We have detected that cookies are not enabled on your browser. Please enable cookies to ensure the proper experience.
Page 2 of 4 FirstFirst 1 2 3 4 LastLast
Results 26 to 50 of 81
  1. #26
    Quote Originally Posted by Khafar View Post
    I presume this is sarcasm, because nobody has a choice in the matter. Of course, the same thing was true for TOR when I played that: forum account = game account.
    I assume he is implying the thing I am doing: this account I am posting from is not the one holding my game characters. This one has no characters, is using different login / password combo, and for extra security I will not share either the name of my game account or names of characters on it. (Turbine of course can easily figure it out since they keep IP logs.)

  2. #27
    Join Date
    Feb 2007
    Posts
    12,677
    Quote Originally Posted by Zetsubousensei View Post
    I assume he is implying the thing I am doing: this account I am posting from is not the one holding my game characters.
    Ah, OK. As long as you never post from your game account, that's fine... Turbine's CR team only cares about single-account posting. Not using multiple accounts for different purposes. Most people won't split them, of course... they want to keep their original forum name and posting history, or simply don't want to go through the small hassle of setting up another e-mail account to use on the free account.

    Khafar

  3. #28
    Join Date
    Jun 2011
    Posts
    318
    I'm okay with having to login each visit.
    I'm also okay with not saving my credentials.
    I'm not okay that loggin in takes so much longer than with the old site.
    Now I have to enter the URL, click on english version, click goto lotro.com, click english version again, click login, enter credentials, click submit.
    Why does that have to be so many steps if I am not okay to have the site show me that awesomely bad translated german webpage each and every time? 5 steps before even entering the login credentials?
    Caputo - Burglar | Drugar - Champ | Wislingard - Warden | Xenilinex - Hunter | Tonenas - RK | Rhichard - CAP

  4. #29
    Join Date
    Aug 2007
    Location
    Texas/New York
    Posts
    574
    Quote Originally Posted by Khafar View Post
    Works well enough. It would work even better if I could find one that would automagically start running on any tab it saw that had the LOTRO forums on them.
    I like to open multiple tabs for the forums, as I'll usually see posts that I'd like to read and open each in their own tab, so that I can continue to browse on the first one I opened. So if you find one that will do this, please let us know! If I have other tabs open to the forums, will I get logged out even with having one tab open with RefreshMonkey working on it?
    [CENTER][IMG]http://i1204.photobucket.com/albums/bb412/lcainsa/LOTRO/newcustomsig_zpsa3ba3eae.jpg[/IMG][/CENTER]

  5. #30
    Join Date
    Jun 2011
    Posts
    31
    Quote Originally Posted by Alcaniel View Post
    If I have other tabs open to the forums, will I get logged out even with having one tab open with RefreshMonkey working on it?
    No, you won't get logged out if at least one tab is refreshed in time.

    You see, the server has no idea about the number of tabs you have open, the only things he knows are: AccountName, IP, timeOfLastActivity
    If timeOfLastActivity of said AccountName from said IP is more than 45 minutes ago, you are logged out.

    Whenever you have any kind of contact with the server, by open a new tab, reloading a tab, going to the next page in a thread, etc., the timeOfLastActivity is set to "now". If RefreshMonkey refreshes any tab with the lotro forum in it every 30 minutes, then the timeOfLastActivity the server remembers will never be more than thirty minutes ago and you will not get logged out.

  6. #31
    Join Date
    Aug 2007
    Location
    Texas/New York
    Posts
    574
    Quote Originally Posted by Odlind View Post
    No, you won't get logged out if at least one tab is refreshed in time.

    Thanks, appreciate the info!
    [CENTER][IMG]http://i1204.photobucket.com/albums/bb412/lcainsa/LOTRO/newcustomsig_zpsa3ba3eae.jpg[/IMG][/CENTER]

  7. #32
    Might as well give up trying to change it. We tried to get turbine to change it on the ddo forums for several months when they did this experiment on us first. The forums there have probably half the traffic of pre-downgrade.

