TNT Implements New Security Feature!

[hrtbrk]

TNT has added a new security feature that requests your birth date, in addition to your password, when your account is trying to be accessed from an unfamiliar location. You can enable this in your Preferences.

 

 

To help keep your account safe, refrain from mentioning your birthday on the boards as well as limit who can see your age on Neopets.

[sirius]

Love the graphic.

 

This post has been edited by a member of staff (Shiny Magnezone) because of a violation of the forum rules.

Keep your posts at seven words or more.

Please check your user inbox to see if you have been contacted regarding this incident, then review our rules.

[Masaryk]

Thanks for the update!

 

It's a pretty good security feature. I sometimes like to access Neopets while travelling, and this will make it easier for TNT to differentiate between me being somewhere other than home and someone trying to access my account.

 

Just an added thought: If you have both your birthday and your Neopets account listed on your profile here (or on other fan forums), you might want to remove one bit of information or the other, for added security.

[Sweetdang]

Yay! That's a good feature... unfortunately, I can only implement it on my main because I forgot the bdays for my sides... :P

 

Still. It's clever.

[barkie]

Thanks for the info I have changed my settings etc to try and stay safer

[Tam]

I think its great that TNT is implementing safeguards for account safety! As a suggestion, do you think maybe the TDN should review the way it shows members birthdays including ages on the forums?

[Sweetdang]

I think their default setting should not be to show your age to all neofriends...

[fulgaraverde]

Excellent idea. I'm implementing it right now. Just a question: would your birthdate then be included on the cookie? Because if it is, wouldn't that mean CG'ers could still get it and get into the account anyway?

[shiranui_xiii]

Excellent idea. I'm implementing it right now. Just a question: would your birthdate then be included on the cookie? Because if it is, wouldn't that mean CG'ers could still get it and get into the account anyway?

 

It depends on how exactly TNT implemented this.

 

The birthday may or may not be included in the cookie, but I have a hunch it may be.

 

This may actually be a very, very smart defense to those affected by a CG'er.

 

Let's say you log on for the first time today, and don't have the birthdate feature enabled on your account. You go to a page and get CG'ed. You log out, log back in (to make the stolen cookie useless), and then enable the feature that requires your birthdate be entered before logging in. Change your password, log out, and log back in to be safe. Remember, the stolen cookie only has your username and password information, not your birthday.

 

Because your account now requires a birthdate to be inputted before logging in, and your new password is hopefully different from your old one, the stolen cookie should be useless. The scammer will have your old password, but not your new one or your birthdate - which is now what's needed to log in to your account.

[Welcome Back Apathy]

It depends on how exactly TNT implemented this.

 

The birthday may or may not be included in the cookie, but I have a hunch it may be.

 

This may actually be a very, very smart defense to those affected by a CG'er.

 

Let's say you log on for the first time today, and don't have the birthdate feature enabled on your account. You go to a page and get CG'ed. You log out, log back in (to make the stolen cookie useless), and then enable the feature that requires your birthdate be entered before logging in. Change your password, log out, and log back in to be safe. Remember, the stolen cookie only has your username and password information, not your birthday.

 

Because your account now requires a birthdate to be inputted before logging in, and your new password is hopefully different from your old one, the stolen cookie should be useless. The scammer will have your old password, but not your new one or your birthdate - which is now what's needed to log in to your account.

 

This seems like great advice. I have one question, though, because it hasn't happened to me--how do you know if you've gotten CGed? Just something suspicious on a page, or is there anything specifically to watch out for?

[Lady Lyuba]

A tip to remembering your birthdays on all accounts: Use your real birthday for all of them. It may not be the smartest or the most secure, but everyone knows their real birthday, so use that for all accounts.

[Sweetdang]

Yep, I constantly forget my "birthday" ;(

And do you only notice you;ve been CGed when your account gets hacked?

[April]

I think this new feature is a great idea. I definitely enabled it!

[shiranui_xiii]

This seems like great advice. I have one question, though, because it hasn't happened to me--how do you know if you've gotten CGed? Just something suspicious on a page, or is there anything specifically to watch out for?

 

TDN has a helpful page about CGers here.

 

The best way, in my opinion, to avoid CGers is to avoid user-made parts of the site. CGers can be found on user lookups, pet lookups, petpages, user shops, and pretty much all user-made content. Trading Post, Neoboards, Neomail and so on are safe. If a user can completely customize the look of a page, then there's a chance for a CGer.

