It seems that you're using an outdated browser. Some things may not work as they should (or don't work at all).
We suggest you upgrade newer and better browser like: Chrome, Firefox, Internet Explorer or Opera

×
Community
General discussionIncreasing login security: reCAPTCHA(69 posts)(69 posts)
(69 posts)
Pages:
1
2
3
4
5
This is my favourite topic
Posted July 01, 2015
high rated
Hello, everyone!

To increase your account security (and protect it against the plague of account hacking that we've been noting and you've been reporting), we have introduced a second protective measure: the reCAPTCHA after a number of failed login attempts.

Don't worry, you'll not be having to enter complicated strings of jumbled-up characters (unless you're using a very old or very remote browser) - all you do is check the "I'm not a robot" box. You can see a preview of the captcha at the link above.

We're already seeing that a number of login attempt series have been interrupted thanks to this method, so we hope that it will be one of the measures in which we'll stop hackers from taking over your accounts.

Previous info on protective measures against hacking:
--> automated message notifying you of a change in your account e-mail

------------------------------------

If your account got hacked:

1) When contacting us regarding a hacked account, you must replace the e-mail address with one you have access to - otherwise, our reply will end up at the hacker's e-mail address, which you have no control over or access to.

2) Please do not send multiple requests to support - if you do, your request is pushed to the back of the queue again. If you feel the need to add more details to your support request without getting bumped back, you can do so by replying to the automated support reply you will get with your Ticket ID.

3) As soon as you get access to your account back, please change your password. It may be a simple thing, but please don't forget. It will mean the hacker once more lost access to your account for sure.
Posted July 01, 2015
Does that mean GOG was open to brute force hacking before this point? Surely they couldn't attempt infinite logins?

Still having trouble seeing what the point of hacking GOG accounts is, at least for now. There's little value to it, except to perhaps use them as spam accounts? Seems like a lot of work for just spam accounts though.
Post edited July 01, 2015 by Pheace
Posted July 01, 2015
I kind of hate re-captcha, as most of the time shows some blured, jumbled-up characters. And i have really bad eyes. This seems to be the friendly type. Just hoping i won't have any troubles in accessing my account from now on.
Posted July 01, 2015
low rated
avatar
wolfsrain: I kind of hate re-captcha, as most of the time shows some blured, jumbled-up characters. And i have really bad eyes. This seems to be the friendly type. Just hoping i won't have any troubles in accessing my account from now on.
Yep,I agree.
Posted July 01, 2015
avatar
Ciris: Hello, everyone!

To increase your account security (and protect it against the plague of account hacking that we've been noting and you've been reporting), we have introduced a second protective measure: the reCAPTCHA after a number of failed login attempts.

Don't worry, you'll not be having to enter complicated strings of jumbled-up characters (unless you're using a very old or very remote browser) - all you do is check the "I'm not a robot" box. You can see a preview of the captcha at the link above.

We're already seeing that a number of login attempt series have been interrupted thanks to this method, so we hope that it will be one of the measures in which we'll stop hackers from taking over your accounts.

Previous info on protective measures against hacking:
--> automated message notifying you of a change in your account e-mail

------------------------------------

If your account got hacked:

1) When contacting us regarding a hacked account, you must replace the e-mail address with one you have access to - otherwise, our reply will end up at the hacker's e-mail address, which you have no control over or access to.

2) Please do not send multiple requests to support - if you do, your request is pushed to the back of the queue again. If you feel the need to add more details to your support request without getting bumped back, you can do so by replying to the automated support reply you will get with your Ticket ID.

3) As soon as you get access to your account back, please change your password. It may be a simple thing, but please don't forget. It will mean the hacker once more lost access to your account for sure.
Forgive me but I question the efficiency of Captcha?

What makes you think the hackers are not gonna just figure it out what the CAPTCHA is saying?

But than again I have not seen what CAPTCHA looks like in the perspective of a hacker.
Posted July 01, 2015
avatar
Pheace: Does that mean GOG was open to brute force hacking before this point? Surely they couldn't attempt infinite logins?

