It took 25 hours but the NCSoft people replied to my ticket about my lost log-in information. Unfortunately the reply was a form letter. I used to work in a support role for an online game and I certainly sent out my fair share of form letters so I'm not sure it's really ok to complain, but I'm going to do it anyway. In my case I was rarely in a position to actually do anything and sending people to a form to fill out was all I could do. I'd like to think in my case here that 'Sam' could have done something more.
At any rate, if I can't answer my security questions I need to fill out a bunch of other information. I can somewhat see why they'd want me to answer this stuff to prove I'm actually me since they don't want just anybody logging in to my account. On the other hand the account has been inactive for almost 6 years and I'm not asking for the information to be sent to me. I want it sent to the email address registered with the account when it was created. It feels like it would be a good customer experience to just give me my account back. Best case scenario I'm actually me and they make me happy by limiting the hoops I need to jump through. Worst case scenario someone steals an account I haven't used in 6 years. Disaster scenario is someone steals an account I haven't used in 6 years and then I actually show up and want it back too. In that case I'd just find a way to restore what I'd be missing and kick the thief out. It feels like the disaster scenario should be a lot rarer than the best case scenario, especially after they send out a recruiting drive email.
The stuff the form wants me to answer is my name, address, and date of birth as of when I created my account. (I can't imagine by birth day would have changed!) It wants the serial codes for the games added to the account, and the unique account IDs sent when I activated those games. It also wants the last 4 digits of my credit card used to activate the account.
Some of that I can provide. I do still have the initial email so I have that account id. I don't have the last 4 digits of that credit card since that credit card expired like 5 years ago and I didn't keep it. (I also had to have it changed after some fraud concerns.) I don't have a clue what the serial code would be. I've moved several times since then and the City of Villains box is not something that made it through all those moves. Frankly I don't even know where I was living when I activated the game. It wasn't out in New Brunswick since I was playing with my brother online only. It wasn't with Pounder, I don't think, since I don't recall trying to convince him to play with me. So it was probably one of the random places in Waterloo I lived in for 4 months?
So, yeah, I don't have most of the information they want. I might be able to eventually convince them that I'm me despite not having the info they want. (I once had my Yahoo account get hacked and managed to get it back by taking the 'come on, please?' tactic over and over until it worked.) Getting to take a picture of Oroku Saki is really not worth all that hassle though.
Time to uninstall a game I didn't get a chance to try again. Sorry, City of Villains, you lose.
Showing posts with label security. Show all posts
Showing posts with label security. Show all posts
Sunday, October 02, 2011
Saturday, October 01, 2011
NCSoft "Security" Issues
I got up this afternoon around 3 and, true to my word, started installing City of Heroes. It downloaded some sort of launcher program first and then that started installing the game itself. I busied myself in other windows, screwing around in Galaxy Legion and playing some turns of board games on Yucata.
Suddenly my second monitor went black. (My computer is a laptop with a larger monitor connected via an HDMI port.) My laptop monitor flickered and came back with a drastically reduced resolution. Then my second monitor returned. I was a little freaked out, especially since nothing had popped up to indicate anything would be happening. Things were lagging but I managed to get to my desktop and change the resolution back. Then I looked and realized that City of Heroes had finished installing enough to launch itself in the background without telling me and took it on itself to wreck my display settings.
I went to that window and had a hard time moving around. It would seem it didn't realize that I'd changed the resolution back so if I wanted to click a button I had to move my mouse to where the client thought the button was instead of where the screen was showing it. Ok, fine. I manage to click the exit button after fighting for a few minutes and relaunch it. It screwed up my display again so I sucked that up and tried to log in. No go. I didn't know what my password was and it wasn't any of my standard ones circa 2005. Not too surprising I guess, so I went to the password recovery form. They know my email address (after all, they spammed me to get me to come back) so this should be a simple fix, right? Send a new password to my email address and let me play.
Nope. I enter my username in the password recovery form and they tell me I need to answer the security questions I chose when I created my account. I hate this sort of thing, but ok. What questions did I pick? My father's middle name and the name of the hospital where I was born.
WHAT?
I don't know the name of the hospital where I was born. I can't imagine 2005 Nick knew that either. On a whim I checked my birth certificate in case it said. Nope. Other than calling my mother and seeing if she knows I can't think of a way to get that information. There's no way I would have done that in 2005 to create a game account. Maybe I put in dummy information assuming I wouldn't need to use it? Regardless, there's no way I can get my account back via the form.
I found a way to contact support and sent them an email explaining my case and complaining that the form wouldn't let me get my account back. That was 5 hours ago with no response as yet. On the one hand it is the weekend and maybe they don't have people checking their support inbox right now. On the other hand they did just send out a recruiting email and needed to expect some people would try to log in and be unable to. I theorized that they sent the email on a Friday so I could spend my free weekend trying their game out again. Well, I can't do that because they're not letting me and it's not making me happy. I was willing to spend a couple hours trying the game again. Instead I've spent those hours installing software which screws with my display settings and trying to get back an account. It hasn't been fun and I'm pretty much giving up at this point.
