Procrastination Amplification: Punditry on MMOs and games in general.

Coin Lock

Rift has a new account security feature that I’m quite surprised nobody else thought of before: the coin lock. When you log in to your Rift account and something is suspicious (such as you logging in from a location that differs from your normal one) your account will become coin locked. A coin locked account cannot sell or destroy items or trade with other players. In other words – when your account gets hacked, the hackers can’t take your stuff.

To unlock a locked account you simply need to enter a code that is automatically sent to you via email as soon as your account becomes locked. Since you can’t play Rift without an internet connection, this seems like a perfectly hassle-free solution.

Now, coin lock isn’t perfect. For one, the whole feature depends on the quality of the algorithm that detects suspicious behaviour. Login location is a pretty strong indicator of something being wrong and will protect you against the stereotypical low-wage country hacker, but it won’t save you from the hacking kid next door. Additionally, coin lock will do nothing if hackers get access to your email account as well. Many people tend to use the same password for multiple services – if your email password is the same as your Rift one, you are quite out of luck. It could also happen that hackers who got access to your account via a key logger logged your email access data as well, though that seems rather unlikely and a lot of work.

Even assuming the feature is reasonably safe, it still suffers from the same issue that the Blizzard authenticator has – it makes account sharing pretty much impossible. I usually have a couple of close friends with access to my account in such games so that they can use trade skills or get stuff from my bank. With coin lock, this is impossible unless I was willing to give them access to my email as well.

Overall I like the feature, though I’ve personally never been hacked. (Fingers crossed.) Additional account security with a minimum of additional burden on the legitimate players seems like a good thing to me. Now if they could only do something about the spammers…

Update: here’s a take on the whole account theft issue by Rift executive producer Scott Hartsman. The link points over to Stratagerm’s Game Genus blog (which has a link to the original source) because that’s where I found this. Hartsman’s comments definitely shed new light on the whole account security issue.