Jump to content
Ketog

Tradelocks actually do not protect your account.

Recommended Posts

Hello guys, i've been thinking of making this thread for a while now as every day i see people complaining about tradelocks.

 

So we all know that system that claims to make your account more secure by preventing people to trade your items if they stole your account, but while one of my friend and i had a tradelock i noticed a bit problem about that system.

 

Trade locks actually do not make your account more secure at all, it only makes you think it does, and will only slow down a person with bad intentions.

 

Here's why :

Im sure many of you guys reading here got a trade lock out of nowhere and didn't knew the reason of it, well that's one of the problems, you don't get a reason on why you have been tradelocked , let's keep that in mind alright ?

 

When i was tradelocked , i noticed that while my account was locked on my main machine, i was not on a computer that i previously logged onto earlier , which makes sense as it's already one of my known locations,

but that's where the problem right there :

 

You are tradelocked ONLY if you're playing in from a location that's considered to be a new computer.

 

That means if im on my main computer with my main character, i log off ,and my hacker uses my account to login, he will get a tradelock , he will then logout

 

Here on my side i can login back up on my account and i don't have a tradelock, everything looks normal, and i never knew anyone logged in from a new location

 

Basically the only thing my hacker has to do now , is wait 3 days to steal my items .

 

So that's the first flaw of the trade lock system, you do not get any notification that your account was acessed from anywhere else.

 

Now to the second part ; there are no reasons given on why you have been tradelocked and that is another big problem, so you guys probably got a trade lock at some point and didn't knew why, usually that's caused by any big hardware change or a windows update (and that may vary still...).

 

The problem with that is that it makes people diregard the tradelock, all of them usually just wait 3 days and tell themselves " another one of those false positives by that dumb system " not seeing a reason for your tradelock will basically make people ignore how important that message actually is. and thus they won't change their password completely making the trade lock system useless.

 

 

Still following me yet ?

 

Not sure if you noticed by this point but what i said above contradicts the first problem with tradelocks i mentionned, remember ? tradelocks is only showing on devices that are considered new computers, you actually don't get a warning anywhere else than on the hacker's computer.

 

That means when you see a tradelock on your computer, it is ALWAYS a false positive.

 

So why did i say that then ? :

 

Well all of this is to prove my point :

 

-The current trade lock system is completely pointless and doesn't give any kind of extra security for your account if you understand how the system works :

-The current system is actually more of an annoyance to people only to give them a sense of security.

 

Here's a few solutions widely used by games :

 

-2FA (which is already in APB, it doesn't work really well but at least it does work fine).

-2FA by email (Which is my favorite type of 2FA).

-Email warning on connection from a new device.

 

2FA by email could simply require to enter a code(which is sent to your email) when logging in from a new location. that would prevent anyone from logging in without your email acess.

 

An Email warning on connection from a new device could also be another solution, you could basically login from anywhere, but you would get tradelocked from everywhere as long as you don't confirm that new device from your recived email. (Sligthly riskier as a hacker could still delete your items without stealing them)

 

In the end this shows that APB's current account security is more of an illusion that anything else if you don't use 2FA.

 

On an extra note : i also thought of making tradelock more of an account lock by making you unable to use the delete button anywhere in your inventory, and preventing you to use the chat and spend money. (basically making any kind of account intrusion impossible to affect you negatively).

 

Thanks for reading.

Edited by Ketog
  • Like 2
  • Thanks 1

Share this post


Link to post
Share on other sites

When you get a major windows 10 update your HWID changes and you get trade locked. Also, if you change your APB folder location to another drive, you get trade locked. Those issues should also be mentioned.

Share this post


Link to post
Share on other sites

i didnt even know this tradelock thing exists probably because i dont trade/play that often. 

 

but yea this sounds flawed and can definitely be improved xd

Share this post


Link to post
Share on other sites

2FA was supposed to prevent your account from needing to use the tradelock system, afaik we haven’t had any significant updates on that in a while 

Share this post


Link to post
Share on other sites
11 minutes ago, BXNNXD said:

2FA was supposed to prevent your account from needing to use the tradelock system, afaik we haven’t had any significant updates on that in a while 

A GM told me its a WIP 

Share this post


Link to post
Share on other sites
Guest

Honestly i agree, i wish to have more protection in more ways.

Share this post


Link to post
Share on other sites

2FA by mobile is my favorite, They ain't loggin in unless they pry my phone from my cold lifeless fingers,

 

I've heard trade locks also happen if you reinstall apb completely Without changing the install location.

Share this post


Link to post
Share on other sites

funny enough i got tradelocked this morning after a windows update 563430661722079253.png?v=1

Edited by Ketog

Share this post


Link to post
Share on other sites

I'll escalate the issues brought up here, to see if we can get an update on their progress. Thank you for the insights @Ketog and @swft

  • Thanks 1

Share this post


Link to post
Share on other sites

@Ketog
about tradelock how it works and how to improve ;)

- tradelocks applied (should be applied to whole account not matter the login location or PC)
- whats now is that if u dont have an file named similar to "4126...(some hex)...c0de.2f" which contains accounts you are logged into (ofc. its encoded data - located in Binaries) - additionally i could add that tradelock happend even on same location if u login into the game not using same copy of the game ;) or same hardwareID (windows counts too)
- additionally there is a second code u need to specify on login (from google authenticator) so someone whos hacked ur account login/password will need to have signed phone application to your account to proceed hacking behaviour
- i could say tradelock should be sended to your mail that someone with <IP adress> - Login into your account from <very strict and closest to user location grabed by his client> using <adress mac of internet card> (all that data can be easy grabbed by client and should be because its not sensitive data (line name surname) - and location will be the closest DNS server user is connecting to
- that is done by Google (they displaying Useragent + IP adress of strange connection
 

Share this post


Link to post
Share on other sites

tl;dr 

Send us an email when logged in from a new device/location.

Share this post


Link to post
Share on other sites

Been asking for 2FA by email before LO even took over.

 

I've also been saying that forcing a tradelock for no reason is bullshoot from day one.

 

 

So yeah, remove tradelock and give email 2FA please.

Share this post


Link to post
Share on other sites
On 4/21/2019 at 11:59 PM, Kewlin said:

Been asking for 2FA by email before LO even took over.

 

I've also been saying that forcing a tradelock for no reason is bullshoot from day one.

 

 

So yeah, remove tradelock and give email 2FA please.

This

 

 

People hate 2FA by phone because it's tied to a physical object , which can break or is prone to unexpected things

 

meanwhile an email is only virtual , other than you forgetting your password or email you can't loose it or break it

 

i indeed don't see the point of having a tradelock ingame as it doesn't actually serve any purpose and mostly annoys the player without actually even protecting him .

Share this post


Link to post
Share on other sites

All new accounts receive trade lock after the second entry into the game. This is all you need to know about the operation of this system.

 

This is not for players, but only to put a tick. GamersFirst is not Gamers First.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...