passworded wallet?

[Kellzz]

in the never ending effort to combat account hackers, i figure instead of the one wall that the hacker needs to get through, why not put up several?

one idea is to password the wallet. any and all transactions involving money would require the user to input a password to complete the transaction.

Now this would be COMPLETELY optional. if a player deems it too annoying, inconvenient, what have you, they can turn it off.

And yes, key loggers would still pick this up, so, instead of typing in the password, the player clicks on a series of numbers/letters, or pictures. key loggers dont work on mouses.

[Agamemnon]

If I get the jist of what you're saying, it's very similar to the banking system in Runescape where you enter the bank, talk to the npc and then have to type in a pin code to be able to even see your bank inventory. They have randomly generated numbers in random orders that display in a random order like a atm pin pad. This could be doable to direct to account details sections.

One thing to note overall though is that some parts of the billing are out of our hands as developers because it requires and relies on the underlying multiverse authentication system and account verification process, so we'll have to work hand in hand with them to come up with a solution to this as well.....when we're talking real money info...

[Kellzz]

If I get the jist of what you're saying, it's very similar to the banking system in Runescape where you enter the bank, talk to the npc and then have to type in a pin code to be able to even see your bank inventory. They have randomly generated numbers in random orders that display in a random order like a atm pin pad. This could be doable to direct to account details sections.

I have never played runescape but that sounds similar to what i had in mind. The number pad, if im understanding properly, its operated via mouse? not something that involves key strokes?

The whole MV deal does throw a wrench in how RMTs (if implimented) would operate, so i would just focus on in-game transactions.

again, many people would find this annoying so if they wish to turn it off, the option would be there. But those who would like an added layer of security, its there for us. (might be a good idea for those who do turn it off, to make them fill out a few things to avoid the "WTF? i didnt turn it off!" exscuse).

[Neereus]

key loggers dont work on mouses

Mouse clicks aren't immune to key loggers.  At least not to more advanced ones. Mouse clicks can be picked up just as easy as keystrokes, and then the x,y coordinates can be used to roughly see what is clicked. Granted a reference is needed, but even without it can give a general idea of whats been clicked. Or even a more simple approach, a screen shot to be taken when ever the mouse clicks, this would give exactly what's been clicked. So really there's only one way of defeating a spy ware, not to have it.

[Kellzz]

key loggers dont work on mouses

Mouse clicks aren't immune to key loggers.  At least not to more advanced ones. Mouse clicks can be picked up just as easy as keystrokes, and then the x,y coordinates can be used to roughly see what is clicked. Granted a reference is needed, but even without it can give a general idea of whats been clicked. Or even a more simple approach, a screen shot to be taken when ever the mouse clicks, this would give exactly what's been clicked. So really there's only one way of defeating a spy ware, not to have it.

Not to split hairs, but generally when a screenshot is taken in game, there is always a 1-2 second lag as the information is processed. So if im getting lag with each click, thats enough for me throw up red flags.
regarding x,y coords, if the numbers/characters are randomized each time the "key pad" is opened, x,y coords wont work anyway. Also, the amount of clicking that goes on in an MMO, if all you are going on is x,y with no picture to reference to, banging your head against the wall might yield more results.
But yes, i understand your point. And my argument (since debate is how ideas get going) is that utilizing the mouse the enter a password is more difficult to defeat and would require more effort on the part of the black hats.

[Hamilton]

I think a PIN system is do'able and we can make it optional.  It should be considered another layer of protection.  Even as a mouse click only with a keypad with randomized locations of numbers, the information can be found out be a packet sniffer (of course then all information is found...).