Generate Account Name Hashes -- Help Prevent additional Scamming

Being an avid traveler of the Character Bazaar, I have bought/sold many’a toon. In doing so I always feel a bit eery giving someone my account name to initiate a transfer for a character that I am purchasing. Feels strange giving out 1/2 of the puzzle to someone who now could start to guess passwords using my account name.

I thought it would be a decent idea to allow you to generate a hash of sorts inside your Account Management area that you can give to people for the purpose of buying/selling. This hash is essentially a link to your account name thats only purpose is for character transfers. Now you no longer have to divulge your account names to strangers.

Yes there are arguments against my concern:

  • enable 2 factor auth
  • update your passwords regularly
  • make them very unique passwords and use a password manager to store them
4 Likes

I think this is a good idea, or something else that obfuscates the account names of the people involved.

Aside from the three “solutions” you’ve already admitted exist, the only other reason I dont see CCP doing anything of the sort is that they shouldnt try to Fix Stupid. On either side. If someone’s dumb enough to try brute-forcing into an account someone transferred a character from, those access attempts ARE logged. It’s easy enough for CCP to go “hrm… these access attempts look just like the sources of the account who just bought a character from this guy. DOOMHEIMED.” And if someone’s dumb enough to not have their account secured in the first place… :dealwithitparrot:

For those who do not follow the bazaar. There has been a GIANT uptick of hacked accounts being posted for sale on the Bazaar during the last week. I have my own assumptions of why it was done during FF, but I digress.

With this uptick, people who fall for the bait and attempt to purchase these scammed characters are now handing over their account name to hackers.

I’ve just made it 1 step easier for the hacker to try and get into my account by giving them my username.

These are just a few of the many scammed sales in the bazaar in the last ~7 days where players have no handed over their account name to a hacker in thoughts of them making a sale.

We need account name hashes that we can generate for this purpose.





i think you are right with that … giving somone your username is not a good idea at all … you cant change your username so you give out the only thing you cant change …
you can change your mailadress, your password and your 2 factor authentication changes everytime you use it so …

that system has to change i guess
thanks for your thoughts about that security thread

JuuR

1 Like

even credit card companies are starting to do similar things. I agree, this would be a good idea.

Account security is serious.

2 Likes

Went through the bazaar and got the complete list of current scams. We’re up to 12. Now 12 may not seem like that many, but most of these characters are going for 50-100b which I assume (never looked) RMT’d to a very nice profit. On top of the isk, they drain the SP and sell the injectors which doubles the isk they can RMT.

In the 7 years I’ve been character trading (with breaks). I’ve never seen more than maybe 1 in a 6 month period if you’re lucky. We’ve seen 12 in ~8 days.

Wts 51 ml pvp pilot
WTS 105 ml sp sub pilot
Wts 62 m toon
Wts 72 mln sp subcap toon
Wts 94 mln sp gunnery toon
Wts 117 sp awesome subcap
Wts 79m sp
WTS 11 ml SP Pilot
WTS Awesome 84 ml sp pilot
WTS 84 SP toon
Rorq toon for sale
WTS 68.2 ml Sp pilot + 500 k free sp

The topic naming convention is all very predictable if you look closely. The description of the sale post is also very similar if not exactly the same format across the majority of them.

Unfortunately our efforts are Reactive not Proactive. We can report these posts and all these things but ISD does not have access to check anything on the backend of these accounts (to my knowledge). So we’re left to waiting for someone to take the bait and fail to receive the character, which then means a ticket and waiting days to weeks which by then all the assets are in the wind.

and you have proof that this increase is do to needing the account name for toon trades? if not its irrelevant to the initial post

No its more a supporting case that scams do happen on the bazaar, and the people in those 12 posts (now 13 actually, one this morning) Have given their account name to a know scammer/hacker

so they don’t actually support the claim that the account name is too risky?

You’d have to ask them if they enjoy giving them account name to hackers. I know that one of the major Character Traders who is on the bazaar daily hates the fact that he has given accounts to these scams.

i mean if you are that paranoid send it to a middle man account

actual the fact that that exists and gives ccp more money hurts the chance of this idea even more

1 Like

Not going to say I understand the character bazaar much, but adding a hash to your username should be ridiculously simple, and it kind of falls into the category of “why not?”.

1 Like

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.