How can you be so cavalier with my password?

[Banaticus]

it used to be that the only way for someone to get my LotRO password was with an active keylogger running on my system. Now anything that can hack my browser can pick up my game password. If I go to the public library and log into the forums while I'm there, well, those computers all are basically the "same" computer -- it's the same problem that Gmail had when it first launched -- passwords are recoverable from one of the other library computers while I'm logged in.

Turbine, I know you want to "autolog" people into the forums when they browse them from the game, but how can you be so cavalier with my password? Haven't you been telling us for years that we shouldn't, ever, use the same password for the game and the forums? And now, without any warning or discussion, you just changed all of our forum passwords to our game password?

I thought you were better than this.

[MrsAngelD]

I completely agree, this is a very un-secure situation. There is absolutely no reason we should be using our game logins on this website or any website for that matter.

[Big_H]

Agreed, it is worrisome.

[Korandon]

Whatever do you mean? It's totally secure.



What a joke.

[Patrickwg]

Epic fail Turbine once again you show you do not care at all about our security. Game log in information same as account page log in information, then account information in-game with no password, and now this. Whats next?

[Frelorn]

In spite of some errors, the logins are secure. They use SSL for your login, which is the same system that banks and online retailers use when they take credit card information. Or for something more relevant to this discussion, it the same system we use on the myaccount page that we all created our game accounts on.

We would not be implementing a system like this if we were not confident about the security of our users.

[henry316]

We would not be implementing a system like this if we were not confident about the security of our users.

That's a keeper.

/only partially kidding

[Patience]

Just to add, the error message that's popping up is actually in error itself, and will be fixed in the near future!

[Korandon]

In spite of some errors, the logins are secure. They use SSL for your login, which is the same system that banks and online retailers use when they take credit card information. Or for something more relevant to this discussion, it the same system we use on the myaccount page that we all created our game accounts on.

We would not be implementing a system like this if we were not confident about the security of our users.

With all due respect:

Funcom changed the system for Anarchy Online to separate logins/passwords for forums and accounts because hackers were getting the info from the forums though packet sniffers and other tricks. Hacked accounts in WoW actually went UP after the change to Battle.net, the same setup you have just implemented. Forums are not secure enough for this type of system, period. One easily seen point of reference - http://forums.lotro.com

I appreciate your response, but I respectfully disagree with it.

Edit: Also, this is something that should have been announced to the community long before implementation, not snuck in a post the day it's planned to be done.

[Elfheart]

In spite of some errors, the logins are secure. They use SSL for your login, which is the same system that banks and online retailers use when they take credit card information. Or for something more relevant to this discussion, it the same system we use on the myaccount page that we all created our game accounts on.

We would not be implementing a system like this if we were not confident about the security of our users.

And why should we believe this when you used to tell us to NOT do the very thing you just implemented?!?!

[Rawlor]

What has been posted is correct. Since the cert is invalid the browser is not loading the site securely. Everything is transmitting in the clear.

When this is fixed please let people know by some public forum method, as I will not be using the forums until this is fixed.

[Ascus2]

In spite of some errors, the logins are secure. They use SSL for your login, which is the same system that banks and online retailers use when they take credit card information. Or for something more relevant to this discussion, it the same system we use on the myaccount page that we all created our game accounts on.

We would not be implementing a system like this if we were not confident about the security of our users.

I agree that the network transaction is secure, but your are assuming that the computer is secure. I would never dream of using a credit card on a public computer such as at school or library, I used to not worry about logging into the forums from such a place. A simple key-logger will now get access to my account, prior it could just get access to the forums.

Please re-consider having a separate forum account/password. If I want to get to my account, I don't mind having to type my real id and password for those rare events.

[Darmokk]

The SSL connection helps neither against keyloggers attached to web browsers nor against an attack on vBulletin, e.g. via a cross-site scripting attack targeting people's passwords.

Really bad move, IMHO.