Page 3 of 3 FirstFirst 123
Results 21 to 22 of 22

  Click here to go to the first staff post in this thread.   Thread: Supercell ID and security....

  1. #21
    Forum Champion Noctaire's Avatar
    Join Date
    Oct 2015
    Location
    USA
    Posts
    5,599
    Quote Originally Posted by Ajax View Post
    Of course it is IFR material, you are making a suggestion for change.

    And the people who matter are more likely to see it here than in General.
    No; I am raising a discussion on the missing identity management in the enterprise feature set of the SCID design and what this means for the security of the feature. A suggestion for change would be just that - actually suggesting a change and discussing the recommended changes. That is not what I was doing in this thread, although I did do so in a different thread. My goal here was to get people talking about what this means from an IDM/security perspective.

    We had a robust discussion going in General (with over 300 views in the first several hours) where most forum participants frequent. Over here, no one will even see the thread unless they happen to change to the sub forum which most do not. If I just wanted to suggest a change or request a feature, I would have put that in IFR or the QoL thread.
    Clan/Task Force: Divergent Void (#P8CGRG0C / #8GG02YRP)
    Noc's Clash Journal
    Gaming with Noc (Videos)
    Chance favors the prepared mind; quit yer whingein' and find a solution.


  2. #22
    Forum Champion Noctaire's Avatar
    Join Date
    Oct 2015
    Location
    USA
    Posts
    5,599
    Quote Originally Posted by Bigdome757 View Post
    Ok. I get what your concerns are about SCID. So, all of those other management systems are quite diverse. They are used by people for tons of different things online from sending and receiving mail to buying a new car to everything in between. SCID is used for a single purpose: to protect and save your game data for SC games. That’s it. My financial information is not in SCID nor is any other personal information. Just my 2 bases. So what I gather from your post is that you are concerned that someone may go through the trouble of illegally obtaining your email address associated with your account , maybe do a little hacking into your personal information, just to specifically steal your CoC account? It’s just hard to swallow. In most countries, actions like these have severe consequences and I just don’t see a bunch of people taking the risk just to steal your base. If someone is illegally accessing your account and actually playing instead of staring at your base, you will know as soon as you log on. How often is this really happening? I’d venture very little if at all. SCID is a tool to help you secure your game and make it easier to switch between villages. You could get all of the extra security features you want by just staying with google or Apple. I guess I’m just not seeing a threat here. Or a future threat. Could you give a realistic example that could feasibly happen to your average Joe?
    No IDM is separate and responsible only unto itself. There are always links elsewhere whether it is an associated account, the same login/password, or a formally linked system. The legal system and associated penalties are really not relevant.

    For the average Joe, there’s the potential loss of account and the years of time and money invested. IMNSHO, that’s enough right there. Now...if you’re an F2P player with limited personal concerns about something as silly as a game...it’s no big deal. That’s not how most players are, though - at least not the ones I’ve met over the years. Except one of my brothers. But he’s an anomaly. He’s a rushed TH10 though and never could design decent base anyway. I probably would not tolerate him if it weren’t for my mother getting upset around the holidays....

    Seriously, though, it’s not about what crisis scenarios we can project before the compromise. It’s about being responsible for security and IDM BEFORE the crisis occurs. SC has deployed a basic IDM without any of the security and self-management features commonly included in such systems as a standard aspect of their design. It’s for an enterprise suite of games - CoC, HayDay, Boom Beach, Clash Royale - which is a seemingly unimportant thing...until it isn’t. I have an immediate concern about what someone might be up to, trying my e-mail address to get access to my game today, but there’s a bigger picture there. And I was an early adopter of the SCID as well, all 30+ of my accounts are on it. I’m not saying the system itself is insecure; I do not have such insight to SC’s systems. I am concerned that it lacks the features I need to engage in the level of IDM I feel appropriate.
    Clan/Task Force: Divergent Void (#P8CGRG0C / #8GG02YRP)
    Noc's Clash Journal
    Gaming with Noc (Videos)
    Chance favors the prepared mind; quit yer whingein' and find a solution.


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •