Jump to content
EN
Halloween 2025
1/8
Tanki Online V-LOG: Episode 536
2/8
Parkour Survival 2025: Extended Deadline for Challenge 7 and Early Conclusion of the Tournament
3/8
Invite a friend #4
4/8
Play on your main account on Nintendo Switch™!
5/8
Winter Major Rankings III 2025
6/8
Tanki Online V-LOG: Episode 535
7/8
Parkour Survival 2025
8/8
Play

Forum

New security measures for the game

By deadmanrising,
in Ideas and Suggestions

 Share

Recommended Posts

deadmanrising 715

Posted
Posted

As well as adults and mature people, there are also plenty of kids who play the game as well, and majority of the time glitches, bugs and other factors occur that can cause misunderstandings/problems between the helpers and the players

 

 

1. When a new player has registered and completed their first battle, trigger a message box encouraging them to add extra details to their account

 

When a player has registered, even if they have their email binded, they don't have a security question and they don't have any details about their account, so their account got lost or stolen, they have little ways of retrieving it

  • Allow the user to set a security question (optional)
  • Allow the user to give their personal details (optional)

Should their account be lost, it can be easily returned to them, and it is unlikely to be hacked/compromised

 

2. Allow the option for players to lock their crystals

 

Should players not follow the first option above and their account be lost, it's a problem because if their account has been taken over by someone else, they will either spend all their crystals and buy unwanted equipment; which is a nuisance because the attacker/intruder does not have any additional power over that account.

  • Allow users to set a lock on their crystals; this can only be undone with another password external from their account's password
  • Items cannot be bought unless the user disables the block by entering their secondary password (to prevent them from repetitively entering it)

This will save the moderators a lot of time, even if an account is hacked, it cannot be affected

 

3. Allow users to disable/enable the 'change' button in daily missions

 

 

vz7zw9.jpg

 

 

Allow the option to disable/enable the 'change' button on daily missions, sometimes it can be easy to make the mistake of accidently clicking the change button, we lose that important mission that we were close to completing and it's ridiculous that nothing can be done about it

 

4. Set a buffer that allows the user to undo their action if they accidently buy an item they don't want

 

Many players have made this mistake and unfortunately end up keeping an item they don't want, my suggestion is simple, a user buys an item they don't want, they have 12 hours to undo this and can only do it for two items purchased (maximum for each item), the counter then resets once every year, to avoid exploitation. 

 

5. Allow the user to also use their secondary password in chat/forums

 

As mentioned earlier, the secondary password shouldn't just be limited to crystals but chat as well, a big reason why hacked accounts are blocked is because they are used deliberately to break the rules in chat. The user sets a lock on the chat, they can't chat until they enter their password again to unlock the chat. They don't have to continue to enter their password to do this as i said earlier, only to enable/disable chat.

 

 

 

  • Like 23

Share this post

Link to post
Share on other sites

railguniz4noobz 2,394

Posted
Posted

I like the ideas, but people still fall for the main password scam.

I see emails being given out every day, so why not secondary passwords?

 

Today:

-everyone i can hack u crystals

-ok how do you

-i need ur password

-*gives password*

 

With this update:

-everyone i can hack u crystals

-ok how do you

-i need ur password for the garage

-*gives password and secondary password*

  • Like 1

Share this post

Link to post
Share on other sites

deadmanrising 715

Posted
Posted

I like the ideas, but people still fall for the main password scam.

I see emails being given out every day, so why not secondary passwords?

 

Today:

-everyone i can hack u crystals

-ok how do you

-i need ur password

-*gives password*

 

With this update:

-everyone i can hack u crystals

-ok how do you

-i need ur password for the garage

-*gives password and secondary password*

There's no update that can prevent a user from giving out their password, you can only encourage users not to give out personal information, with two password's, its unlikely that anyone would want to hack anymore

Share this post

Link to post
Share on other sites

railguniz4noobz 2,394

Posted
Posted

There's no update that can prevent a user from giving out their password, you can only encourage users not to give out personal information, with two password's, its unlikely that anyone would want to hack anymore

But people still give out their password.

Its just as easy to give out their second password.

