SAN Infrastructure

[Miss Medicina]

Well, all debates about authenticators aside, I think Tam has a very good point - especially during the summer when a lot of us are in and out throughout the months.

If you are a member of SAN-US, please let me know if you would like to be part of a peon rank. I do ask that you please have an authenticator. I'm really not trying to have a debate about the validity of an authenticator, mind you, but with so many people in a guild, it is one of the easiest ways to hopefully ensure a bit of security.

If you are willing to be involved in peon-ship, please post it here and/or shoot me an email or PM. There have been some complaints about my absence, and I really could use some of the help that I'm sure only a true peon could bring!

<3

[tahliana]

Back over the pond in ol' Blighty, I know that the question has been open a while, but if you need a peon on the EU SAN, I am on most evenings, learning lots from Tanthalas and Mystiik

[zy]

May 29, 2010 5:09:31 GMT -5 kurnak said:

The problem is not the connection to the nick or opening suspicious mail. Several people have been infected with keyloggers by just visiting trusted sites. The hackers manage to place an infected ad that installs the keylogger and sends them back your data. While the "remember login" helps not to write it you'll be still infected and they can gather all kind of info, like credit card numbers and verification data and get your login if you go to the web page to administer your account or try the web AH version.
Adding an extra layer of security like the authenticator never hurts.

Quoted for truth. I've seen a number of guidies get hacked lately who claimed they didn't need an authenticator because they only visited 'safe' sites. If you aren't going to use an authenticator then please at least install no-script and no-add addons on your web browser for your own good.

All hackers really need these days is your log-in anyway. If you don't have an authenticator they can brute-force your password with randomizer programs. A good (10+ non-word that uses numbers, letters and special characters) password will take them longer but they can still get it eventually. Time is on their side sadly.

[meltis]

I have an authenticator and a couple of levels of hardware and software security. However, this is my escape from ... umm, well, not RL but my second job ( = GM of a raiding guild = stressful sometimes)... and Meltis is only usually online for an hour or so late evenings.

Happy to help if you need me though, but only as a backup

[kurnak]

We have some good news regarding the use of authenticators and guild ranks/operations.Pity there's still nothing regarding the bank, but restricting tabs to certain levels and then force these levels to use authenticator will work. And no longer you have to show your core hound puppy to prove you're using the authenticator (since you could disable it). Taken from MMO-Champion today:

Cataclysm actually adds a couple of security features linked to the authenticator, you can now restrict guild ranks to people using Authenticators.

* AUTHENTICATOR_CONFIRM_GUILD_DEMOTE = "%1$s can't be demoted to %2$s because that rank requires an Authenticator. Do you wish to demote %1$s to %3$s?";
* AUTHENTICATOR_CONFIRM_GUILD_PROMOTE = "%1$s can't be promoted to %2$s because that rank requires an Authenticator. Do you wish to promote %1$s to %3$s?";
* AUTHENTICATOR_GUILD_RANK_CHANGE = "This action would make the lowest guild rank require an Authenticator.";
* AUTHENTICATOR_GUILD_RANK_IN_USE = "You can't set this option on a guild rank in use.";
* AUTHENTICATOR_GUILD_RANK_LAST = "You can't set this option on the lowest guild rank.";

[Nefernet]

Yes, I've had a look on Guild Master Panel the other day on PTR, when you give permissions to the various rank you have a line where you can check "this rank requires an authenticator" (or something like that as I have the French client).