

I agree so much. I left my guild straight away when I saw you actually post with your username.

Its a huge security breach, Zenimax.

How is this different to using your email, join a forum use same email omg they got half your login, keep off dodgy sites and you'll be fine.

It's not a security breach.

<------ Here is half my account. Please hack it.

they have a temporary password system that pretty much nullifies the issue much like an authenticater does

To add a gamertag on b.net (blizzards system for diablo/wow) you must do the same thing. I dont see a problem.

Yeh but the solution for this issue is easily fixed and could avoid MAJOR headaches for support, it's a simple box to add to your account info where you put your visible name, for their forums, and this ingame chat, its so easy to implement and avoids so many issues, that it's hard not to ask it..

This.

Let us select an In-game name instead of showing people our Username. Also make and sell hard tokens as secondary wall of defense.

I have no idea who came up with the idea of showing usernames freely, and who approved it and why, but that's the dumbest thing I have ever seen.

I think you are being way to melodramatic. I suspect you quite simply do not like it, which is fair enough. But of all the games I played that use this system. None of them failed or had the security issues en mass you seem to predict. All Cryptics new games use it, and was started in City of Heroes before it was left in Paragon Studios hands.

Also you are overlooking the issues it solves.

It is for beta only they stated this chill the hell out people. But yes if it was permanent i wouldn't even risk it.

I'm talking about game account, not email. If someone has your login name, they have half what they need to access your game account. I'd wager that many, if not most players have a password that is vulnerable to a brute force attack.

What am I missing?

That people who get theirs passwords taken in the first place will also give their usernames in the process. This literally changes nothing.

Cryptic has ZOS licked on this, they have the second option the OP suggests AND their @name system allows for account bound character names voiding the necessity for name camping.

You have to think about today's world though, Target's credit card swipey machine was breached how the crap does that happen???? and im afraid to give my ID to some random person i dont know, he could get on my account and buy me a Yearly subscription i cannot afford. I know it would be impossible for a amateur hacker to crack my password but WHAT IF is my problem. I love the game and am going to play it but i will not be joining any guilds just for that reason.

Broadcasting your login user id in-game wouldn't matter that much if the game was launching with an authenticator.Wondering where account security is on their list of priorities.

Despite all the people who don't mind, I agree with the OP.

It would be much better if you had an user name not directly connected to your password.

The fact that they have implemented one time passwords that requests a password that was sent to your email when you try and login from a computer other than the one you made your account with.

I don't like everything being account bound, but I could live with it if we could use a handle other than our username.

I have never played even a single game that required users to give up the login name for social systems to function. Are you sure about that? Other AAA MMO launches have had scores of hacked accounts just because people used their username as a forum name.

Where was this stated? I may have missed it.