Well one thing you can do to boost Account security is.
1:Email Change Verification(As in order for you to change your email, you have to verify it first on your original email that you are planning to change email)
Because if we do password change it would probably have to do it through email. But if they change your email and then try to do password change through email they would have access to it. Does this make sense?
I get what you are say Mystic. Before you can change your password you would like to see a token system in which a email is sent to the said email address before changes could be made to the password. The only problem with that is, if a hacker could get to the point to where they could attempt to change your password its to late.
If Aeria was serious about security they would implement security in layers. If you post in the forums, Aeria has already given half of your security features to the hackers. As it stands now your password is your only real protection.
Adding stuff like secret visual pictures or mouse click codes would greatly enhance Aeria's security. Even having a different game user id then your forum user id would greatly increase your security.
Thank you for clarifying Mystic point. Your suggestion at the end would make sense as a security authentication practice, but before an authentication tool or control is implemented in a company or organization, there are many things behind scene that should be evaluated for its effectiveness and efficiency and these are:
This includes the total cost of ownership (e.g., procurement, installation, implementation, training, replacement, and maintenance costs).
Awareness and resistance
. Awareness refers to the proper training of staff on the tool's proper use, while resistance refers to the system's ability to withstand malicious attacks, including spyware, keylogging, Trojan, denial-of-service, and virus attacks.
This refers to the authentication method's ease of use; its ability to address the needs of different users and support existing operating systems, platforms, and applications; its roll-out period; centralized administration capabilities; and availability of customer support.
The effectiveness of the authentication process.
This refers to the authentication system's level of confidence. For instance, have user and customer confidence levels increased after the authentication mechanism's implementation?
This is the solution's ability to cater to existing and future users and business needs without changing the hardware's or the network's architecture and its capacity to address e-mail security and physical access to a particular system.
This refers to the algorithm's and technology's strength, the authentication tool's adequacy in protecting confidential information, its ability to address regulatory requirements, and its overall safety.
This refers to senior management's support of the authentication mechanism in use. One way management can show support is by establishing the proper tone at the top and ensuring that employees have the right technical competencies to use the authentication tool effectively.
Best authentication controls that Aeria should adopt is the following (in my opinion as an I work in the IT Security field):
- Challenge response. This activity consists of a question-answer dialog where the user responds to a set of pre-recorded questions, such as the mother's maiden name, or a token device that generates passwords or responses based on a pre-determined algorithm. When using a token device, the authentication system displays a challenge in the form of a code or a password phrase. The user then enters the challenge into the token device, which provides a response containing the code or password phrase the user must reenter into the system for authentication.
- Out-of-band authentication. Under this method, the authentication device accepts the person's credentials and sends a secret password to the user through an out-of-band medium, such as an e-mail, short message service, or phone call. The password is then valid for a one-time use only.
Best thing we all can do for now is use strong password and secure our account by not sharing it with anyone and not accessing it from any place that is not completely in a secured network. Good luck All!