  8. #33
    Join Date
    Apr 2009
    Location
    Northern Virginia
    Posts
    797
    Quote Originally Posted by Khafar View Post
    I agree that all of their "extra security" measures (with the exception of running https for the login page) are obnoxious. Not because they exist, but because they're mandatory. I run this game on a PC with multiple layers of virus/malware protection, never used by anyone else, on an encrypted wireless link that's locked down to specific MAC addresses. I have no need whatever for this "extra" security, and it's 100% annoying from my point of view.

    That's why I installed a refresher plug-in and am running the LOTRO forums on a tab I keep up all the time (so I'm never logged out), and why I posted a thread (here) about how to get your browser to remember your login credentials for those few times I actually do get logged out (reboots, etc).

    Khafar
    Are you using Firefox? If so, what is the refresher plugin that you are using?

  9. #34
    Sapience is offline Former Community Manager & Harbinger of Soon
    Join Date
    Aug 2008
    Posts
    9,519
    Quote Originally Posted by Charononus View Post
    Might as well give up trying to change it. We tried to get turbine to change it on the ddo forums for several months when they did this experiment on us first. The forums there have probably half the traffic of pre-downgrade.

    We learned a lot of things from the AC and DDO migrations. Most of the traffic issues there are actually related to data migration troubles that caused forum accounts to enter weird states. With LOTRO we took all of those lessons and iterated and re-wrote the migration scripts repeatedly. In the end I was actually in a room with the data team pouring over rejected data and pulling out information I know was valid. By hand. As a result we've had about 15 tickets from people who lost their accounts. DDO and AC are still working through those issues.

    Yes, the log out after 45 minutes will stay and no you won't be getting a 'keep me logged in' option. Considering how loudly some complained about security issues, it's interesting to see them now complain about security measures being implemented.

  10. #35
    Quote Originally Posted by Sapience View Post
    We learned a lot of things from the AC and DDO migrations. Most of the traffic issues there are actually related to data migration troubles that caused forum accounts to enter weird states. With LOTRO we took all of those lessons and iterated and re-wrote the migration scripts repeatedly. In the end I was actually in a room with the data team pouring over rejected data and pulling out information I know was valid. By hand. As a result we've had about 15 tickets from people who lost their accounts. DDO and AC are still working through those issues.

    Yes, the log out after 45 minutes will stay and no you won't be getting a 'keep me logged in' option. Considering how loudly some complained about security issues, it's interesting to see them now complain about security measures being implemented.
    I think the bigger problem with the "45 mins" is that it's not really 45 mins. At least on the ddo forums it varies from 30 secs to 3 hours. We'll see how it goes here, but over there I have no rhyme or reason to the timeframe of when I get logged out.

  11. #36
    Join Date
    Apr 2008
    Location
    The Highlands of Scotland
    Posts
    5,421
    Quote Originally Posted by Sapience View Post
    We learned a lot of things from the AC and DDO migrations. Most of the traffic issues there are actually related to data migration troubles that caused forum accounts to enter weird states. With LOTRO we took all of those lessons and iterated and re-wrote the migration scripts repeatedly. In the end I was actually in a room with the data team pouring over rejected data and pulling out information I know was valid. By hand. As a result we've had about 15 tickets from people who lost their accounts. DDO and AC are still working through those issues.
    The data migration seems to have gone exceedingly smoothly. As someone who has done similar changes recently, I know how nerve-wracking this can be, and how surprisingly hard it can be to get right. Congrats to all concerned for a smooth changeover.

    Quote Originally Posted by Sapience View Post
    Yes, the log out after 45 minutes will stay and no you won't be getting a 'keep me logged in' option. Considering how loudly some complained about security issues, it's interesting to see them now complain about security measures being implemented.
    There is always a balance between security and convenience. I think that the security issues that people were really concerned about were the lack of a secure login and the use of the same username/password for access to both the forums and the game.

    The first issue has been addressed - thank you. The second has not, and it is that dual use that provides the only real justification for the login solutions that have been implemented. If the credentials had remained separate for the game and the forums, I doubt anyone would really care if someone gained access their forum account. There is, after all, little real damage that could be done by a bad guy, compared to what they can do if they get access to the game servers.

