Passwords - more security options

[Munna0 0]

Long and complicated password is no more a protection for a tankionline account. Hackers are easily getting access to players’ accounts and doing whatever they like to do.

 

Yesterday I changed my password and today my account is hacked. The hacker upgraded my M0 Railgun to M2 and purchased a useless paint. Day before yesterday my son’s account was hacked and the hacker spent all of his crystals. Both of our accounts are hacked twice yet despite of setting long and complicated passwords. So, we must do something to protect our accounts.

 

I have an idea to protect our accounts from hackers that I’d like to share with you. I humbly request Tankionline developers to take my ideas into consideration.

 

To protect account of a player from unauthorized access:

 

1. Add a second layer of protection as Google do. Make the computer of a player TRUSTED. Link a mobile (cell) phone number with the account of a player. Send a unique security code to the mobile or the email (as preferred by the player) of the player. The player has to enter the security code and password from his account on first login. Encrypt the password, security code and the MAC Address of the player’s computer and send them to Tankionline’s server. Save these data in encrypted form in the database of Tankionline.

 

1.1. Whenever a players logs in, his MAC Address must be checked to verify if the computer is trusted. If the computer is not trusted and the player is already connected from a trusted computer then this attempt is surely made by a hacker and the hacker’s MAC Address should be instantly encrypted and saved to catch him in future.

 

1.2. If the Player’s Nickname is not linked to the trusted computer and the Nickname is not logged in from anywhere, then this could be the genuine player or a hacker. In this case, generate and send a unique security code to the mobile phone and/or email (as preferred by the player) of the player and ask the player to enter the security code (a CAPTCHA could also be added). Then encrypt these data and send them to Tankionline server. If the security code matches with the nickname’s security code then ask the player whether he likes to make the computer trusted or not. If he/she likes to make the computer trusted then save the MAC Address along with the nickname to make the computer trusted also.

 

If the security code does not match with the security code of the nickname then deny the access request.

 

2. Second login must be denied while the same Nickname is already logged in. At present Tanki does it just the opposite and it shouldn’t be.

 

3. On “Change Password and Email” screen, existing password should be entered first before entering a new password. The security code that I mentioned above must be entered here also.

 

4. Tanki Forum Password could be different than the game password. I think, Tanki forum has security flaws.

I rarely log in to Tanki forum. I logged in the forum few months ago to vote for my favorite turret and the same day my account was hacked though, I set a long and complicated password. The hacker spent all the crystal that I saved (over 100,000) and upgraded my M0 Firebird to M2. My son’s account was also hacked about two months before my account was hacked.

 

Hackers have polluted Tanki. So, Tanki can’t sit silent allowing the hackers what they’re doing. If the hackers are not restricted, then players will not be interested to spend real money for their accounts. I hope my ideas will help the developers to improve the security of the game.

 

Thank you.

 

[TIMI 1,080]

So True <3 Finally Players are taking interest in this section also 

[lordmostafa 3,821]

How to protect your account against phishers, scammers, hackers?

[xaris52 75]

How to protect your account against phishers, scammers, hackers?

although we do what the topic says the hackers are able to do their job.

[xaris52 75]

Long and complicated password is no more a protection for a tankionline account. Hackers are easily getting access to players’ accounts and doing whatever they like to do.

 

Yesterday I changed my password and today my account is hacked. The hacker upgraded my M0 Railgun to M2 and purchased a useless paint. Day before yesterday my son’s account was hacked and the hacker spent all of his crystals. Both of our accounts are hacked twice yet despite of setting long and complicated passwords. So, we must do something to protect our accounts.

 

I have an idea to protect our accounts from hackers that I’d like to share with you. I humbly request Tankionline developers to take my ideas into consideration.

 

To protect account of a player from unauthorized access:

 

1. Add a second layer of protection as Google do. Make the computer of a player TRUSTED. Link a mobile (cell) phone number with the account of a player. Send a unique security code to the mobile or the email (as preferred by the player) of the player. The player has to enter the security code and password from his account on first login. Encrypt the password, security code and the MAC Address of the player’s computer and send them to Tankionline’s server. Save these data in encrypted form in the database of Tankionline.

 

1.1. Whenever a players logs in, his MAC Address must be checked to verify if the computer is trusted. If the computer is not trusted and the player is already connected from a trusted computer then this attempt is surely made by a hacker and the hacker’s MAC Address should be instantly encrypted and saved to catch him in future.

 

1.2. If the Player’s Nickname is not linked to the trusted computer and the Nickname is not logged in from anywhere, then this could be the genuine player or a hacker. In this case, generate and send a unique security code to the mobile phone and/or email (as preferred by the player) of the player and ask the player to enter the security code (a CAPTCHA could also be added). Then encrypt these data and send them to Tankionline server. If the security code matches with the nickname’s security code then ask the player whether he likes to make the computer trusted or not. If he/she likes to make the computer trusted then save the MAC Address along with the nickname to make the computer trusted also.

 

If the security code does not match with the security code of the nickname then deny the access request.

 

2. Second login must be denied while the same Nickname is already logged in. At present Tanki does it just the opposite and it shouldn’t be.

 

3. On “Change Password and Email” screen, existing password should be entered first before entering a new password. The security code that I mentioned above must be entered here also.

 

4. Tanki Forum Password could be different than the game password. I think, Tanki forum has security flaws.

I rarely log in to Tanki forum. I logged in the forum few months ago to vote for my favorite turret and the same day my account was hacked though, I set a long and complicated password. The hacker spent all the crystal that I saved (over 100,000) and upgraded my M0 Firebird to M2. My son’s account was also hacked about two months before my account was hacked.

 

Hackers have polluted Tanki. So, Tanki can’t sit silent allowing the hackers what they’re doing. If the hackers are not restricted, then players will not be interested to spend real money for their accounts. I hope my ideas will help the developers to improve the security of the game.

 

Thank you.

i faced the same problem 3 times, from the time i put the security code on my phone in login  my account didnt get hacked again.

[r_LightningStrike120 8]

What if you're playing on a non-trusted computer?