Account Security

[Jonster]

Whilst playing, and recently seeing a compromise in terms of security via accounts, it occurred to me that something else needs to be done to protect ones account.

Firstly, one of these ideas could be that you are required to type in your D.O.B when you log in. This would make it yet more difficult for one to access an account not owned to them - and as well as your D.O.B, obviously a password and another idea would be a USERNAME is required instead of the Habbo's nickname. Each Habbo should have a username AND a nickname. I'm never quite sure as to why Habbo did not impliment this, as it is one of the most secure ways to prevent access to an account not belonging to a hacker.

Finally, if one was to attempt to access your account and the account is logged on and in-game, a small message would appear (similar to when you first start - the small speech bubbles), where you can report this to an online moderator OR to a database/list later looked at by official staff.

It would work like this...

• X has just logged on at 5:45pm, January 21st 2009
• After spending 20 minutes on the Hotel, someone has noticed X.
• Y attempts to compromise the account, by guessing (perhaps) the details
• X receives a message in-game, with the words "A user has attempted to access your account. Do you wish to report this person? [TICK] [CROSS]"
• X decides to report this person, and with that report is the persons IP, and possibly MAC address - not really sure if I'm honest, but something that could easily identify this user later on to warn them.

It's just an idea, and in some cases may be to the extreme. But, given the amount of lost accounts recently, whatever helps to stop this is worth it.

[Mathew]

A problem with this is that some people do not know the Date of Birth they signed up with. To go around this, Habbo would have to send everyone their date of birth through email, which really defeats the object of why it's so important.

I would like to see the "username" field implemented, I too have never understood why they have your Habbo name and not a seperate one.

I do like the idea of the "small message", which is another feature which could be added to the Habbo Infofeed.

A simpler solution to all this would just to have Habbos make their passwords a series of letters and numbers... :rolleyes:

[Frisky]

Whilst playing, and recently seeing a compromise in terms of security via accounts, it occurred to me that something else needs to be done to protect ones account.

Firstly, one of these ideas could be that you are required to type in your D.O.B when you log in. This would make it yet more difficult for one to access an account not owned to them - and as well as your D.O.B, obviously a password and another idea would be a USERNAME is required instead of the Habbo's nickname. Each Habbo should have a username AND a nickname. I'm never quite sure as to why Habbo did not impliment this, as it is one of the most secure ways to prevent access to an account not belonging to a hacker.

Finally, if one was to attempt to access your account and the account is logged on and in-game, a small message would appear (similar to when you first start - the small speech bubbles), where you can report this to an online moderator OR to a database/list later looked at by official staff.

It would work like this...

• X has just logged on at 5:45pm, January 21st 2009
• After spending 20 minutes on the Hotel, someone has noticed X.
• Y attempts to compromise the account, by guessing (perhaps) the details
• X receives a message in-game, with the words "A user has attempted to access your account. Do you wish to report this person? [TICK] [CROSS]"
• X decides to report this person, and with that report is the persons IP, and possibly MAC address - not really sure if I'm honest, but something that could easily identify this user later on to warn them.

It's just an idea, and in some cases may be to the extreme. But, given the amount of lost accounts recently, whatever helps to stop this is worth it.

Yeah! Please submit this to Habbo. I'm sick of coming online and knowing someone else on my list has be compromised and the 'hacker' has gotten away with it. The IP address reporting could be a good idea if they aren't using a proxy or on a wireless network.. but like you said, blocking their MAC address would be good also. Shame Habbo don't really care, but they need to because the amount of rich users being hacked is atrocious.

[Accipiter]

Fail, to gain an account at the moment you do need date of birth, and how many people try to guess passwords nowa days?

You also need email which is like the username to gain requirement to reset data which then again needs D.O.B and you also need alot of other information habbo take into account such as ISP when you created it, Transactions made on the account etc.

[Jonster]

Fail, to gain an account at the moment you do need date of birth, and how many people try to guess passwords nowa days?

You also need email which is like the username to gain requirement to reset data which then again needs D.O.B and you also need alot of other information habbo take into account such as ISP when you created it, Transactions made on the account etc.

Huh? :rolleyes: This isn't about resetting your data, it's about logging in and a way to make it yet more secure. Password guessing, I don't know. But either way, given that a D.O.B. can be selected via drop-down menus, it would stop most keyloggers, meaning that they would have to have some form of screen-catching feature, which I am sure that many do not have.

=omgMatt;5627574]A problem with this is that some people do not know the Date of Birth they signed up with. To go around this, Habbo would have to send everyone their date of birth through email, which really defeats the object of why it's so important.

I would like to see the "username" field implemented, I too have never understood why they have your Habbo name and not a seperate one.

I do like the idea of the "small message", which is another feature which could be added to the Habbo Infofeed.

A simpler solution to all this would just to have Habbos make their passwords a series of letters and numbers...

About people not knowing the D.O.B. they used. That is entirely their fault, and maybe if they hadn't have lied about it in the first place, it wouldn't be an issue.

Whilst it would just be simpler to mix numbers with letters, that really wouldn't achieve much, given that a keylogger would instantly pick this up, with no fail. Whilst it would stop those that guess them, it wouldn't completely stop this. Heck, even what I suggested wouldn't, as there will be some form in doing so.

--

It's just an idea at the end of the day. Some features, mm, maybe not needed. I liked the idea I read in another post, except it was for trading, but could be manipulated for log in use, and that is to have a clickable PIN number.

[Accipiter]

Huh? :rolleyes: This isn't about resetting your data, it's about logging in and a way to make it yet more secure. Password guessing, I don't know. But either way, given that a D.O.B. can be selected via drop-down menus, it would stop most keyloggers, meaning that they would have to have some form of screen-catching feature, which I am sure that many do not have.



About people not knowing the D.O.B. they used. That is entirely their fault, and maybe if they hadn't have lied about it in the first place, it wouldn't be an issue.

Whilst it would just be simpler to mix numbers with letters, that really wouldn't achieve much, given that a keylogger would instantly pick this up, with no fail. Whilst it would stop those that guess them, it wouldn't completely stop this. Heck, even what I suggested wouldn't, as there will be some form in doing so.

--

It's just an idea at the end of the day. Some features, mm, maybe not needed. I liked the idea I read in another post, except it was for trading, but could be manipulated for log in use, and that is to have a clickable PIN number.

People don't hack by guessing passwords, they hack via emails. And emails hold more data than anything with birthdates etc. So that wouldn't stop them.

[Jonster]

Which is true. But if you used your brain to its potential, you would first produce a copy of this email, and possibly forward it to an unknown email account, or print it off, and then delete the email completely - even the acknowledgement email as to who you forwarded it too.

It requires a lot from both sides, and OK adding the extra details will not stop hacking completely, as they will have to be sent via email. Mmm, you have a good point there, but I am sure there are other ways which can be worked around.

For example, maybe upon sign-up, the user has all their information display in bold, where they are informed to print the page off and store it, or a button along the lines of 'Save this page!' - and it saves your information into a notepad/wordpad/word document - this would mean NO email has been sent, and the users details are temporarily safe. Now, if in the event they wish to access this data again, then they must enter a certain code to view it, again set by the Habbo clicking on a displayed number.


It's definitely though, getting far too complicated for a teen site, so I'll just shut up I suppose. I guess some people need to learn to look after their accounts in a more secure way, by daily sifting through emails of which contain important information.