    As an example of what I consider false security is the stupid approach adopted by VerifiedbyVisa. They appear to keep a record of all my password changes, and will never allow you to reuse a password. While this is fine in theory, the fact that I don't use their site very often means that practically every time I get to their verification page I cannot remember my password and have to go through the forgotten process and choose yet another password. Since this process requires only information easily obtained from my card, and some personal details that are probably not too dificult to find, I do not find this a reassuring state of affairs. I am sure they would argue it is very secure, but in practice it depends on a password I can never remember and have to reset every time. Insanity.
    TANSTAAFL

  12. #37
    Join Date
    Sep 2007
    Location
    In a room full of barrow-bree
    Posts
    465
    Quote Originally Posted by Sapience View Post
    We learned a lot of things from the AC and DDO migrations. Most of the traffic issues there are actually related to data migration troubles that caused forum accounts to enter weird states. With LOTRO we took all of those lessons and iterated and re-wrote the migration scripts repeatedly. In the end I was actually in a room with the data team pouring over rejected data and pulling out information I know was valid. By hand. As a result we've had about 15 tickets from people who lost their accounts. DDO and AC are still working through those issues.

    Yes, the log out after 45 minutes will stay and no you won't be getting a 'keep me logged in' option. Considering how loudly some complained about security issues, it's interesting to see them now complain about security measures being implemented.

    Yes, DDO and AC had traffic decline due to the bad migration, though it's unfair to point to solely that as the cause, especially when that has been fixed. It will be interesting to see if LOTRO's forum participation also declines, despite not having the migration issues.

    As for security, there is a point where increased security comes at too high of cost for the user. When the system becomes too much of a hassle to use that the majority of players either don't use it, or finds ways to compromise the security anyway. I bet if you asked players here on the forums, and gave them the choice between staying logged in for month at the cost of a small decrease in protection or staying with the current time-out, the majority would choose the forum.

    I also have a followup question. Just how much additional security does the 45 minute timeout offer? It seems to me that this only increases security if a computer is being used by multiple users.
    [charsig=http://lotrosigs.level3.turbine.com/0b20c000000171132/01008/signature.png]undefined[/charsig]

  13. #38
    Join Date
    Apr 2008
    Posts
    3,203
    Quote Originally Posted by Sapience View Post
    Yes, the log out after 45 minutes will stay and no you won't be getting a 'keep me logged in' option. Considering how loudly some complained about security issues, it's interesting to see them now complain about security measures being implemented.
    That is a strange argument. Are you saying that anyone who has ever complained about security can't/shouldn't complain about any specific measure that in some but not all circumstances increases security but at a significant useability cost? Because the system unquestionably would be vastly more secure if we simply couldn't log in by any means at all. Security and ease of use often are in conflict. Many sites that I actually care about security on leave it up the user whether a login session can persist or credentials/username are remembered. Defaulting the behavior to something secure -- e.g. this is an untrusted computer, auto-logout and don't remember credentials -- is a good choice. However eliminating the option to say that this is a "trusted" computer and can stay logged in seems like overkill to me.

  14. #39
    Join Date
    Apr 2007
    Posts
    864
    ok Fair enough you don't want us to be able to stay logged into the forums. yes it's a pain and makes it annoying to partisapate in the forums(lurkers wont even notice a difference). Fine. how about a couple of options that may lessen the pain then.

    1. Remember my user name. My bank lets me do this if i want and trust me they are far more concerned about security then you are.
    2. allow the web browser to remember my credentials. at least this way it will auto fill the fields for me for any of my 4 accounts. this will also take the legal obligation away from turbine as you are not the ones saving the information.

    I guess Barring all that I will just have to get use to the new way of doing things no matter how much of pain in the rump it is or just stop using the forums.

    To finish off I leave you with my favorite Quote from Ben Franklin. I would say it is fairly applicable here.
    "They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety." - Benjamin Franklin
    [b]Melnordan[/b]-Warden,[b]Melainel[/b]-Hunter,[b]Mellarain[/b]-Loremaster,[b]Zoltrix[/b]-Guardian,[b]Xabbu[/b]-Minstrel,[b]Melraindor[/b]-Runekeeper
    Pie anyone?

