I love BYOND, but it seems some of my friends don't love BYOND enough to create new accounts. Why do they need to create new accounts? Because their old accounts expired, and they CAN NOT get them back. I love ByOND, but I don't love being told something is possible when it is not. Here is why it is not possible.
When an account expires, the user has no way to reactivate it, other than to go into their email. That right there has got to change, if you want BYOND to keep its users. If they knew the password, they should be able to reactivate an expired account. The worst thing of all is that it does not even tell the user what is the email address they used for that BYOND account.
This makes me very unhappy with BYOND, because there are so many ways this could have been avoided. Don't tell me otherwise. I could not convince some of my friends to create new accounts, because they felt like BYoND has failed them. They are correct to feel that way. The ones that did create new accounts are not able to use their characters on the games they used to play, because they are on a different key obviously.
I am requesting that for the benefit of BYOND, and all its users, do something about this. It needs to change. Make it so knowing the password of an account is enough to recover it, or so it at least shows you what email address that account was registered to. The first is the best solution, because the second would require that they still have access to that account. When people register their BYOND key to an email address like a verizon, or comcast address, or AT&T, or whatever NOT free service they use, when they change services they lose that account forever. The way ByOND is set up, they also lose their expoired BYOND account FOREVER. FIX THIS!!!
ID:2255747
 Jun 8 2017, 5:38 am
|
|||||||
| |||||||
I'm sorry if this sounds rude, its not meant to be. I understand it is "unwise" to leave any security risks that you don't have to, but how is it "wise" to make the accounts unrecoverable for the user?
What is being flexible with people on account recovery? The password proved it was really the user's account. If accounts were hacked, its more than likely because people had used passwords like 12345, abcde, qwerty, or something else that is a kinown popular password. Can you consider the point I made though about people with verizon, comcast, att or other pay service accounts who change their service being unable to recover their BYOND account? You probably never hear anything from these people, they don't ask you for help recovering their account, they just move on. I'm also wondering how long does an account have to be inactive before it is disabled? | |
The accounts aren't unrecoverable; they're recoverable via email. The problem comes in when people's email addresses change over time and they don't keep up to date.
| |
They are unrecoverable for a huge number of people though, since they dont have access to their old email accounts, and will never get access to them again.
| |
If you've lost access to an account, that's what the support contact form is for.
| |
I get thats what the support contact form is for, but what I do not get is how it is more secure to have to guess if the person is the rightful owner of the account, when a password proves it is. This way seems like people can claim accounts are theirs that are not. Isn't that a little, or a lot more "insecure" than any possibility that leaving the password the same might somehow cause a security issue?
I'm sorry, I'm not trying to be difficult, its just that I can't get my old friends to play BYOND anymore, because their accounts are deactivated. Not everybody is willing to go through support, even though I suggested it to them. Has there ever actually been a proven incident on ByOND where passwords were hacked? Probably almost every claim of hacking was actually a case of either password charing, or somebody guessing a password like abcde or 12345. I know I would be more upset with BYOND for deactivating my account, and then possibly giving it to somebody who claimed to be me, than I would be if a true hacker actually hacked into it. I feel strongly about this because I really like what BYOND does, its a great idea, and there are great people working on it. I am failing to see how this has helped BYOND, but I am seeing first hand how it has hurt BYOND. | |
Probably almost every claim of hacking was actually a case of either password charing, or somebody guessing a password like abcde or 12345. Mine was stolen from a database dump back in 2005. I used the same password on two sites. Unfortunately, the admins of one site were careless and the MD5 checksum for my password leaked. They then bruteforce matched the MD5 checksum. Can't say whether purging passwords is a good policy or not. All I know is that it's not hard to register a new key if you've lost the contact info for the old one. | |
You are right that it is very easy to register a new key, but not so much so to convince the admins of games to move characters from your old key to the new one. Thats really the thing that makes this such a problem, once people can't use their old chareacters its hard to convince them to come back to BYOND. I'm still trying to convince some old friends to make new keys, but they wont because they will not be able to use the characters from their old keys.
| |
I've been pretty flexible about working with people on account recovery, though.