CSM & CCP,
I recently had a discussion with a couple GM’s where I asked about some details of the account recovery process. The short version of my concern (and, really, it should be everyone’s concern) is that if an account is fraudulently claimed, then the original owner of the account doesn’t get a notification which would allow them to deny the transfer of ownership.
I realize CCP has a process to filter out fraudulent claims, but I’ve also talked with users over the years who’ve lost their accounts in exactly this way. Maybe those users weren’t good at protecting their personal information … but my argument is that if CCP adjusts the recovery procedure, then it’d let us all feel more secure in knowing the risk of losing everything we’ve built up on our accounts would be almost nothing even as compared to the already-quite-tiny risk which sits in the back of a few of our minds.
My suggestion comes in two small parts.
1 - Add a box in the user management panel of the website where we can optionally choose to enter a separate special password which would be required for account recovery to be accepted by a GM (possibly in addition to the current steps). If this part is adopted, I’d like to have the administrator control panel for GM’s show only a blank box where they’d need to copy/paste the password provided by the user in order to get the green light from the system to proceed.
2 - Send an email to the on-file address the moment recovery is accepted by a GM and include links which would allow the user to confirm or deny the transfer as simply as possible. Even if the first part isn’t adopted … this part would be tremendous on its own merit.
In conclusion, even if you can’t be convinced account recovery fraud is really a problem, the change would be good to reinforce the idea that CCP is putting power in the hands of players to be a correcting force if it should ever find a way to become a problem.