Level of security

[DELETED-KP7sDeFaN51Yh3C]

Hello.

I have tried to change my e-mail address in the Trainz account and it did not even verify the new address that I told it ! It just changed the address to an unknown value and forgot about this !!! If I changed my e-mail address to something like The31337H4x0r@black.net, it would not even refuse to do it, because it does not verify a new address ! What the Heck ?! This level of security is minus 5, I would say.

But this is not all that I wanted to say. You are selling a lot of games, products, services ... for money and at the same time it is possible to log into the system using only a password without a 2FA ! 2FA is a Two-Factor Authentication. It is used to protect sensitive data. In the year 2023 it is used by everyone who is dealing with money and purchases. Today, in the year 2023, dealing with people's purchases and money requires using 2FA as a de-facto standard.

Frankly speaking, I was planning to buy a Trainz game in the future, but after having seen what I have seen it makes me think once more before buying anything, to say the least.

I hope that you start using 2FA as soon as possible because I wish your company successful future.

Thank you.

 

[bekaember]

... I would also check the trainzportal webshop engine as well - after my last purchase my bank blocked my plastic card due to suspicious bank transaction...
It took a whole 1 day running around till my bank made my plastic card enabled again...

 

[pware]

I use the Paypal option when purchasing from the Trainz Store. It has 2FA built in.

 

[JCitron]

... I would also check the trainzportal webshop engine as well - after my last purchase my bank blocked my plastic card due to suspicious bank transaction...
It took a whole 1 day running around till my bank made my plastic card enabled again...

Some banks don't like to deal with foreign banks. With N3V being an Australian company, that may be the problem. I recently ran into the same issue while donating some funds to a Kickstarter campaign setup by my piano teacher who lives in Belgium. I had to respond to an email within 12 hours in order to allow the transaction because that was flagged as a suspicious transaction. Because I hadn't logged into my email and I was running errands, my bank locked my account and I couldn't pay for my prescriptions I needed from the pharmacy located in the same shopping plaza. I walked across the parking lot and spoke with the bank manager. who unlocked my account.

In general, when making web transactions, it's best to use something like PayPal as the intermediary anyway because this a level of security as well as other options not offered by a direct bank connection.

 

[HiBaller]

My very first purchase (long ago) from (then) Auran, caused my credit union to ping me on the purchase. I verified I'd be spending some money occasionally at this location so they pre-authorized me just for that one store in Australia. Haven't had a problem since. Boy, was I right!!

Bill

 

[bekaember]

Hi,

Most of the banks in the EU use 2FA, especially at online transactions.
As N3V is not able to handle it - currently - this, it is issue...

Paypal, and etc - you're right - from your point of view but... - why should I keep my banking data at a 3rd party?

K

 

[boleyd]

PayPal is not bullet proof. many months ago they had a policy that allowed Sellers to use their email system for contacting the customers. Nice gesture, and insured the buyer it was a good message. BUT, A PayPal customer in South East Asia decided to "become "Paypal" and used the legitimate email heading (from address) to scam people. PayPal demonstrated a very dumb policy. Thus total trust in them is not warranted. Check your PayPal account frequently.

 

[boleyd]

PayPal is not bullet proof. many months ago they had a policy that allowed Sellers to use their email system for contacting the customers. Nice gesture, and insured the buyer it was a good message. BUT, A PayPal customer in South East Asia decided to "become "Paypal" and used the legitimate email heading (from address) to scam people. PayPal demonstrated a very dumb policy. Thus total trust in them is not warranted. Check your PayPal account frequently.

 

[JCitron]

PayPal is not bullet proof. many months ago they had a policy that allowed Sellers to use their email system for contacting the customers. Nice gesture, and insured the buyer it was a good message. BUT, A PayPal customer in South East Asia decided to "become "Paypal" and used the legitimate email heading (from address) to scam people. PayPal demonstrated a very dumb policy. Thus total trust in them is not warranted. Check your PayPal account frequently.

It's easy to spoof emails even if PayPal had instituted that policy, someone could do that. I receive emails, meaning junk, that have an address that reads it's from McAfee or some other company. The email address shown in the from field says McAfee, and when hovering over the name, it shows, imascanner@thisweird-address.nk

The problem is people see something like that and are quick to click on it wreaking havoc to their personal information due to most people using the same password for every account they log into including their banks.

 

[wreeder]

And that password would be Password$1

 

[JCitron]

And that password would be Password$1

What, no! You guessed my password!

I've seen 12345678 among others in the past. The good news is the algorithms used on many sites and in the operating systems pick up on the simple ones and block them. For us technically savvy folks, using random letter-number-generators, passphrases, and 2-part authentication is an easy thing. The problem is the rest of the folks who have no clue and get annoyed having to use a password in the first place. I deal with this daily at home now with my elderly father every time he logs into a website that requires 2PA or a complex password.

 

[Forester1]

I usually think up a short phrase for the site I am on. If it is 12+ characters and maybe uses leet speak I figure it should be pretty good. But with quantum computing coming it will be Katie bar the door. Hey, I could use leet speak and make that a password!

 

[wreeder]

What, no! You guessed my password!

I've seen 12345678 among others in the past. The good news is the algorithms used on many sites and in the operating systems pick up on the simple ones and block them. For us technically savvy folks, using random letter-number-generators, passphrases, and 2-part authentication is an easy thing. The problem is the rest of the folks who have no clue and get annoyed having to use a password in the first place. I deal with this daily at home now with my elderly father every time he logs into a website that requires 2PA or a complex password.

Yeah, if you make them use a strong password they just write it on a sticky note and attach it to their monitor.

The most common passwords in 2023 are:

• 123456
• 123456789
• qwerty
• password
• 1234567
• 12345678
• 12345
• iloveyou

 

[JCitron]

I had users put stickies inside their laptops with the VPN login and user login information on it. When I saw that, I admonished the users!

The monitors too are a great place to stick passwords - not!

 

[martinvk]

Kind of also depends on where your monitor is located. If it's in a public place then no, pasting sticky notes with passwords on them is a bad idea. But if it is in a private place that only you or trusted people can access then if a bad person can read your note, you have bigger problems. And if you have a messy desk, you could have the password in plain sight and nobody would notice it.

 

[pcas1986]

Talking about how you create your passwords in the new and wonderful world of AI doesn't sound like a good idea to me. Saying them out loud while Alexa or Siri is listening is probably not much better.

 

[martinvk]

And they used to worry about Big Brother listening. We have invited Big Brother and Sister into our lives and actually want them to listen.