Securing the garage

[arun24 6]

Good Idea.

Thanks, can you please vote yes in the poll if you really think so

[AplhaZorak 135]

I have no idea how so many people manage to get "hacked". In my opinion if you are sensible enough to not give away your account details, not visit suspicious sites and not use a password like "qwerty" or "123456", then you are 99% safe.

I've actually got hacked 2 times in 2 weeks. Tanki Support said :(

[arun24 6]

I've actually got hacked 2 times in 2 weeks. Tanki Support said :(

Make your password a little more difficult for your hacker but make sure its something you will remember. I recommend that you use a random generator to make a bunch of set characters in a random format, and either copy and paste it every time you login. However the downside to that is you can accidentally paste it in the chat and someone might think that theres something odd about what you posted.

 

What i do recommend if you do, do that is that you write it down and memorize it. Tanki Online used to do that in 2012, as far as i know because when i signed up i gave them my email and they sent me  a randomly generated password. They did that for my brother too. 

[Meowmix56 174]

People will have their passwords socially engineered away from them regardless.  Some by being too trusting, others by trying hacked clients and cheats that double-crossed them.  You might say that tanki shouldn't protect people from themselves or that after trying to download hacks they deserve to have their account stolen, however such a policy would harm the community as a whole.  It just gives more accounts to more experience and more dangerous hackers and scammers.  It means more mults, more people who do not care if one of their high level accounts gets banned, and probably a grey market where people sell accounts with strong garages.  A secondary password tier might not be the best solution, but it would protect the crystals and garage, protecting people dumb enough to give out their primary password from losing everything.  It would make recovery easier by having another piece of information to send to the help staff.

[arun24 6]

People will have their passwords socially engineered away from them regardless.  Some by being too trusting, others by trying hacked clients and cheats that double-crossed them.  You might say that tanki shouldn't protect people from themselves or that after trying to download hacks they deserve to have their account stolen, however such a policy would harm the community as a whole.  It just gives more accounts to more experience and more dangerous hackers and scammers.  It means more mults, more people who do not care if one of their high level accounts gets banned, and probably a grey market where people sell accounts with strong garages.  A secondary password tier might be the best solution, but it would protect the crystals and garage, protecting people dumb enough to give out their primary password from losing everything.  It would make recovery easier by having another piece of information to send to the help staff.

If you agree with my suggestion then why did you Vote "No"?

[Meowmix56 174]

If you agree with my suggestion then why did you Vote "No"?

Because I am holding out for e-mail verification, user visible history of log in ips, and a mechanism preventing multiple accounts from the same ip joining a normal battle.  It would be a much more effective solution to the same problem.  This would be better than nothing but not good enough.

[arun24 6]

Because I am holding out for e-mail verification, user visible history of log in ips, and a mechanism preventing multiple accounts from the same ip joining a normal battle.  It would be a much more effective solution to the same problem.  This would be better than nothing but not good enough.

What do you suggest to make the idea even better? I saw someone make a topic about a security questioni everytime you login but thats to much. Plus people will ask questions regarding obvious answers.

[Meowmix56 174]

A similar approach that google or steam take.  Record every ip address that a player uses to log in.  This history will be visible to the player from settings so watching their crystals isn't the only way to know if someone else is using their account.  Every time the player logs in from a new ip (by default, it could have a setting to only require verification if signing in from a different region) it sends a verification to their email.  No additional passwords to remember and less work for the player.  Most users will have to verify at most couple times a year.  The vast majority of residential ISPs use "sticky" dynamic IP addresses.  Meaning that while they can change they generally do not for the life of the account.  Dynamic IPs can fit within an allowable range that would not need verification, same system steam uses. 

[arun24 6]

A similar approach that google or steam take.  Record every ip address that a player uses to log in.  This history will be visible to the player from settings so watching their crystals isn't the only way to know if someone else is using their account.  Every time the player logs in from a new ip (by default, it could have a setting to only require verification if signing in from a different region) it sends a verification to their email.  No additional passwords to remember and less work for the player.  Most users will have to verify at most couple times a year.  The vast majority of residential ISPs use "sticky" dynamic IP addresses.  Meaning that while they can change they generally do not for the life of the account.  Dynamic IPs can fit within an allowable range that would not need verification, same system steam uses. 

I see what you mean. Every time i login my gmail to a different device i get an email from google asking if i am the one who did it. They state that they have records of IP adresses.

 

Oh and actually Tanki already has those logs themselves. So why not provide each player with their own set of those logs. The reason i know this is because my first ever account was hacked and tanki blocked it claiming i gave out my password which i did not.

[Darren4Turbo 4,913]

How about if a hacker hacked the password for the garage as you suggested  :ph34r:

[snipe3000 678]

I have no idea how so many people manage to get "hacked". In my opinion if you are sensible enough to not give away your account details, not visit suspicious sites and not use a password like "qwerty" or "123456", then you are 99% safe.

I got hacked and my password is not 1234… or qwerty. So apparently that 1% happened to me.

[arun24 6]

I got hacked and my password is not 1234… or qwerty. So apparently that 1% happened to me.

People get hacked by a person using different resources. Or the hacker could be watching them for a while. @404Username was watching me on m first acc and made me spill some details that made him get my password. That account was blocked and thats why i am always hating on Tanki. Their support team is annoying and ridiculous.

[arun24 6]

Oh btw last time i checked @404Username was blocked at the rank of First Lieutenant. Why is his account Lieutenant Colonel and why is he "Unblocked"