fredonia
Rock Crab
Posts: 76 
FO Level Status: Ascended
|
Post by fredonia on Apr 16, 2014 22:35:27 GMT
First off, how would the naming of multiple characters per player work? To elaborate, if I had whatever the max allotment of characters per profile there would be, (let's just say it's three for this discussion) would all three characters be linked under a single profile name like fredonia? Or will three separate names going to have to be thought up for each character? Or would there even be some kind of 'master name' linked to the profile under the individual names of each character? Secondly, would the membership of a guild be linked to the profile or the character? Could I stretch my three characters across three different guilds with varying positions? Or only be allowed membership into one guild because my profile joined instead of my character? Circling back into the naming question again, if membership would be linked to a profile would I be speaking under a 'master name' when in guild chat? And if characters could be among different guilds I would be speaking instead under a character name, right? This could be stretched to include the friends system as well. Would people be 'friending' my character or my profile? What would be the difference? Thanks for the great updates and work so far, and thanks for taking the time to answer everyone's questions.  |
|
|
|
Post by minche on Apr 16, 2014 22:43:17 GMT
here's what has been concluded so far: account name is the public name, and the name that will be used for almost anything. there might be character names just to help the player distinguish the characters.
now that's an interesting suggestion, but I think it will most likely be that friending and profile will work with account too, as it is much simpler, and more commonly done. meaning when someone adds you as friend (or invites you to guild) you're added as fredonia and all your characters are showing to everybody else as fredonia.
|
|
|
|
Post by mvp on Apr 17, 2014 0:55:01 GMT
Here was a visual representation of the impression I was under with this system:  Where each was acting independent of the others regardless of being bound under one account. I did not think they would all be listed under the name "mvp" (referring to the example). With that in mind, it does subtract from a security standpoint as everybody sees your login name. It does save server space, however, as you can have these names stored locally. I am not saying store the character data locally as that would be an easy target to be hacked. Just the string. It seems like it would cause a lot of confusion with multiple characters using the same account name. Since you're probably storing the character names server sided anyways, just display those instead. |
|
|
|
Post by iamallama on Apr 17, 2014 1:52:54 GMT
I decided to just use the account name for all characters for a few reasons. First and foremost being that SmartFox has a built in buddy system that doesn't support multiple names for an account. By using it I don't have to write my own module. It does support a "nickname" which we could use for character name, but it still ties the account to the buddy list and so everyone on your buddy list would be changing all the time whenever they change character. We could use the nickname like "iamallama (llamaChar)" so you can see the account and the character. Still might do that though, but not at first because it is easier to just leave it the way it is with the default implementation. In the future it will probably be tied into the forum in some way allowing some pretty cool stuff.
|
|
|
|
Post by mvp on Apr 17, 2014 2:38:49 GMT
I'm perfectly fine with your nickname in parentheses. Allows us to see what characters are friends are playing on and avoids that "What character are you on right now?" conversation. I'd like to see that in the future but not game breaking right off the bat. Stick with that plan and I'd be happy.
|
|
|
|
Post by minche on Apr 17, 2014 6:29:15 GMT
yeah, and account name being used can help to avoid a lot of confusion, like nobody knowing who they're talking to, impersonating, and it's much easier to implement. believe me, using just character name can be so confusing  plus it can lead to some complications, like (accidental) deleting characters and taking over names, creating character to break rules (spam, scam...) and then deleting it (so people report non existing character, or worse yet in the meantime someone creates char with that name. sure it could be checked in logs but it's an added complication) and so on. I don't understand what do you mean by saving server space (by storing character names locally?) as it's just a couple of strings (sure it adds up, but still not that much), and they'd still need to be saved on the server (what if you play from another computer?). |
|
|
|
Post by Deleted on Apr 17, 2014 16:01:21 GMT
What's the problem about knowing the account's name? It was like that when you played FO...
|
|
|
|
Post by minche on Apr 17, 2014 16:17:04 GMT
it's just one of the security measures, generally you should avoid having username available to other users, but most websites ignore it, because with current securities it's pretty hard to find a password even if you have a username. and not only for security reasons, but for spamming prevention too, so if a list of usernames (or more commonly email addresses) can be easily obtained they can be added to spam list.
but as I said, it is often 'ignored' because it is just much more convenient to use the same username, usually doesn't pose a great security risk, and because it is easier for users to just use one name and navigate web pages (most would probably enter the same name anyways, and usually users expect to be able to open profile pages of other users like /username or /user/username)
|
|
|
|
Post by iamallama on Apr 17, 2014 17:45:07 GMT
The problem is that using standard login procedure you need two pieces of information in order to login. The username and the password. If your account name is shown to everyone else, then everyone else already has one piece of the information required to login as you. Also, as minche kind of said, people like to re-use username and password combinations. Recently there have been quite a few hacks where usernames and passwords have been released on the web. If those passwords were recovered, they now have the username and password combination for many people over many sites. If you have the username and password list from another site and you see someone on that list in the game, there is a good chance that they have the same password. By making the login username and character name different (or using another piece of information like email), it is just another piece that someone has to guess to login as you. |
|
|
|
Post by Deleted on Apr 17, 2014 19:05:25 GMT
So, Gamer somehow didn't cared about our account security? And you'll make it secure?
|
|
|
|
Post by minche on Apr 17, 2014 19:24:19 GMT
also, facebook doesnt care about your security by default (your fb mail is displayed on profile), neither does steam or reddit, or most forums and websites that use username as login. and even if they didn't show the username or email i could just try to register with those details and see if I get 'usenrname/email already taken' message. it is just a recommendation for another layer of security, because right now i can see that your username on forums is Bro. and lets say that you use your username to log in. I already know one piece of information needed to log in, so i could just either try password or check the username with any leaks. but as I said, most systems are protected against brute force. but I think that login might be with email and password, and account/username is just for in game. also, using username as both login and display doesn't make the system inherently insecure. it's just like an extra step, because even without that it can be pretty easy to just find out/guess the username or email address security is a tricky (and interesting) business |
|
|
|
Post by PinkCrown on Apr 17, 2014 19:42:48 GMT
You could also increase your own security by not using the same password everywhere, and using something a bit more complex than some people seem to go for  |
|
|
|
Post by iamallama on Apr 17, 2014 22:33:05 GMT
I use and suggest to everyone I talk to on the subject using a password manager like KeePass or LastPass. I generate a different random password for every website I visit (such as "S%w#sWGp6L6Ki1" which I just clicked "Generate" to get). Good luck guessing that. And even if one site of mine is compromised, not a single other one is.
Chances are we are just going to have your account name visible. It really isn't a security leak and is more "security through obscurity" which is nothing. I have other best practices in place to protect accounts (what I'm not going to say because that is a security leak in and of itself) but know that I'm doing everything I can to make sure the game is as secure as possible. Also depending on how big the game gets, this might change at any time.
|
|