 

 

-i can give you free crystals

-ok give them

-i need ur pass

*hacked*

 

 

-i can give you free crystals

-ok give them

-i need ur pass

-ok ill give you my first password only so you cant give me any crystals

 

The goal of a hacker is to tempt the other person to let them get on to do things.

Just say you need both passwords and it still works.

Share this post

Link to post
Share on other sites

deadmanrising 715

Posted
Posted

 

 

 

But people still give out their password.

Its just as easy to give out their second password.

 

 

-i can give you free crystals

-ok give them

-i need ur pass

*hacked*

 

 

-i can give you free crystals

-ok give them

-i need ur pass

-ok ill give you my first password only so you cant give me any crystals

 

The goal of a hacker is to tempt the other person to let them get on to do things.

Just say you need both passwords and it still works.

 

 

Yes but it's still that person's choice, it's their own fault if they give out their passwords because they know if there was such thing as free crystals they wouldn't need to buy them or play battles, and why would someone be so generous enough to hand over crystals anyway? It can't be prevented, on any game but there can be measures in place, as suggested.

Share this post

Link to post
Share on other sites

railguniz4noobz 2,394

Posted
Posted

Yes but it's still that person's choice, it's their own fault if they give out their passwords because they know if there was such thing as free crystals they wouldn't need to buy them or play battles, and why would someone be so generous enough to hand over crystals anyway? It can't be prevented, on any game but there can be measures in place, as suggested.

I think tanki should track chat with words like (password, account, crystals, free) so they can always revert the account back to before the hack and email the right IP with the new password.

That would make accounts nearly impossible to hack.

  • Like 1

Share this post

Link to post
Share on other sites

Spit_Fyre 334

Posted
Posted (edited)

1. When a new player has registered and completed their first battle, trigger a message box encouraging them to add extra details to their account

 

2. Allow the option for players to lock their crystals

 

3. Allow users to disable/enable the 'change' button in daily missions

 

4. Set a buffer that allows the user to undo their action if they accidently buy an item they don't want

 

5. Allow the user to also use their secondary password in chat/forums

 

Some excellent suggestions!

 

Agree with @drazeruzumaki though that #4 may not be necessary if #2 is implemented. The redundancy of purpose (accidental spending) could be an additional hindrance to its viability. Which brings me to #2 - I couldn't agree more with the idea. But the password problem...

 

I'm not sure how uncomplex adding another layer of password protection is. For starters, how would you change it? Thinking aloud, do current settings prevent a hacker from changing the primary password or the registered email? A real time example pops into my head - the 'transaction' password some banks use. Really drives you up the wall when you've got multiple bank accounts and are in a hurry. It's interesting to note that the bank in question eventually abandoned the measure.

 

I could think of one alternative to problems posed by nested passwords - a confirmation link/form sent via email getting triggered when there is an attempted crystal debit or email/password change. While that would mandate email registration, there is the advantage of not having to remember or worry about another password. Dependency on the 'external' factor will then be the trade-off for the guarantee of a snag free transaction.

 

What I feel is if #1 (security question/personal details) and the grinding details needed to cut the red tape at the tanki helpdesk entrance is sufficient to prove your account was hacked (i.e. a primary password breach), it should follow logically that all activity (crystal transactions, bans, posts etc) on that account following the date (approximate maybe?) of hacking needs to be reversed - this being the ideal case. Feasibility of this depends on how much information (on what level) tanki actually retains about each account. Personally I think it wouldn't be easy for the company to maintain a database that vast - it may be a big part of their job, I really don't know. If I had to hazard a guess, I'd say devs couldn't care less about it. Add a possibility of gold ;) by means of commercializing a security feature and they may look at it.

 

So how about sending snapshots of the users account (including settings, purchases etc) to the registered email at the end of a day/week? Would it help track inconsistencies? Open to debate.

Edited by Spit_Fyre

Share this post

Link to post
Share on other sites

railguniz4noobz 2,394

Posted
Posted (edited)

Ok, whenever someone logs in the locks are set.

If a lock is disabled (chat, forum, garage, friends list,) the data before the unlock and after the unlock can be reversed. The hacked could email to tech support to reverse it by saying the second password within 1 day of the change.

