Just had a thought. Assume you're running a guild, and thus you control a guild bank. Whom are you going to give access to it? Obviously, people you trust. However, there is also the possibility of people you trust being hacked. Admittedly, just like Tobold, I believe that in the vast majority of cases "having been hacked" is simply a euphemism for "having done something very stupid". But it happens. Clever people can do stupid things - when they're half awake, when they're distracted and not paying full attention, or whatever. Windows does its share by still using the "hide known file extensions" default, thereby opening something that cannot be legitimately called a backdoor, but rather a user trap. You see, those very intelligent people whom you really trust as much as you trust yourself may happen to just not be geeks. Those who are not geeks may be legitimately unaware of what file extensions are and how they work in Windows. Long story short, account theft happens.
Surely, it is again a matter of trust. In addition to asking whether you can trust a person to treat guild bank access responsibly, you may have to ask whether you can trust that person to treat their own account securely. Enter the Blizzard Authenticator. While not a "slay all" weapon for security problems, it does reduce the risk of "being hacked" significantly (see Tobold's reasoning on how it's a dual-improvement). So, we can simply demand people to make use of an authenticator, if they want access to the guild bank.
How can we verify if they have an authenticator? Corehound pet. I don't know if Blizzard had this in mind when introducing the pet and the way it works, but if they had, compliments. If someone can summon a cosmetic corehound pet, it means an authenticator is linked to their account that very moment.
What if they unlink it later? We can't make them show their corehound every day, after all. Well, at the very least, that would constitute a conscious move towards compromising their own account security. Which would be stupid. We covered clever people doing stupid things, but is unlikely to be one of those. Why a person would unlink their authenticator is beyond me. So, as long as you can verify that you're dealing with sensible people, and maybe hold regular "Banker's Trust" meetings where everyone shows off their corehounds, that's one step against unexpectedly empty guild banks.
Mind you, this has just as much to do with responsibility and credibility. "Yes, the log shows I've emptied it, but I was hacked. Luckily, I got my account back before they sold off my gear and sent off all my gold, but the guild items are all mysteriously gone. Sowwy guys" - just doesn't fly. Either you did it, or you compromised your account in a grossly negligent way (as opposed to the "oops" way) by putting the corehound to sleep.
Want access to the bank? Show your pet. If you can't, you'll have to resort to asking others to retrieve stuff for you. Until they get sick of it and tell you to GTFO and get an authenticator. See, smoking's not the only thing peer pressure can lead to.
Trump destroys board games
19 hours ago
Sweet idea there, Remster!
ReplyDeleteSeriously it also comes down to people. One of the saddest cases I heard of recently was a guild member somewhere claiming he'd been hacked and his cousin had cleared out the bank vault. He got caught out lying, was g/kicked, and then did it again to another guild before server hopping. The guilds are naturally hopping mad about this, and desperate to stop him doing this again, but have their hands tied somewhat, because so many people are (rightly so) against naming and shaming.
Basically, the authenticator protects us from the hackers. It's a pity it can't protect us from the wankers.
Blizz are actually pretty good with this sort of thing, if an account with full bank access is hacked get your guild leader to raise a ticket and the logs will be checked and stuff returned generally.
ReplyDeleteHappened to our guild three times in the space of two months, because of this access is restricted now for anyone that does not have an authenticator to lesser bank items to one stack/day and all the expensive stuff is in small stacks or in a tab locked that access to requires an authenticator.
it would be crazy to give access to the bank to a new guildie with unlimited access, and if it's a long time guildie ripping you off my first question would be "what the hell happened?"
Scraddog