  15. #40
    Join Date
    Jun 2007
    Posts
    1,066
    Loving these new forums overall. I am annoyed at myself that I don't know how to permanently choose a posting name (my inactive account name is auto-selected and I have to manually change it to "mr_toad" every time I log), but I'm probably missing a setting somewhere.

    At first, the 45-minute limit annoyed me too. Then I did a little research on the internet. Now I am embarrassed I didn't already know this basic guideline of internet security. Let me quote below from an article written by an employee of Mozilla who is an expert in web browser tech and internet security. Honestly, this should end the discussion. If you've been ignorant about basic security practices like this (and I was ignorant a few weeks ago too, so I'm not knocking you), there is no excuse to be ignorant anymore. Read and educate yourself. There are too many security threats all over the internet for any company, especially a company like Turbine that depends on secure internet technologies to pay the bills, to have anything but the best security they can provide.

    here's the link to the entire article: http://coding.smashingmagazine.com/2...f-the-problem/

    "DON’T STAY LOGGED IN, AND DON’T ENTICE OTHERS TO EITHER

    Staying logged in while not using a system is dangerous. Other websites you surf to can check that you are logged in and then clickjack you to make you do something you don’t mean to or aren’t aware of. This is especially dangerous with social media because everything you do will be sent to all your friends and probably replicated by them. It is a snowball effect.
    In my perfect world, no form has a “Keep me logged in” option, which of course would be a nuisance to end users. I would love to see a clever, usable solution to this problem. I use a Flex client for Twitter, not a browser, which means I am not vulnerable even on websites with clickjacking and cross-site request forgery (the latter only if people do not abuse the API to phish my followers; see the presentations at the end of this article for a demo of that)."
    other favorite middle-earth games: The One Ring RPG by Cubicle 7; LotR: The Card Game by FFG; Hobbit/LotR Strategy Battle Game by GW

  16. #41
    Join Date
    Sep 2010
    Posts
    848
    So far the new forums are great. No one can stay logged onto their online banking account all day either so the auto log off feature doesn't bother me a bit.

  17. #42
    Join Date
    Sep 2007
    Location
    In a room full of barrow-bree
    Posts
    465
    Quote Originally Posted by mr_toad View Post
    Loving these new forums overall. I am annoyed at myself that I don't know how to permanently choose a posting name (my inactive account name is auto-selected and I have to manually change it to "mr_toad" every time I log), but I'm probably missing a setting somewhere.

    At first, the 45-minute limit annoyed me too. Then I did a little research on the internet. Now I am embarrassed I didn't already know this basic guideline of internet security. Let me quote below from an article written by an employee of Mozilla who is an expert in web browser tech and internet security. Honestly, this should end the discussion. If you've been ignorant about basic security practices like this (and I was ignorant a few weeks ago too, so I'm not knocking you), there is no excuse to be ignorant anymore. Read and educate yourself. There are too many security threats all over the internet for any company, especially a company like Turbine that depends on secure internet technologies to pay the bills, to have anything but the best security they can provide.

    here's the link to the entire article: http://coding.smashingmagazine.com/2...f-the-problem/

    "DON’T STAY LOGGED IN, AND DON’T ENTICE OTHERS TO EITHER

    Staying logged in while not using a system is dangerous. Other websites you surf to can check that you are logged in and then clickjack you to make you do something you don’t mean to or aren’t aware of. This is especially dangerous with social media because everything you do will be sent to all your friends and probably replicated by them. It is a snowball effect.
    In my perfect world, no form has a “Keep me logged in” option, which of course would be a nuisance to end users. I would love to see a clever, usable solution to this problem. I use a Flex client for Twitter, not a browser, which means I am not vulnerable even on websites with clickjacking and cross-site request forgery (the latter only if people do not abuse the API to phish my followers; see the presentations at the end of this article for a demo of that)."
    That's nice and all, though there's a lot of paranoia in that kind of stance. It's like putting 5 deadbolts on a door and a security keypad because you're afraid of someone breaking into your house. If someone really wants to hack into your computer, it's unlikely the average user will have the necessary security set up to stop it.