Edited by railguniz4noobz

Share this post

Link to post
Share on other sites

fordmustang12345 3,910

Posted
Posted (edited)

Some excellent suggestions!

 

Agree with @drazeruzumaki though that #4 may not be necessary if #2 is implemented. The redundancy of purpose (accidental spending) could be an additional hindrance to its viability. Which brings me to #2 - I couldn't agree more with the idea. But the password problem...

 

I'm not sure how uncomplex adding another layer of password protection is. For starters, how would you change it? Thinking aloud, do current settings prevent a hacker from changing the primary password or the registered email? A real time example pops into my head - the 'transaction' password some banks use. Really drives you up the wall when you've got multiple bank accounts and are in a hurry. It's interesting to note that the bank in question eventually abandoned the measure.

 

I could think of one alternative to problems posed by nested passwords - a confirmation link/form sent via email getting triggered when there is an attempted crystal debit. While that would mandate email registration, there is the advantage of not having to remember or worry about another password. Dependency on the 'external' factor will then be the trade-off for the guarantee of a snag free transaction.

 

What I feel is if #1 (security question/personal details) and the grinding details needed to cut the red tape at the tanki helpdesk entrance is sufficient to prove your account was hacked (i.e. a primary password breach), it should follow logically that all activity (crystal transactions, bans, posts etc) on that account following the date (approximate maybe?) of hacking needs to be reversed - this being the ideal case. Feasibility of this depends on how much information (on what level) tanki actually retains about each account. Personally I think it wouldn't be easy for the company to maintain a database that vast - it may be a big part of their job, I really don't know. If I had to hazard a guess, I'd say devs couldn't care less about it. Add a possibility of gold ;) by means of commercializing a security feature and they may look at it.

 

So how about sending snapshots of the users account (including settings, purchases etc) to the registered email at the end of a day/week? Would it help track inconsistencies? Open to debate.

Whoa thats long but .I think what he means by adding another password is that you would have to have that second password to change the main password Edited by fordmustang12345

Share this post

Link to post
Share on other sites

Spit_Fyre 334

Posted
Posted

Whoa thats long but .I think what he means by adding another password is that you would have to have that second password to change the main password

:D yeah, sorry about that. I read it like he meant keep a separate password for chat/forum and crystals alone - not a secondary password to override the primary. Still undecided about nested passwords though.

Share this post

Link to post
Share on other sites

Spit_Fyre 334

Posted
Posted

 Thinking aloud, do current settings prevent a hacker from changing the primary password or the registered email?

 

I know this is old, but I wanted to correct this ^ 

My email wasn't confirmed at the time I wrote that (and I was unaware of it), so the settings reflected enabled change fields. Now I see that the password/email change mechanism already works the way I suggested i.e. through links and is externally dependent on your email.

Share this post

Link to post
Share on other sites
Maf

Maf 32,300

Posted
Posted

I like the option to lock the crystals, if this was implemented we could finally have an option to sell equipment and drugs!  :)

Umm, no. That part definitely won't be happening.

  • Like 1

Share this post

Link to post
Share on other sites

KariWolves2 82

Posted
Posted

Feature to verify Alternate accouts

 

Hello!

 

I wanted to suggest a feature to verify alternate accounts. What this would do is, for your main account, your main account would have to validate your alternate accounts. Something recently happened that I cannot speak of involving a wrong alternate account. Here are the steps I suggest

 

1. If you have an already existing alternate account, link it to your main account

1b. What this means is that you are linking an account to an account. Not to an email but to an account

2.  Once the account is linked to the user's main account, both accounts will be linked

3. If you lose or forget your alternate account, you can ask help@tankionline.com to get it back

4. Your alternate account is going to be secured if somebody hacks your account or steals it, or something happens to it, then the Tanki Online administration can know directly who's account is who's

 

This seems complicated and would take some time to solve, but I hope it is at-least considered, it would really help.

 

@KariWolves

  • Like 1

Share this post

Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing
© 2010-2025 Alternativa Game Ltd. All rights reserved. Published by APL Publishing Ltd.
×
×
  • Create New...