The launcher listed some other games. Aion, Guild Wars, Lineage 2. Apparently they all use one master account like Blizzard's Battle.Net. So I can't play those games either. I did a little searching about this NCSoft master account and apparently it's a bit of a disaster. Apparently those security questions I couldn't answer? Added in on March, 2011. Which raises all kinds of questions... How did NCSoft find out my father's middle name? How do they know where I was born? How can they possibly justify keeping me out of my account for not knowing the answers to questions they made up? Do they not even want me to be able to recover my account?
I then found a horror story which is really hard to imagine happening. Apparently when you logged into your NCSoft master account it would sometimes log you in as someone else. Changing your password and other information once you were logged in didn't require reauthentication. So you'd log in as someone else and could then change their password to whatever you wanted. Which would give you access to their Aion account. And their CoH account. And their GW account... Sleazy people who figured this out would then log in and our of their account over an over until the site gave them access to someone else's account at which point they'd clean them out and repeat.
I'm just flabbergasted. The way they seem to handle security given those two things just blows my mind. I have so many games to play that I can't imagine giving these people my time or my money. One of my old WoW friends has been trying to convince me to play Guild Wars 2 when it comes out but it's an NCSoft title and I'm really not sure it's worth the risk. If I'm going to invest a lot of time into a character I want to be reasonably confident that character isn't just going to disappear one day, either to the system getting hacked or to the site randomly locking me out.
Suddenly my second monitor went black. (My computer is a laptop with a larger monitor connected via an HDMI port.) My laptop monitor flickered and came back with a drastically reduced resolution. Then my second monitor returned. I was a little freaked out, especially since nothing had popped up to indicate anything would be happening. Things were lagging but I managed to get to my desktop and change the resolution back. Then I looked and realized that City of Heroes had finished installing enough to launch itself in the background without telling me and took it on itself to wreck my display settings.
I went to that window and had a hard time moving around. It would seem it didn't realize that I'd changed the resolution back so if I wanted to click a button I had to move my mouse to where the client thought the button was instead of where the screen was showing it. Ok, fine. I manage to click the exit button after fighting for a few minutes and relaunch it. It screwed up my display again so I sucked that up and tried to log in. No go. I didn't know what my password was and it wasn't any of my standard ones circa 2005. Not too surprising I guess, so I went to the password recovery form. They know my email address (after all, they spammed me to get me to come back) so this should be a simple fix, right? Send a new password to my email address and let me play.
Nope. I enter my username in the password recovery form and they tell me I need to answer the security questions I chose when I created my account. I hate this sort of thing, but ok. What questions did I pick? My father's middle name and the name of the hospital where I was born.
WHAT?
I don't know the name of the hospital where I was born. I can't imagine 2005 Nick knew that either. On a whim I checked my birth certificate in case it said. Nope. Other than calling my mother and seeing if she knows I can't think of a way to get that information. There's no way I would have done that in 2005 to create a game account. Maybe I put in dummy information assuming I wouldn't need to use it? Regardless, there's no way I can get my account back via the form.
I found a way to contact support and sent them an email explaining my case and complaining that the form wouldn't let me get my account back. That was 5 hours ago with no response as yet. On the one hand it is the weekend and maybe they don't have people checking their support inbox right now. On the other hand they did just send out a recruiting email and needed to expect some people would try to log in and be unable to. I theorized that they sent the email on a Friday so I could spend my free weekend trying their game out again. Well, I can't do that because they're not letting me and it's not making me happy. I was willing to spend a couple hours trying the game again. Instead I've spent those hours installing software which screws with my display settings and trying to get back an account. It hasn't been fun and I'm pretty much giving up at this point.
The launcher listed some other games. Aion, Guild Wars, Lineage 2. Apparently they all use one master account like Blizzard's Battle.Net. So I can't play those games either. I did a little searching about this NCSoft master account and apparently it's a bit of a disaster. Apparently those security questions I couldn't answer? Added in on March, 2011. Which raises all kinds of questions... How did NCSoft find out my father's middle name? How do they know where I was born? How can they possibly justify keeping me out of my account for not knowing the answers to questions they made up? Do they not even want me to be able to recover my account?
I then found a horror story which is really hard to imagine happening. Apparently when you logged into your NCSoft master account it would sometimes log you in as someone else. Changing your password and other information once you were logged in didn't require reauthentication. So you'd log in as someone else and could then change their password to whatever you wanted. Which would give you access to their Aion account. And their CoH account. And their GW account... Sleazy people who figured this out would then log in and our of their account over an over until the site gave them access to someone else's account at which point they'd clean them out and repeat.
I'm just flabbergasted. The way they seem to handle security given those two things just blows my mind. I have so many games to play that I can't imagine giving these people my time or my money. One of my old WoW friends has been trying to convince me to play Guild Wars 2 when it comes out but it's an NCSoft title and I'm really not sure it's worth the risk. If I'm going to invest a lot of time into a character I want to be reasonably confident that character isn't just going to disappear one day, either to the system getting hacked or to the site randomly locking me out.
Subscribe to:
Posts (Atom)