    I'm honestly surprised that despite all this desire for increased security by Turbine that users can still set up the weakest forms of passwords, not requiring any numbers, symbols, or differing case.
    [charsig=http://lotrosigs.level3.turbine.com/0b20c000000171132/01008/signature.png]undefined[/charsig]

  18. #43
    Join Date
    Apr 2008
    Posts
    3,203
    Quote Originally Posted by mr_toad View Post
    Loving these new forums overall. I am annoyed at myself that I don't know how to permanently choose a posting name (my inactive account name is auto-selected and I have to manually change it to "mr_toad" every time I log), but I'm probably missing a setting somewhere.
    Go to My Account->Manage Subscriptions

    Click "Set as Default" next to the one you want to be the default

    Should fix you up...

  19. #44
    Join Date
    Jun 2007
    Posts
    1,066
    Quote Originally Posted by Lenton View Post
    That's nice and all, though there's a lot of paranoia in that kind of stance. It's like putting 5 deadbolts on a door and a security keypad because you're afraid of someone breaking into your house. .....
    No, it's actually supposed to be a very basic, baseline security practice. It'd like simply locking your door with a basic lock. People who are complaining about the 45 minute limit are like people who complain about locking their doors because it's too inconvenient to carry keys around all the time.

    Again, this is not meant to attack anyone here or make anyone feel bad. I was ignorant on this topic a few weeks ago. I humbly suggest that if the 45 limit bothers you, read the article I linked to and do your own independent research. Maybe I'm wrong. If so, please cite and link to a world-reknowned browser security expert like I did to prove Christian Heilmann wrong. (here's the article he wrote again: http://coding.smashingmagazine.com/2...f-the-problem/)

    An opinion of "it's not convenient" -- while a valid opinion you have a right to have -- is not going to change anyones' mind. And the facts of internet security are on the side of a 45 minute timeout with no auto log in, or remembered user name.

    edit: thank you Delgonthewise, that fixed it, what a relief!
    other favorite middle-earth games: The One Ring RPG by Cubicle 7; LotR: The Card Game by FFG; Hobbit/LotR Strategy Battle Game by GW

  20. #45
    Quote Originally Posted by mjk47 View Post
    ... people were really concerned about ... the use of the same username/password for access to both the forums and the game.
    Exactly this.

    Bioware/SWTOR recently changed to using the same username/password combination for both game and forums, but I have much less concern there because of the two-factor authentication offered. I use their physical security key. I also have a physical security key attached to my long dormant WoW account which is why it remains secure to this day (yes, I check on it periodically). I use two-factor authentication on every online account that offers it, gaming or otherwise.

    I continue to highly recommend that Turbine offer two-factor authentication.

    P.S. I do strongly object to BW/SWTOR's usage of the forum display name as the account name though. Thankfully, that's not a mistake Turbine has made. That said, I still feel my SWTOR account is more secure than my LOTRO account.
    "I think we can all agree that more options for everyone is always a positive thing." --Sapience

  21. #46
    Join Date
    Jun 2011
    Location
    Prague, CZ
    Posts
    58
    Well, at least for me the result of this measurement is simple - I do not log in and I am using forum as 'anonymous' user most the time. And I am not probably just the one. As others mentioned, is really obtrusive to login again and again for each forum check. But, no big harm made, except the one - I do not see if there is a new lottery or not and I am pretty sure that due this I will miss more lotteries than before. It would be nice to display lotteries for anonymous users too and not just the message "You must be logged in first". It may improve things a bit.
    ~ [url=http://daleshadows.eu]Dale Shadows[/url] CZ/SK kinship ~

  22. #47
    Quote Originally Posted by mr_toad View Post
    An opinion of "it's not convenient" -- while a valid opinion you have a right to have -- is not going to change anyones' mind. And the facts of internet security are on the side of a 45 minute timeout with no auto log in, or remembered user name.
    I'd be curious to see of comparison of using differing passwords for different consequences vs. timeouts. I don't know how one would actually approach that comparison thou.

