<p>When I log into the game,  I hit the patcher icon, it patches if necessary,  the presents me with a giant PLAY button.   I click it, and find myself in game.    One thing I find likeable is that I do not have to type my machine generated, hard to guess, hard to remember and even harder to type correctly password into a window filling with little balls as I type.     Click, click, and there I am, in game.</p><p>I go over to the forums, and I find I cannot log in without being taken to a private page,  having to manually type in my (different) machine generated, hard to guess, hard to remember and even harder to type correctly password into a window filling with little balls.   To make matters even more irritating, I don't even get sent back to the article I was reading and wished to respond to.</p><p>Our community service rep replied to a post complaining about the forum login by explaning it was done that way "for security reasons".    Huh?</p><p>Can we get a more complete answer from the community rep, or maybe the dev himself can explain why having my game password remembered by my computer is no risk,  while having my forum password remembered is a great risk?   Something isn't right somewhere in the story.</p><p>What could a hacker get if they hacked the forums?   Obsolete posts from people no longer here?   If there is little risk in the game login method, there's even less in using it for the forums.</p>

<p>I agree. The forum situation is silly and annoying.</p>

<p>I also hate having to type in my login and password every single time I log into the forums. To me this is a higher risk than being able to save it, as if I have a keylogger, they can get both sets of information. Thankfully I use different passwords for everything so having my game logins isn't going to get access to things like my banking information, but it is still obnoxious (and a bit insecure) to have to type out everything every time.</p>

<p>Complain all you like. Its not going to change anything. Management has said NO. So NO it is. Its the golden rule at work. They have the gold and we dont. So they win every time. If there are any NASCAR fans out there you'll get this. If you dont want to race by our rules then go race somewhere else. For those not versed in NASCAR it means this. We make the rules and if you dont like it go elsewhere..but..there is no elsewhere to go and they know it. </p>

<p>We're stuck with the "security fix" it seems. Even though having to type in a password repeatedly is the exact opposite of good security, but whatever floats SoE's boat.</p>

<p><cite>Glenolas wrote:</cite></p><blockquote><p>What could a hacker get if they hacked the forums?   Obsolete posts from people no longer here?  </p></blockquote><p>They would get station names and passwords of pretty much everyone that ever played EQ2 or any other SOE games since the absurd decision made a few years ago to force people to use the same login/password for forum/games/account management etc....</p>

<p>It's just another obstacle to make it more difficult to post on the forum. By the time you've logged in and got back to where you were reading, it's often just too much bother to post anything. So their workload is less and they've decreased the possibility of people complaining or asking for things.</p>

<p><cite>Ragnaphore wrote:</cite></p><blockquote><p><cite>Glenolas wrote:</cite></p><blockquote><p>What could a hacker get if they hacked the forums?   Obsolete posts from people no longer here?  </p></blockquote><p>They would get station names and passwords of pretty much everyone that ever played EQ2 or any other SOE games since the absurd decision made a few years ago to force people to use the same login/password for forum/games/account management etc....</p></blockquote><p>No, you are completely off base.</p><p>Yes, if someone hacked SOE again, they could aquire that information.  However, that information is for both forum and game.  You're getting someone's Station account information.</p><p>The difference here is that if someone hacks SOE, they get EVERYONE's information.</p><p>On the other hand, if someone hacks my PC, all they get is MY account information.  Not yours.  Not Glenolas.  Just mine.</p><p>"Security" is a BS reason and we all know it.  Forcing people to log in more often actually DECREASES security because the more often we type our password, the better chance there is for a zero day keylogger to pick it up.  Once every couple weeks or a couple times per day . . . you figure it out.</p>

<p><cite>Banditman wrote:</cite></p><blockquote><p><cite>Ragnaphore wrote:</cite></p><blockquote><p><cite>Glenolas wrote:</cite></p><blockquote><p>What could a hacker get if they hacked the forums?   Obsolete posts from people no longer here?  </p></blockquote><p>They would get station names and passwords of pretty much everyone that ever played EQ2 or any other SOE games since the absurd decision made a few years ago to force people to use the same login/password for forum/games/account management etc....</p></blockquote><p>No, you are completely off base.</p><p>Yes, if someone hacked SOE again, they could aquire that information.  However, that information is for both forum and game.  You're getting someone's Station account information.</p><p>The difference here is that if someone hacks SOE, they get EVERYONE's information.</p><p>On the other hand, if someone hacks my PC, all they get is MY account information.  Not yours.  Not Glenolas.  Just mine.</p><p>"Security" is a BS reason and we all know it.  Forcing people to log in more often actually DECREASES security because the more often we type our password, the better chance there is for a zero day keylogger to pick it up.  Once every couple weeks or a couple times per day . . . you figure it out.</p></blockquote><p>Also people will turn to products like LASTPASS that logs you in automatically which I doubt will delight the security folks at SOE.</p><p>All this is doing is inviting people to find 3rd party software to make logins easier. Not sure this is what SOE had in mind.</p>