Still having trouble seeing what the point of hacking GOG accounts is, at least for now. There's little value to it, except to perhaps use them as spam accounts? Seems like a lot of work for just spam accounts though.
Grey market resales.
- That's what I said when the first threads began popping up and seems to be the case.
avatar
Ciris:
...and what about an email to CONFIRM you want to change your email address or password?! - far as I understand it, currently you only get an email informing you its already happened.
Post edited July 01, 2015 by Sachys
Posted July 01, 2015
So it took seven years to figure out that perhaps infinite retries for login weren't a good thing?
Posted July 01, 2015
avatar
Ciris: snip
Great, good to see GoG are doing something about the hacking problems.

Since your implementing reCaptcha for log ins, will you also do so for creating accounts to stop the waves of spam accounts?
Posted July 01, 2015
avatar
Ciris: snip...
Thanks for finally adressing this issue properly ;)
Posted July 01, 2015
avatar
Elmofongo: Forgive me but I question the efficiency of Captcha?

What makes you think the hackers are not gonna just figure it out what the CAPTCHA is saying?

But than again I have not seen what CAPTCHA looks like in the perspective of a hacker.
I'm not sure, but I presume the assumption is that the actual hacking of accounts is done by a bot of some kind, therefore a Captcha would stop it making log in attempts and prevent them.

It really depends on how it's being done (and who by) as to whether it's efficient or not. But it sounds like GoG can see the number of log in attempts made, so they maybe know that this is how the accounts are being compromised.
Posted July 01, 2015
avatar
Pheace: Does that mean GOG was open to brute force hacking before this point? Surely they couldn't attempt infinite logins?

Still having trouble seeing what the point of hacking GOG accounts is, at least for now. There's little value to it, except to perhaps use them as spam accounts? Seems like a lot of work for just spam accounts though.
avatar
Sachys: Grey market resales.
That's what I sad when the first threads began popping up.
of GOG accounts? Is there really a demand for that? A Steam account I can see some point to, inventory might be worth money, it might have remaining Steam wallet, possible cards from drops, account can be used for scamming/spamming, then a the end maybe some intrinsic value of the games on the account.

I guess a GOG account may offer the opportunity to spam/scam as well but the opportunities compared to a Steam account are vastly more limited (mostly the trading thread on this forum). And if someone were to do it for the games, why not just hit up a torrent? For Steam that's slightly different as a lot of games on Steam have functional multiplayer if on a legit account compared to pirated games, so there's some increased interest there. But for GOG the pirated thing is no different than the GOG version, apart from being able to automatically get future updates.
Post edited July 01, 2015 by Pheace
Posted July 01, 2015
avatar
Elmofongo: Forgive me but I question the efficiency of Captcha?

What makes you think the hackers are not gonna just figure it out what the CAPTCHA is saying?

But than again I have not seen what CAPTCHA looks like in the perspective of a hacker.
avatar
adaliabooks: I'm not sure, but I presume the assumption is that the actual hacking of accounts is done by a bot of some kind, therefore a Captcha would stop it making log in attempts and prevent them.

It really depends on how it's being done (and who by) as to whether it's efficient or not. But it sounds like GoG can see the number of log in attempts made, so they maybe know that this is how the accounts are being compromised.
The last spammer was clearly one person doing it becuase if it was a bot the WHOLE forums would have been flooded with spam.
Posted July 01, 2015
Well that looks like the end of me.

It's time I confirm what many of you have been suspecting for over two years:

I am a bot.
Posted July 01, 2015
avatar
Pheace:
Theres a lot of people out there who consider the grey market to (somehow) be legitimate, and dont see purchasing an account as anything suspect.
Just because you or I wouldn't do it...

Edit: just look at the people making threads because their Witcher 3 key got revoked and they got it from G2A, and people posting G2A deals in the gming deals thread.
Post edited July 01, 2015 by Sachys
Posted July 01, 2015
avatar
tinyE: Well that looks like the end of me.

It's time I confirm what many of you have been suspecting for over two years:

I am a bot.
Sent by the squid aliens no less ;)
Pages:
1
2
3
4
5
This is my favourite topic
Community
General discussionIncreasing login security: reCAPTCHA(69 posts)(69 posts)
(69 posts)