Back in April, I talked about how to end security issues for a good number of users, and my largest point was the separation of anything that could be compromised along with a computer. Assuming Trion’s figure that 80% of account thefts are via keylogger is correct, the company must assume that a person’s email address is compromised as well, and retrieving a frozen account should not be doable via email. Instead, I suggested offering phone services, like Blizzard and a few other companies do now. In order to protect the account before it is stolen, companies employ a variety of methods. Authenticators, on-screen PIN, computer authentication, etc. Now, my issue with this is that the phone services offered to us without smart phones is lacking, really only applicable once the account is already gone. My idea was similar to Trion’s coin lock, except instead of sending you an email, you register a phone number with your account upon creation and you will receive either a text or a robo-call with the code.
Looking through wikis for Perfect World Entertainment’s games, I found a security feature for Perfect World:
As a prevention system against account hackers, Perfect World has a Phone Lock feature for those who wish to use it. The Phone Lock, when activated, will freeze an account until the player of that account dials in using the registered phone number. Once the number is recognized, the account is temporarily activated for login. The player must login within 10 minutes of activation before the account login is frozen again. The player may continue to play despite the freeze. If the player logs out after the 10 minutes are up, that player must once again dial in to temporarily deactivate the Phone Lock. The phone lock feature is exclusive to the Chinese Malaysian version of the game.
This is a nice idea, but cumbersome in the long run. Personally, I prefer my idea of one-time activation for a computer with per-login activation (for people who use internet cafes) given as a strictly optional option. This does at least show that I’m not the only one thinking about how phones are a better source of account safety than computers and email alone.
MMO Fallout 