<p><cite>Banditman wrote:</cite></p><blockquote><p>No, you are completely off base.</p><p>Yes, if someone hacked SOE again, they could aquire that information.  However, that information is for both forum and game.  You're getting someone's Station account information.</p><p>The difference here is that if someone hacks SOE, they get EVERYONE's information.</p><p>On the other hand, if someone hacks my PC, all they get is MY account information.  Not yours.  Not Glenolas.  Just mine.</p><p>"Security" is a BS reason and we all know it.  Forcing people to log in more often actually DECREASES security because the more often we type our password, the better chance there is for a zero day keylogger to pick it up.  Once every couple weeks or a couple times per day . . . you figure it out.</p></blockquote><p>Exactly. This logging in all the time for "security" is pure crap and we all know it.</p>

<p><cite>Banditman wrote:</cite></p><blockquote><p>"Security" is a BS reason and we all know it. </p></blockquote><p>Yes, I think many of us know it.  Of course it's not, or we'd have to manually enter the password for game login, and when that happens, you could hear the game exit gates clanking all the way to Mr Smedley's office.</p><p>I started the post in hopes of smoking out the real reason for the change, whatever it is.  It will eventually leak out, if it already hasn't.</p><p>There are two theories making the rounds in the back channels.</p><p>1).   They assigned some rookie web page developer to do something (no idea what) with the logins, and it went horribly wrong.    It practically yells  "I've never done this before and they made me do it anyway."    This theory is held by many of the programming community, with the supporting evidence being you don't even get taken back to the article you were reading when you decided to log in.   You start completely over at the top menu.   Sending you back to your login page is so basic, and so easy,  that nobody could fail except the totally inept.     Amerys herself wrote that it was totally borked from a user standpoint.    The dev, when questioned,  tossed the "security" argument to the community rep, who couldn't argue from a position of knowledge, so just passed it on to us, letting him off the hook.</p><p>2).   The tinfoil hat and conspiracy theory folks hold that it was done by a pro, and the results are deliberate.     It is aimed to discourage the use of the forums,  viewed as nothing but trolls by SJ.   The forums are not nice to SJ, because they tend to dig up things he said 3 weeks ago that now are in direct conflict with today's statements, creating the uncomfortable view that we'd being misled a lot.      So, if you get tossed out every 10 mins,  have to login manually, and then get redirected to the top menu again,  maybe you'll just quit the forums.   The 10 mins was so severe the mod's couldn't even read the post all the way before being tossed, so they adjusted to 3 hours.</p><p>Their supporting evidence comes from SJ's own posts on the forum, from the fact that no web designer could be so inept as to not be able to get you back to the page you logged in from, and  that the forums were working fine previously and needed no change whatever, so it all had to be deliberate. </p><p>Since this change was undoubtedly approved by the new producer, Holly,  she might want to wade in somewhere in all of this.    No game that I play disallows having my browser remember my UID and password for their forums except EQ2, and absolutely none of them fail get get me back to the article I was reading when I decided to login and comment.</p>

<p>I think it's doing what was intended, the daily post numbers seem to be down.</p><p>With all of the broken links around the site, the idea that they deliberately did anything with logins seems unlikely.</p>

<p>I've had Firefox configured for years to automatically delete my history and cookies every time I exit the browser. So I didn't even know this change existed.</p>

<p><cite>Glenolas wrote:</cite></p><blockquote>Since this change was undoubtedly approved by the new producer, Holly,  she might want to wade in somewhere in all of this.    No game that I play disallows having my browser remember my UID and password for their forums except EQ2, and absolutely none of them fail get get me back to the article I was reading when I decided to login and comment.</blockquote><p>Good luck getting anything from her, not even as much as a visit to the into thread they made for her, Domino was nice enough to pop in and tell us "She was very busy". I'm not gonna bash Domino because she was probably thrown under the bus by someone and told to make that post, there will be no better communication between Holly and the playerbase than there was with SJ, at least SJ would have replied with "LOL I'm busy" and left it at that.</p>