It recently occured to me an idea for improving the security of our fg on the site.
The idea is to switch out the "gold security password" that supposedly adds an extra level of security to our accounts (after they've been stolen).

The problem is: the easiest way to take an account as we all know is a keylogger, and typing a password to release funds once, is in and of it's self, enough to completely break the system, and render this level of security worthless. Against a keylogger there is currently no way to protect your hard earned fg.

So why not add in an option to all users to have a code that releases fg? The idea, in my mind, would be to have a number pad, maybe like the way the raffle page looks and works. The user who wants to send funds simply would define a certain length number code as his password. There would be no keystokes - just mouse clicks - and the keylogger would be effectively useless.
The system could lock out users after 3 or so failed entries for a period of time, like an hour or a day... What ever you needed. That way automated hackers couldn't rely on the guessing over and over the code. Taking this even further, being locked out could trigger an email to be sent to you or a designated other person (because your email at this point would be forfit), warning a hacker is trying (and failing) to unlock your gold.

I don't know how hard this would be for njaguar to program, or how hard it would be for a hacker to break.
Lmk jsp

This post was edited by Furdtarmer on Jan 30 2012 02:47am

I like this idea. Ofc it could be difficult for older phone users but still.
And ofc there are loggers that logs your mouse movement and clicks. But these are kinda rare.

I give a yes for this. It could be good in use.

Well I was thinking people could elect the security method that works for them, so if a person finds this too hard to use, he can always revert back to the old word password.
Thanks for your imput!

This post was edited by Furdtarmer on Jan 30 2012 02:57am

Base on runescape.

The numbers always change of spot = no thanks keyloggers.

Only a picturelogger could see it.

Yes.

Awesome idea

Yes yes yes yes yes from me!

I'd take this over the current. It is a better way protect my f gee's. (Why?)

yes from me, btw the numbers should be always in random order, this is very good idea

For myself I use an extremely hard gold password (BQEG:" £R"M:"XM£RX:£M""XMFN"E£QD) etc
I dont want to downgrade from that, so if this was optional then im sure some people would use it.

Or you could just copy and paste your gold password?

People have been doing this on Diablo II for years. They simply have their password written down in a notepad and copy/paste it into the field.

Any virus that can see your computer and see your files would find it out though.

This indeed. If they are in same order it doesnt have to be even the same place in screen and mouse logger can see your code.
But if its allways random order, good, or even if there would come on-screen keyboard with randomly fixed order of keys, then you could use your own password but still use this on screen system.