Thank you for the information but I am a bit concerned about changing the log-in to my email account. I have had my email account hacked twice in the past, one was my yahoo account which I closed and the other was the hotmail account which I have had to change passwords several times due to account tampering.

Is there another option for log-in id. instead of email? Something maybe like a unique alpha-numeric combination that is assigned to each account that could be generated by Sylestia when an account is setup?

This unique id would of course be sent to the player's email account and then player usernames will still be seen on our pages but this unique individual id will only be known to the account holder and Sylestia. Just a thought.

Good to know. Thanks for the heads up.

Link: https://www.sylestia.com/forums/?thread=95099&page=1#4 Author: Savynn Time Posted: 12/12/2020 at 7:06 PM What would this person have to gain by doing this?

First off , I want to thank Krin for telling us. It is so refreshing to have a site actually admit that there is a problem, rather than try to 'hand wave' it away.


As for the quote, sadly, coming from Neopets and the like, there really isn't any telling, but among my guesses would be:

1. Blackmarket. I honestly don't know how prevalent it is for Sylestia, but I know other sites tend to have huge Black markets due to retired items and things that people are willing pay real money for, usually just for bragging rights.

2. Just for fun. Some people think it is fun to try to get into sites in ways they aren't meant to. Same reason you have people who break rules.

3. Could be testing code for other sites. Seeing how detectable the code is, how efficient etc..

4. Sadly, though this isn't common, I have seen it, just to 'ruin' things. There are people out there that just like to ruin other people's fun, and if they felt that they could do that by getting into accounts, they absolutely would.

Link: https://www.sylestia.com/forums/?thread=95099&page=3#30 Author: Katty Time Posted: 12/12/2020 at 9:35 PM yeah really, i dont have easy log in stuff anywhere of importance xD What i do is i have a password protected word document of all my passwords. that way i only need to recall one pw and can cut and paste all the passwords for the sites i use

I probably shoudl do that. Right now I just use keyboard smashes as passwords, and keep them in FF (of course, I also don't online bank, or anything like that, so the only 'sensitive' password would be my email, and good luck wading through that :P Though I would hate to lose my accounts in various places, or have to go through the trouble of resetting passwords *shudders*)

is there any way to not do security code thing based on IP address? I have dynamic IP and there is no way I can white list the whole pull. may it be based on device please?

Link: https://www.sylestia.com/forums/?thread=95099&page=4#35 Author: Gerry Time Posted: 12/12/2020 at 10:57 PM is there any way to not do security code thing based on IP address? I have dynamic IP and there is no way I can white list the whole pull. may it be based on device please?

It is much harder to track based on a device than an IP Address in regards to the two-way authentication I discussed. I plan on playing around with some stuff and see what I can come up with - but IP Address based is what I am most familiar and comfortable with at this time.

Either way, the two-way auth will be optional. So if it poses an issue, a player can just opt to not use it once it is implemented.

fine then, thank you very much for explanation!

thanks for telling us, hoping this doesn't happen again

I know many places use an authentication code that is sent to an email if the password is incorrect a certain amount of times. Another method is to have identification questions that players set upon registration. I always use past pets' bizarrely long nicknames, which no one else can even remember.

Thanks krin, about two or three weeks ago i had an alert saying my password was compromised i got the alert on my iphone so i sent in a password change stating why but it was never changed so im glad about the coming change