You are trying to log in too fast. Please try again in 1 hour

LOL!
I'm pretty sure there's an easy way to determine a brute force attack with multiple log-ins per second versus someone trying to remember their password.
*HINT - there is, and it's an industry standard...
really? can you tell Arc and Star trek online this new system so when i fail to log in 3 times im not locked out for 24 hours?
 
Upping the number of tries to 5 or 10 before locking someone out might be a good idea. If someone has forgotten their password or is logging in quickly they probably won't go over 5 attempts before getting it or having to reset their password. 3 attempts is too little, but this is a very beneficial thing to have.

Also on a side note it's funny how many people don't know what they are talking about at all on this thread. Please go Google brute forcing and procedures taken against it.
 
I was trying to logon during during an update and since there's no way of telling when the update is done, I would check and login and click play every 5-10 minutes. Once the update was over, it counted my login attempts as a brute force or whatever I guess? And I had to wait an hour to play. I know 100% I was typing my password correctly. Is this suppose to happen?
 
I was trying to logon during during an update and since there's no way of telling when the update is done, I would check and login and click play every 5-10 minutes. Once the update was over, it counted my login attempts as a brute force or whatever I guess? And I had to wait an hour to play. I know 100% I was typing my password correctly. Is this suppose to happen?
Apparently yes, according to the mods. It's for safety after all.
Seems so many accounts have been hacked by brute force that it's become an issue.
 
It hasn't really been an issue per se (we're not aware of any cases of it happening so far), but it is an attack vector that needed to be closed. Any software or platform that doesn't rate-limit account logins is vulnerable to brute force attacks, and it's not really a situation where you wait until it becomes a problem to address it. The issue here seems to be that login attempts during server updates are being recorded as failed logins (even when your password is correct). Just an oversight, it can be fixed and everyone can rest easy spamming the login button during maintenance again.
 
It hasn't really been an issue per se (we're not aware of any cases of it happening so far), but it is an attack vector that needed to be closed. Any software or platform that doesn't rate-limit account logins is vulnerable to brute force attacks, and it's not really a situation where you wait until it becomes a problem to address it. The issue here seems to be that login attempts during server updates are being recorded as failed logins (even when your password is correct). Just an oversight, it can be fixed and everyone can rest easy spamming the login button during maintenance again.
That'd be very much appreciated, especially when you get that timer after the update just completed. Also really appreciate the feedback and input you're giving here.
 
It hasn't really been an issue per se (we're not aware of any cases of it happening so far), but it is an attack vector that needed to be closed. Any software or platform that doesn't rate-limit account logins is vulnerable to brute force attacks, and it's not really a situation where you wait until it becomes a problem to address it. The issue here seems to be that login attempts during server updates are being recorded as failed logins (even when your password is correct). Just an oversight, it can be fixed and everyone can rest easy spamming the login button during maintenance again.
It seems this is new and I can see how this will escalate quickly if not fixed with the next update seeing there is no other way to check if the game is up and running again.
Thank you for the feedback!
 
Upping the number of tries to 5 or 10 before locking someone out might be a good idea. If someone has forgotten their password or is logging in quickly they probably won't go over 5 attempts before getting it or having to reset their password. 3 attempts is too little, but this is a very beneficial thing to have.

Also on a side note it's funny how many people don't know what they are talking about at all on this thread. Please go Google brute forcing and procedures taken against it.

after 10 failed logins in a 1 hour period (for 1 hour).

Way ahead of you, we already do that. ;)
 
Just a reminder for those of you that may think having such tight security measures is ridiculous - POTCO accounts used to get hacked extremely easily. It seemed every day someone else was saying their account was stolen. Disney seemed to have given up on protecting its players, and many of us complained to them about that.

It may be annoying to have a 12 character password or something else like that, but it is far more annoying to have your level 50 pirate with all of its 47 brights and 2 legendary weapons taken from you.

Think of it like having TSA - no one likes taking their belt and shoes off, but that's a far better alternative than having your plane hijacked.

Remember to weigh the pros and cons before judging a security system too harshly.
 
Just a reminder for those of you that may think having such tight security measures is ridiculous - POTCO accounts used to get hacked extremely easily. It seemed every day someone else was saying their account was stolen. Disney seemed to have given up on protecting its players, and many of us complained to them about that.

It may be annoying to have a 12 character password or something else like that, but it is far more annoying to have your level 50 pirate with all of its 47 brights and 2 legendary weapons taken from you.

Think of it like having TSA - no one likes taking their belt and shoes off, but that's a far better alternative than having your plane hijacked.

Remember to weigh the pros and cons before judging a security system too harshly.
That's very understandable and in my opinion a necessity, but the measure shouldn't of been there when the password was right but the servers were updating. I know to take entering my three mile long password (my choice to make it like that) very slowly now, if I'm anxious to play!
 
Here's an additional concept of brute force protection, brought to you by the always relevant XKCD! The words on the bottom are the important parts.

password_strength.png
 
That's very understandable and in my opinion a necessity, but the measure shouldn't of been there when the password was right but the servers were updating. I know to take entering my three mile long password (my choice to make it like that) very slowly now, if I'm anxious to play!
I agree with you. I just wanted to caution players against hating security measures just because they cause a small annoyance.
 
Just a reminder for those of you that may think having such tight security measures is ridiculous - POTCO accounts used to get hacked extremely easily. It seemed every day someone else was saying their account was stolen. Disney seemed to have given up on protecting its players, and many of us complained to them about that.

It may be annoying to have a 12 character password or something else like that, but it is far more annoying to have your level 50 pirate with all of its 47 brights and 2 legendary weapons taken from you.

Think of it like having TSA - no one likes taking their belt and shoes off, but that's a far better alternative than having your plane hijacked.

Remember to weigh the pros and cons before judging a security system too harshly.
That's because someone used a keylogger to get those accounts, obviously it didn't matter if you had a difficult password/username.
 
They have this error to prevent bruteforce and DDoS attacks. Please calm down. You can log in if your IP changes. So unplug your router (if you have dynamic IP enabled) and wait a few minutes and plug it in.
 
That's because someone used a keylogger to get those accounts, obviously it didn't matter if you had a difficult password/username.
not a keylogger. I don't remember POTCO having a security system like this. You could easily bruteforce. I know a few MMOs that havent implemented this either,
 
Back
Top