Voluntary name wiping

[Ha-Ki]

I wouldn't use it personally, but I see how this feature could be helpful for some people. So sure, why not?

[Leidarendi]

Seems reasonable.

[Cinnamin Draconna]

No objections here either. Might even come in handy someday.

[CNR4806]

Looks like a giant "click me to grief this scroll" button to me.

 

I know players are responsible for their own scroll's security, but making griefing easier when accidents do happen just doesn't sound right to me.

[Obscure_Trash]

~Merged~

[cyradis4]

Looks like a giant "click me to grief this scroll" button to me.

 

I know players are responsible for their own scroll's security, but making griefing easier when accidents do happen just doesn't sound right to me.

I.... think I have to agree with this post. Its too easy to have accidents with this sort of thing, or for malicious acts if someone hacks an account. Better safe than sorry.

 

C4.

[kerrikins]

Looks like a giant "click me to grief this scroll" button to me.

 

I know players are responsible for their own scroll's security, but making griefing easier when accidents do happen just doesn't sound right to me.

Why not just have it password protected, or have it set up so that it sends an email for verification that you want to do it?

 

 

[Obscure_Trash]

Why not just have it password protected, or have it set up so that it sends an email for verification that you want to do it?

^

 

I'm not sure how many people would use this feature or how much time it deserves put into it, but I find it really sad when we try to restrict options that users request to make things easier for them due to "security risks" when there are available safety restrictions to add or that shouldn't be too hard to move in.

 

I don't really care about this topic: enough of my dragons are already unnamed, lol, so I don't really support one way or another, but yeah. =U

[cyradis4]

Why not just have it password protected, or have it set up so that it sends an email for verification that you want to do it?

There's an option where you have to enter your password to do a lot of things on DC. Some people get into auto-pilot and don't bother thinking about it, just go and enter the password. Hence accidents.

 

Now, email verification, that would be a good idea to solve both the accident problem and maliciousness where the password wasn't compromised (didn't log out of computer, that sort of thing). There's not much that can be done if the password itself was compromised.

 

The accidents really is what I'd be most concerned about. I would want it very hard to wipe all names from my scroll by accident.

 

Cheers!

C4.

 

 

[KoalaNoob]

For the accidents, you can just go to account settings and switch it to typing in the action's name. It trades password security, but if the person got into your account, they probably already know you password anyway. Just make sure you log out every time.

[cyradis4]

For the accidents, you can just go to account settings and switch it to typing in the action's name. It trades password security, but if the person got into your account, they probably already know you password anyway. Just make sure you log out every time.

Yep, I do that already. And I still don't want to be able to wipe all of my dragons names by accident because I was half asleep and on auto-pilot. I've accidentally abandoned eggs in the past when in a state where I should have been asleep, even with havingg to type in "abandon".

 

So, the email confirmation I'd be ok with. Otherwise, I see too much risk for too little gain. We've all done stupid things in a moment of inattention.

 

Or, you could require two confirmations separated by time. Ie, you set the names to wipe but they won't until a second confirmation is entered 24 to 48 hours later. No second confirmation in that time frame, and the action deactivates and you have to go through the two steps again.

 

C4.

[KoalaNoob]

The two confirmations would probably work, especially if they required different things. It could probably shut down less dedicated hackers, unless they're able to get back to your account before you do, so maybe not.

[Wahya]

As a BSA, no. There are far more useful BSAs that the majority of DC's users would actually use.

 

As a general feature, I don't personally like it. As long as we'd have a way to disable it on our scrolls entirely (to prevent the griefing others have mentioned), then I might not mind it so much.

 

I don't mind having things implemented that I will never use, but this one doesn't sit well with me. I just have a bad feeling about it.

[cyradis4]

The two confirmations would probably work, especially if they required different things. It could probably shut down less dedicated hackers, unless they're able to get back to your account before you do, so maybe not.

The simple truth is, if a skilled hacker really wants something, there's not much you or I could do about it. If hackers get into NORAD and the CIA, then yea, they can hack a scroll if they really want to.

 

Its the less-skilled ones that we need to worry about. Mostly those I'd think of, as opportune hackers. Forgetting to log out and some other family member getting on the computer, for instance. Something that requires a time interval would take them out of the loop.

 

And of course, accidents. That to me is the biggie.

 

C4.

[KoalaNoob]

But why would a skilled hacker want to go and screw up your scroll? They don't care about somebody playing a dragon game. Unskilled ones would probably be less dedicated, though. Still, the time interval would help a lot. Especially for those who have really annoying siblings.

[cyradis4]

But why would a skilled hacker want to go and screw up your scroll? They don't care about somebody playing a dragon game. Unskilled ones would probably be less dedicated, though. Still, the time interval would help a lot. Especially for those who have really annoying siblings.

Hahaha, exactly. That's what I said, in my very next line, agreeing with you. I seriously doubt that the people perpetuating most of the "hacks" on DC broke the security on TJ's password database. So yes, I agree that most of those are siblings or friends who were given the password or came across the account already logged in. If a hacker is skilled enough to break into TJ's database... They probably do have better things to do. Or are personally motivated and can't be stopped.

 

Cheers!

C4.

[kerrikins]

^

 

I'm not sure how many people would use this feature or how much time it deserves put into it, but I find it really sad when we try to restrict options that users request to make things easier for them due to "security risks" when there are available safety restrictions to add or that shouldn't be too hard to move in.

 

I don't really care about this topic: enough of my dragons are already unnamed, lol, so I don't really support one way or another, but yeah. =U

Yeah, I think it's kind of silly to be honest, I was just suggesting the idea as a way to get around the 'security risks' that people are worrying about. I'm definitely not against this suggestion!

