Rift launched last month to the fervor of a substantial number of people, opening up more than thirty servers in the days after launch to deal with population. With the mechanics involved, Rift has pulled in players from World of Warcraft and similar MMOs, by presenting a similar game with a new mechanic attached: Dynamic rifts. Of course, the attraction of the large crowd could lead to the two inevitabilities: A whole lot of compromised accounts and a whole lot of real money traders to steal those accounts.
In response to growing complaints of account security, Trion has responded by implementing the Coin Lock program. Coin Lock is similar to the computer identity systems your banks may have begun using recently, where a computer is identified as the “home computer” and any attempt to log in from another computer requires additional information in order to proceed. Without that information, the characters will go into coin lock, during which the following activities will be disabled:
- Accessing the Auction House.
- Sending Mail (can still receive and view mail or remove items).
- Selling to vendors.
- Deleting Characters
- Salvage, Runebreak, or destroy items.
- Trade.
- You can continue to play and gain coin and items, but cannot get rid of them.
Coin Lock is a nice idea, but ineffective. Take Trion’s own statement:
“80% of the hacked accounts we’ve seen are from keyloggers.”
The method to unlock a character from coin lock is via a code sent through email, so if your account is compromised via key logger, and thus your email address compromised with it, this system won’t help. At all. Yet by Trion’s own admission, their new security system is going to help, at most, 20% of compromised accounts.
Trion should be utilizing other features in addition to the white list. Why not a black list? If I know that I will only play Rift from my location, why not be able to blacklist all other areas, no exceptions? How about an authenticator that operates through a smart phone app, ala World of Warcraft? A four digit pin that must be entered with the mouse instead of the keyboard, ala Aika Online and Runescape? There are plenty of options that Trion has, and they don’t even need to manufacture security dongles.
The feature of this white list is about as effective as having two locks on your door for extra security, but allowing the same key to work with both. Then again, this is just frustrating because, by Trion’s own admission, this will not help 80% of compromised accounts. It is a start, so we’ll see how this turns out.
MMO Fallout 