Security?!

  • Hello,


    Lets talk about how seriously security is being taken within S4league as a whole.


    First of, password must be 8-15 letters max, you should NOT limit someone to create a password like 30 character long, sort it out..

    Secondly, passwords can be changed without any email verification,

    Emails can be changed without any verification,

    No mobile security is available,

    No 2FA security is available.


    These factors are essential in a business to secure users and to make them feel safe using your game and services.

    This should be a really serious topic and I don`t really understand why nobody ever said anything about this as it has been like this for years now.


    As I mentioned in another thread its 2018, take privacy and security seriously people.:cursing::cursing:

    infosec-3.jpg

  • Oh god, I couldn't have said it better. Totally agree on everything. And especially in that it does not ask you for a confirmation to change security data. Because if you change security data it's for something, not for fun.

  • Furthermore if its changed you dont get notified that its changed.. my account was stolen 3 times in the past, because even if i wantes i couldnt protect my account, and no it wasnt a keylog, there were just exploits of taking accounts of people :) sad.

  • Interested to see how others here take security and privacy seriously, also thoughts of forcing this matter on s4league? @all

    Those are global settings that should be added to the whole portal and not only s4. It's hard to say how and when it will happen

  • Those are global settings that should be added to the whole portal and not only s4. It's hard to say how and when it will happen

    That's something that we can understand but... CM's or GM's maybe they can talk about this with Aeria and share the suggestion.

  • That's something that we can understand but... CM's or GM's maybe they can talk about this with Aeria and share the suggestion.

    Had been already done before all this security discussion came up. I can only say that it's still being suggested

  • I really don`t know how it works but if a business doesnt keep user information secure or giving options for them to do it so, then they could get in legal trouble.

    Yeah, this reminds me of the case of Megaupload. People uploaded files, and owners could access them, hackers as well. That's why MEGA was born and the encrypted files.


    By this I mean that a company, however small, has to provide a minimum service and safety plays an important role.

  • Do you really expect a company who didn't notify its users about being hacked (back when PlayS4L appeared) to suddenly have proper security measures ?

    They probably don't want to throw the money needed, half of Aeria's tech is outdated (previous forums were on a very old phpBB version, the website is using an old version of Drupal etc ...).

  • We will see, we will force the matter and as I said they could end up facing legal issues and charges by not doing it which could end up them losing more money than actually doing something about it.

  • We will see, we will force the matter and as I said they could end up facing legal issues and charges by not doing it which could end up them losing more money than actually doing something about it.

    I like that option. I never liked the way Aeria does things.

  • Hey everyone,


    We definitely care and these have been discussed over the years. But these are big undertakings and we haven't complete results yet. There are occasionally things happening on background, features being added etc.


    I would personally wish for sooner but as mentioned this is larger than s4, this is about the whole portal and a dozen games with different ways of logging in. I mean, I'm guessing that's a factor, I'm not an expert in the area.

  • Hey everyone,


    We definitely care and these have been discussed over the years. But these are big undertakings and we haven't complete results yet. There are occasionally things happening on background, features being added etc.


    I would personally wish for sooner but as mentioned this is larger than s4, this is about the whole portal and a dozen games with different ways of logging in. I mean, I'm guessing that's a factor, I'm not an expert in the area.

    That is understandable, but it is not something that has to be thought, it must be done for the safety of all.

  • Hey everyone,


    We definitely care and these have been discussed over the years. But these are big undertakings and we haven't complete results yet. There are occasionally things happening on background, features being added etc.


    I would personally wish for sooner but as mentioned this is larger than s4, this is about the whole portal and a dozen games with different ways of logging in. I mean, I'm guessing that's a factor, I'm not an expert in the area.

    Sure they think its unnecessary money would be spent, and they don`t want to implement it

  • Sadly not, accounts cannot be rerolled, this was a topic I am trying to bring up, but they sending robotic answer and saying no no no we can`t help :).... I wish I could talk to somebody about this srsly.

    So if they can't, how did they recover all lost accounts during migration?

  • I dont know... but they arent helpful, I legit wrote a half page explaining what happened, gave all account info all they would need but noo, they cant recover it. It was stolen from me btw using an exploit back in 2015 and every item got deleted even training weapons LOL... and they say no

  • I dont know... but they arent helpful, I legit wrote a half page explaining what happened, gave all account info all they would need but noo, they cant recover it. It was stolen from me btw using an exploit back in 2015 and every item got deleted even training weapons LOL... and they say no

    I know, they are stubborn and don't really help the user.

  • Furthermore if its changed you dont get notified that its changed.. my account was stolen 3 times in the past, because even if i wantes i couldnt protect my account, and no it wasnt a keylog, there were just exploits of taking accounts of people :) sad.

    You can't seriously tell me that your account was stolen 3 times only because you were limited to having a password of max 15 chars. And isn't the result of your actions in any way.

    "As we can see, the CS heavy is over 1000% stronger than the ps strong cut"

    -Cyleen

  • You can't seriously tell me that your account was stolen 3 times only because you were limited to having a password of max 15 chars. And isn't the result of your actions in any way.

    It was indeed as back in the days there were exploits to steal accounts , stop worshiping AG because this is a real problem , ur a joke at this point.

  • It was indeed as back in the days there were exploits to steal accounts , stop worshiping AG because this is a real problem , ur a joke at this point.

    And magicly no one in my circle of acquaintances got their account stolen, huh?

    "As we can see, the CS heavy is over 1000% stronger than the ps strong cut"

    -Cyleen

  • So you're saying 8-15 letters aren't enough to protect your account? As much as having as long of a password as you would like it to be is a good idea, it's not necessary. I recommend you to stop using common passwords generators.

    No email verification is pretty dumb, I agree.

    As for mobile/2FA security, I'm positive it's not as simple to implement it and still have everything working as intended, knowing AG.

    The fact that you got "hacked," or whatever you want to make yourself, believe three times, is solely your fault. You can not blame AG for it happening to you three times, while the vast majority's been just fine with their 8-15 letter passwords.

    And as for you saying more security has to be done, it really doesn't. Just because this community is so toxic and wants to ruin the experience for others by keylogging (or whatever other way there is) others, doesn't mean a company has to get more security. Would be nice if it did though. :S

    i'm the cutest

    <3<3<3<3<3<3

    Discord: mint#4091