 

Personally, and this is my opinion, I feel like sometimes we shoot ourselves in the foot worrying too much about 'risks' instead of focusing on the benefits.

[cyradis4]

Yeah, I think it's kind of silly to be honest, I was just suggesting the idea as a way to get around the 'security risks' that people are worrying about. I'm definitely not against this suggestion!

 

Personally, and this is my opinion, I feel like sometimes we shoot ourselves in the foot worrying too much about 'risks' instead of focusing on the benefits.

Sometimes, yes. But sometimes, the risks we run aren't worth the reward. This isn't a suggestion that I would ever use, but it is one that could cause me a great deal of unhappyness if it were too easy to do, and I did it by accident in a moment of inattention.

 

So for me, this suggestion has no benefits but has risks with serious, irreversible repercussions. I'm ok with it, if those risks can be mitigated enough.

 

C4.

[KoalaNoob]

Maybe the delete all names action could be out somewhere more obscure to prevent brain frat moments? Like, it's not often that you go to the your account page, so maybe put it there instead of the scroll?

[Cinnamin Draconna]

Put it under Account > Account Settings and require password confirmation. That should eliminate any 'accidents'.

[Starscream]

Why not just have it password protected, or have it set up so that it sends an email for verification that you want to do it?

this idea is fairly sound, alternative is to email send user a text message to their phone, if they wish to remove all names. This may take a while longer than simply enter password and go. But it would give the added security.

 

Another idea to security I can think of is similar to banks.

 

What is the name of the pinky finger on your left hand? type question, where you'd give an answer you'd know.

 

This action is not reversible: Do you wish to continue? Yes no?

 

Enter password.

Answer security question

 

Sends email/text. Confirm email/text

 

Unnames all names.

 

Other thought is, the name are held in the system for a week before being fully released. Any Griefing, as pointed out happens, these names can be restored. by a higher power.

 

Names could be reused by user if they use them before that week ends.

 

Alternatively

 

This action is reversible. You have 48 hours to rescind the decision. Any dragons that had the names removed would have them restored. Overwriting any name changes since. Any Unnamed dragons that were named since, would be unaffected. The user still has access to the names for a week, but if it was done maliciously, they could undo the action without higher power intervention.

[edwardelricfreak]

Please, no matter the security measures, please let them be opt-out (not opt-in, because I'd rather have to turn security I don't want 'off') for those that don't see the need for emails, texts, etc. imo I just want to use my password and not have to go to my email which I rarely use. It bothers me enough when sites say I need to go to my email to re-validate my account because I just happened to be gone long enough, I don't want to have to go to it just wipe a bunch/all of the names.

[DragonLady86]

Is there really a need for this feature? If you are changing the names then you are going to have to go to each dragon individually anyway to put the new name in. I realize most people that wanted it for that reason posted in 2010, before we could rename at all, but reading the whole thread, I didn't see any other reasons for wanting this. The only instance this would be useful is if a person wanted all their dragons to have no names at all. And how many players actually do not want ANY named dragons (that are not already playing that way without naming them in the first place?)

[Fuzzbucket]

this idea is fairly sound, alternative is to email send user a text message to their phone, if they wish to remove all names. This may take a while longer than simply enter password and go. But it would give the added security.

 

Another idea to security I can think of is similar to banks.

 

What is the name of the pinky finger on your left hand? type question, where you'd give an answer you'd know.

 

This action is not reversible: Do you wish to continue? Yes no?

 

Enter password.

Answer security question

 

Sends email/text. Confirm email/text

 

Unnames all names.

 

Other thought is, the name are held in the system for a week before being fully released. Any Griefing, as pointed out happens, these names can be restored. by a higher power.

 

Names could be reused by user if they use them before that week ends.

 

Alternatively

 

This action is reversible. You have 48 hours to rescind the decision. Any dragons that had the names removed would have them restored. Overwriting any name changes since. Any Unnamed dragons that were named since, would be unaffected. The user still has access to the names for a week, but if it was done maliciously, they could undo the action without higher power intervention.

NOT good - in many places there is no mobile signal - my credit card has that as a security facility, and when you do a few things you have to use a code they send to your phone that is only valid for 10 minutes. The last time I did this, I made the guy stay on line till it showed up. It took 25. He was very startled. Once when I was meeting my SO from a train, he texted to tell me his plane had landed early. I didn't get the text for TWO DAYS.

 

And when I am in N America, my UK cell phone doesn't work anyway (and I am NOT buying a 4g specially !)

 

But I am with edwardelricfreak - any "extra" security measures need to be totally optional and opt-in. I have NO interest in using this, so in this case it would never affect me, but I am sick of all the extras people on all sorts of siteds are putting in "for my safety and convenience".

[KoalaNoob]

Is there really a need for this feature? If you are changing the names then you are going to have to go to each dragon individually anyway to put the new name in. I realize most people that wanted it for that reason posted in 2010, before we could rename at all, but reading the whole thread, I didn't see any other reasons for wanting this. The only instance this would be useful is if a person wanted all their dragons to have no names at all. And how many players actually do not want ANY named dragons (that are not already playing that way without naming them in the first place?)

But there are also some people who have some names, so no-names, and just don't like how disorganized it looks. Or there could be people who want to quit and leave the names for everyone else, without them needing to wait a month or whatever the time is.

 

Yeah, the security definitely needs to be optional. It's really annoying to have to go into your email all the time. Also, there are probably some kids on DC who don't have phones.