[0.82] Personal Identification Codes
#1
There are a few things worth mentioning here.

EULA:
First of all, I don't know if Nexon is going back on its word with changing "Nexon Cash" to "NX". In the latest patch, they changed references to "NX" back to "Nexon Cash" in the EULA. Sooooo yeah, don't know what's up with that.


Personal Identification Code (PIC):
A few error messages for the new PIC system did appear in the data:

 PIC Error Messages

"You cannot delete a character without a PIC. Please create your PIC."

They changed needing to know birthdays to the PIC. I'm not sure if I like this. If a person has compromised your account, they will have to know your PIC to do it. If they know your PIC, they can also delete your characters. This wasn't quite so with the old system. A hacker could know your PIN but have no idea of the birthday. Making the PIC work for both of these situations decreases the overall security of the account. While this security step decreases the chance of hackers finding out the PIC, if they do manage to find it out, they have everything.

Or maybe I'm wrong. Perhaps you need to know the birthday and the PIC, in which case this security move would make a bit more sense. But what's the point in having to know the PIC and the birthday? If the hacker already knows the PIC to enter, he also knows the PIC for character deletion. So requiring the PIC for both is rather ridiculous, and yet there's the message above stating that one needs to know the PIC to delete a character. So does this mean no birthdays?

But this further goes to show that Nexon does not believe that their database has been compromised. If it had ever been compromised in the past, I can assure you they would take extra precautions to increase the security. And yet it's a bit obvious they are not concerned now. Why should they be? They weren't hacked, right? What do you think?

Taking this a logical step further, let's look at this error message a bit closer - "You cannot delete a character without a PIC. Please create your PIC." Using the ontological argument, Nexon would not create something unless it needed to be created. Therefore, there must be a place in the game which this is used or referenced - further evidenced by the fact that it's coming in this patch. Because of this argument, there must be some set of variables that exist for this error message to occur, which means that you might, in one case or another, be able to get to the character deletion screen without needing a PIC set. Thus, players are allowed to skip PIC creation and stick with the PIN. What's the f'ing point of having a new security system if it isn't being forced on players? If Nexon has already acknowledged that a new security system is needed right this second that they create a patch solely for its own sake and don't force the players to use it, then there's no point of the patch and no reason to have the new security system.
Reply
#2
I wonder how we set our PICs for the first time. What if someone knows the id/pass of someone else's account and they get in before the owner. Can they set the PIC? Or am I totally wrong?
Reply
#3
imjon Wrote:I wonder how we set our PICs for the first time. What if someone knows the id/pass of someone else's account and they get in before the owner. Can they set the PIC? Or am I totally wrong?

Yeah you're pretty much correct
Reply
#4
PIC is a really stupid acronym. That's what I think.

If they really removed the need for birthdays then they're really screwing themselves and us.
Reply
#5
imjon Wrote:I wonder how we set our PICs for the first time. What if someone knows the id/pass of someone else's account and they get in before the owner. Can they set the PIC? Or am I totally wrong?

First you login and enter your PIN. Once you enter your PIN correctly, you will be asked to create a PIC. So a hacker can change the PIC if they already know your account info.
Reply
#6
Bday is more secure, but there are a lot of people with a lot of accounts registered under fake information, anyone who tries to dispute this is in denial. So PIC would make more sense in that manner, since it's easier to remember than a random Bday entered.

Wait, wut? We get our crappy Pin system AND PICs? .__.
Reply
#7
Good lord. Is this really that confusing?

Once you set your PIC, there's no going back to the PIN.
Reply
#8
Pin is removed once you make a Pic

PICs can be 6 to 16 characters long.-Whats the point of letting you make a PIC 6 characters long if it can be cracked in a matter of seconds? Why not make it so you have to use a 16 character PIC?
Reply
#9
Cracked in a manner of seconds? I think not.

The PIC allows you to create a code which contains lowercase letters, uppercase letters, and numbers. That means any one part of the code could contain one of (26 + 26 + 10) 62 characters. That's over 56 billion possible different combinations with just six letters. I'd call that pretty good.
Reply
#10
Chameleonic Wrote:Pin is removed once you make a Pic

PICs can be 6 to 16 characters long.-Whats the point of letting you make a PIC 6 characters long if it can be cracked in a matter of seconds? Why not make it so you have to use a 16 character PIC?

Why limit it to 16? Why not make it 128?
Reply
#11
Are PICs entered via soft keyboard like PINs?
Reply
#12
Chameleonic Wrote:Pin is removed once you make a Pic

PICs can be 6 to 16 characters long.-Whats the point of letting you make a PIC 6 characters long if it can be cracked in a matter of seconds? Why not make it so you have to use a 16 character PIC?

Because 16 character PICs aren't practical for everyone.
Reply
#13
I'm going to take a page from Greg, and have to leave only this comment on the content found in this extraction: I am going to shi't all over this patch. Seriously, not much worth commenting here. Kinda boring.

As for the PIC system, I'm actually worried if Nexon here has actually degenerated a step in security by using PICs versus the old birthday system. It's far easier for a hacker to get this information; and it makes the possibilities of what a hacker can do all the more frightening, especially with the whole hacking issue going on right now.
Reply
#14
Fiel Wrote:Cracked in a manner of seconds? I think not.

The PIC allows you to create a code which contains lowercase letters, uppercase letters, and numbers. That means any one part of the code could contain one of (26 + 26 + 10) 62 characters. That's over 56 billion possible different combinations with just six letters. I'd call that pretty good.

I thought someone said in the "recently hacked" thread that even 8 char PW didnt take that long to crack...


JoeTang Wrote:Why limit it to 16? Why not make it 128?

Why not indeed, the more the better.



imjon Wrote:Because 16 character PICs aren't practical for everyone.

How is making your account safer not practical?!

I cant see why anyone would make a PIC with less than maximum characters...
Reply
#15
Chameleonic Wrote:How is making your account safer not practical?!

I cant see why would anyone would make a PIC with less than maximum characters...

Sheer laziness.
I'm debating whether or not to even set a PIC, if this works like it did in kMS.
Reply
#16
Hazzy Wrote:Bday is more secure, but there are a lot of people with a lot of accounts registered under fake information, anyone who tries to dispute this is in denial.

Why should I lose account security because of other peoples' mistakes? I know my birthday, I don't want the PIC to allow both full access to my account and letting my characters be deleted.
Reply
#17
I'm lost my bday a while ago, and I'm happy in way that I did, since there is no way for a hacker to recover it...
Now...
Reply
#18
Hazzy Wrote:Bday is more secure, but there are a lot of people with a lot of accounts registered under fake information, anyone who tries to dispute this is in denial. So PIC would make more sense in that manner, since it's easier to remember than a random Bday entered.

Wait, wut? We get our crappy Pin system AND PICs? .__.

Yeah, I learned the hard way I stopped using fake info I use pure real info now to make sure I never forget, lol.
Reply
#19
Ive got myself a nice long PIC already planned out for my accounts. Gonna be a good mix of caps and numbers too.
Reply
#20
I am unhappy with how this will go. No birthday anymore to delete characters? What the hell is this crud? Tongue
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)