I’m playing Crossfire for 18 months and I feel sorry for investing money in this game by means of buying VIP weapons that cost me more than 14K pesos. Not to mention that there are lots of cheater in game that can easily outplayed even my best arsenal. But what I’m talking is their poor security.
Uncle Ben is right, “With great power comes great responsibility” and with 7 VIP weapons in Crossfire I have great responsibility to protect my account from hackers. I have a good password, secret question and complete personal details. I also type password with the speed of 90 words per minute.
Intruder is inevitable in poor security…
But sad to say I got hacked more than 6 times and it is mostly happen when I play in other computer shop to compete. As a computer shop owner too, I don’t want to speculate that they are hiding logger behind their keyboard. So instead giving a damn to computer shop, I’m questioning the security of Crossfire and Gameclub.
The main problem here is that Gameclub doesn’t have pincode or two-way verification for changing password. Once your intruder knows your password, he can easily change it to him no question ask. It’s a shame that they use secret question but this question will never be asked if you want to change not only password but details including email address. If only they require this before changing password I wouldn’t be here to waste my time waking up Gameclub on their negligence.
Account retrieval scenario…
Every week I received request from my customers to help them retrieve their account. They know that I can retrieve hacked account based from my experience. This is through contacting email@example.com and provide information such as your Personal details, In-game details, secret question, and ID. After 2 days, Gameclub personnel will give you a temporary password that will let you retrieve your account.
The problem is that most CF players didn’t mind those information while creating account. All they want is to play the game right away and so they just used bogus information. From here there is no really way for them to get back their account.
Prevention is better than cure…
Why we should let that to happen if we can prevent it. It is also time-consuming for Gameclub support to assist such issue. That’s biggest question in my mind can answer by simple pincode verification.
Updates made it worst…
As I checked their portal last week, I found out that they did some changes that only made the issue worst. They put an email authentication that works as backup. In case that you have forgotten your password, just click on forgot password and they will send a temporary password on the authenticated email.
They also included your secret answer in the information page unlike before the only question is revealed. This can also be changed. So I wonder when you lose your account into hacker, and Gameclub support ask for your secret question and answer, how can you prove that this account is yours.
Oh yes, there is ID verification, just pray to God that you named it not to your crush or GF. Anyway the point is, what is the purpose of this secret question and answer. It is so lame.
There is also a secret number, WTF! Seeing it on the first time I thought that it was for pincode. But then it is like they only don’t know to call it properly as captcha.
The worst scenario…
The worst thing that might happen here is when the hacker authenticate his email as part of binding his email to your account. Despite that you already retrieved your account, all he needs to do is to click the forgot password provided his email and then temporary password will be sent to his email.
That is how they improved their security. Even you replaced and authenticated a new email, all email bounded in the account can be used in account recovery. So once you get hacked you are forever hacked (unless they Crossfire will reevaluate their lives and system). Expect that your intruders can use your account from time to time though you can still play it by means of forgot-pass war.
To prove it, you can test it with your account. Authenticate two different emails and you can retrieve temporary password either of the two.
Bring back your players confidence…
Crossfire is fun to play and despite with all inconvenience we experienced from playing, we still don’t want to quit. Regarding with the time, money, friendship and enjoyment we have invested.
But every hole in the game lose our confidence. Instead of fixing glitch issue you are just punishing players. Glitch is part of every program’s failure. What if we triggered it unintentionally. Glitch, cheats and hacks, that are not players problem but devs. Ultimately account security should be the top priority because every player deserves it.
You don’t need to release hundreds of new same-gun to earn money. Just bring back our confidence so we will not doubt of spending money for your game.