    I do find it inconvenient and use the forums less because of it, partially due to other mitigation I feel are required. Early on there were many reported hacks to Turbine accounts. I don't think I ever heard a definitive answer as to the cause or lack of it. That and the seeming fact that gaming companies seem to be common targets for attacks.

    This has led me to use a very strong unique password here that there is no possibility for me to remember. I must cut and paste out of a password vault for every loggin.

    I would feel much more comfortable with separate passwords for the game and the forums, as it would likely allow me to use a forum password with some nuemonic value and I would comment more often, to the good or ill of all of you.

  23. #48
    Join Date
    May 2007
    Location
    Florida
    Posts
    3,192
    Not to worry, Turbine will soon be selling a token in the store that will keep you logged into the forums for 90 Minutes, and they're stackable!

    (kidding)

    In all honesty, unless people's accounts are being hacked left and right, it shouldn't be up to Turbine to make sure that users accounts are secure, other than keeping people from hacking their databases.

    I do like the idea of multi-level authentication, though. Maybe Turbine could team up with Google and utilize their authentication software that can be downloaded to smart phones.

  24. #49
    Join Date
    Jan 2011
    Posts
    448
    Quote Originally Posted by Zetsubousensei View Post
    ... this account I am posting from is not the one holding my game characters. This one has no characters, is using different login / password combo, and for extra security I will not share either the name of my game account or names of characters on it.
    That's actually a pretty good idea. There are already quite a few posts regarding how to convince your browser to remember you and how to use refresher plugins to keep you logged in. Those measures don't sit well with me for use with my game account, but I'd be more amenable to using them with a separate account.

    If Turbine wants to take TSA-style security-theatre steps instead of solid, well-considered measures that actually increase our security, let them. Using a separate second account for the forums is a security step that any player can take without Turbine's permission or blessing.



    Quote Originally Posted by Sapience View Post
    Yes, the log out after 45 minutes will stay and no you won't be getting a 'keep me logged in' option. Considering how loudly some complained about security issues, it's interesting to see them now complain about security measures being implemented.
    Quote Originally Posted by mjk47 View Post
    There is always a balance between security and convenience. I think that the security issues that people were really concerned about were the lack of a secure login and the use of the same username/password for access to both the forums and the game.

    The first issue has been addressed - thank you. The second has not, and it is that dual use that provides the only real justification for the login solutions that have been implemented. If the credentials had remained separate for the game and the forums, I doubt anyone would really care if someone gained access their forum account.
    This. To give a TSA analogy.... enabling SSL on the site was a reinforcing-the-cockpit-door security measure: smart, useful, addressed the problem.

    Continuing to use game logins on the forums but removing persistent sessions? That's 3-oz-or-less-of-liquid, take-off-your-shoes security theatre.
    Join the LotRO Volunteer QA Team!
    Use the [url="http://lotrobugs.turbine.com"][color=red]bug reporting tool[/color][/url] or type /bug in-game!*
    [SIZE=1]*no rants please[/size]

  25. #50
    Quote Originally Posted by Sapience View Post
    Yes, the log out after 45 minutes will stay and no you won't be getting a 'keep me logged in' option. Considering how loudly some complained about security issues, it's interesting to see them now complain about security measures being implemented.
    This is just UNBELIEVABLY arrogant.

    First, you use the game login as the forum login, ALTHOUGH players complained and TOLD YOU the implications.

    THEN you leave the plain-text-login live for MONTHS, with various threads on the matter and NO reaction AT ALL, apart from the usual "lets move this thread where no-one will find it".

    Only to now implement the exact opposite of what people asked for (reliably staying logged on) in the name of SECURITY (which you until now gracefully IGNORED in the worse of all possible ways).

    And then you have THE NERVE to reply like this?

    /facepalm

    SNy
    LotRO on Linux! http://SNy.name/LOTRO/
    Also home to the LI progression diagram.
    Find the new forums unreadable? Try my forum theme.

 

 
Page 2 of 4 FirstFirst 1 2 3 4 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

This form's session has expired. You need to reload the page.

Reload