Dear devs, when you try to log in to the game, and enter either the username or the password incorrectly, you get one of two error messages: "Username incorrect" "Password incorrect" This makes it significantly easier for evildoers to brute force username/password combinations. It is highly recommended to change these two error messages into one: "Username/password combination incorrect" This will make it impossible to find out whether it was the username or the password that was incorrect.
Yeah, already said early in the beta that having ingame nicknames be same as account names is an unecessary risk. So +1.
I'm in the middle of reworking this right now - both the response to authentication as well as separating "Screen Name" from "Account Name". Once I get this in place, I'm curious to know how many people would like to change their account name to something other than their screen name. This would be primarily for existing beta testers, as new registrations once I'm done will have the option up-front to pick separate account and screen names. Do we have enough demand for me to make a tool for this, or are enough people okay with the lower security that we can do this on a per-request basis? Also for those who are really interested: game account names and passwords will accept just about any Unicode characters (including whitespace), so you aren't limited to the usual a-z and 0-9 with some random subset of punctuation.
Oh dear, I can see the droves of •ä and other such alt chars coming now Personally, I am disinclined to bother with different login and displayed name. I use the same name in all low-security locations, precisely because they are not a security concern for me. If I get hacked, I'll report it if I care, or just move on otherwise.
After a bunch of discussion on this, we decided on a compromise. The system, as of tonight's build, supports a separate display name from account/login name - but in order to keep the friction down for new players joining the game, the default is still a single name. For those advanced users who want to have a separate login from screen name, send Jon or me a PM with your desired new login and we can change that for you.