 

If you use Firefox as a web browser, pick up an add-on called NoScript. It can provide an extra layer of protection against CGers. If you install it in Firefox, and go to TDN, set it to allow scripts from TDN. Only allow scripts from websites you trust.

 

It's hard to know if you've gotten CGed, but you can make a pretty good guess. If you think there was a good chance that you got CGed, log out and log back in. Change your password, and add/change your PIN. Enable the Birthday log-in security option. Log out, and log in again. If you do this, the cookie that was stolen will be useless: It will have an incorrect password. Your PIN now protects several areas of the website. And, thanks to the birthday feature, if the scammer still tries to get into your account, he'll need your birthday - which only you will know.

 

Here's a few images of what CGers look like: Pet Lookup, User Shop, and an Unknown Page. I found these images on Sicano's Petpage, a guide dedicated to explaining what CGers are and how to prevent them.

[twilightprincess922]

shiranui_xiii - Good information! I've never been CG'd before either, but it's good to know what it looks like just in case.

Also, I do, along with everyone else, think the birthday idea is great. I access my account from usually one computer, so it's good to know that if anyone tries to break in, they will have a heckuva harder time ;D

[Sweetdang]

Wow, thanks for the help! :)

Noscript does seem to work wonders! ^^ However, I don't use firefox. Is there a Google chrome version? Or should I change browsers completely?

[Ruka]

Now I feel much more safer when I enabled the feature! ^_^ But how do you limit who can see your age on Neopets?

[Sweetdang]

Lol, after realizing I could see all my friend's, I went ahead and found it after digging around...

 

My account>preferences>Displaying your age (right at the bottom). Change it to Hidden to all Neofriends, or all VIPs. :)

[kcbalfour]

I love the graphic and it seems like a good feature :)

[xox__saraa]

Wow, thanks for the help! :)

Noscript does seem to work wonders! ^^ However, I don't use firefox. Is there a Google chrome version? Or should I change browsers completely?

I was wondering this myself and went wandering through the Chrome Webstore. I found an app called "Not Scripts". In the description it says "NotScripts is inspired by the “NoScript” addon for Firefox (http://noscript.net) and seeks to emulate it within the limitations of the Google Chrome extensions API. It is not affiliated with “NoScript“, I just happen to like it’s functionality."

I'm going to try it out and see how it works. There seem to be a few bugs with it, according to the comments, but I think the ones that have been mentioned are just people being nitpicky.

[redfire77]

yay :D an update. this is a good idea :P do they use ip addresses or something?

[Sweetdang]

I was wondering this myself and went wandering through the Chrome Webstore. I found an app called "Not Scripts". In the description it says "NotScripts is inspired by the “NoScript” addon for Firefox (http://noscript.net) and seeks to emulate it within the limitations of the Google Chrome extensions API. It is not affiliated with “NoScript“, I just happen to like it’s functionality."

I'm going to try it out and see how it works. There seem to be a few bugs with it, according to the comments, but I think the ones that have been mentioned are just people being nitpicky.

Thank you so much! I just added it, see how it goes. I use this browser called rockmelt, which has everything chrome has, and more! :D But I couldn't find where the password thing was so I had to find it manually... it was so killer. I couldn't even use the search thing, and there were folders with names like Extensions>oooiuoppdgihbfjlregn and efigvtelrjgfopergvel and oljfnlerjngvlcekfm. I didn't understand anything but I FINALLY got it. Will update if it works out. :)

[loveconservative]

I think that's a pretty good idea. It's much more convenient than making you go into your e-mail and retrieve a code or something along those lines (unless you lied about your birthday :( .)

[Yuika]

I'm just glad they made it optional. Though, knowing TNT, it won't be for long.

 

I have some old accounts from when I was younger where I lied about my birthday to be able to access areas of the sites. I didn't just change the year, noo... that would be too easy. They're so random I have no chance of remembering them. Which is my own fault of course, but I'll be sad if I try to log in to one in a year or something and be locked out forever. xD

[leedom111]

I'm not sure I have my real birthday on any of my accounts... @__@

 

I actually managed to lose one of my old sides that way... the others I forgot the password and have since changed emails.

 

This topic has been edited by a member of staff (Neomysterion) because of a violation of the forum rules.

No bumping any threads that have not received any posts in 21 days or more.

Please check your user inbox to see if you have been contacted regarding this incident, then review our rules.

Per the reason above, this topic has been LOCKED. Please contact Neomysterion if you have any questions regarding this action.