Posted March 28, 2014 (edited) I am sure you are all wondering why this: http://forum.wurmonline.com/index.php?/topic/98385-account-sharing-myth/#entry993911 was posted recently. Apparently the change email command in the wurm client does not work as advertised. The command synopsis is /changeemail <newemail> <password>, but you can execute the command without needing to type in your password. This means that anyone with access to your account, even just with the hash, can change the email that the account is linked to, to their own email. After doing this you can request a new password from the wurm site and hijack the account. So please, secure your accounts. How do we know this? <Accusation of theft removed>Please note that I am not trying to dispute the ruling. I am only informing people that if your account gets hijacked this way, there will be no help or sympathy from the GM team. Edited March 28, 2014 by Seara Please don't make accusations against other players 3 Share this post Link to post Share on other sites
Posted March 28, 2014 *Cue thundering herd of victim blamers* Share this post Link to post Share on other sites
Posted March 28, 2014 Well, that's just bs. Why have the command if it works like that?? Share this post Link to post Share on other sites
Posted March 28, 2014 [16:47:15] /changeemail <newemail> <password> - sets the email of this particular account to the email specified. The password is used if the email is already in use. 1 Share this post Link to post Share on other sites
Posted March 28, 2014 Hi Lau As per that post of Enki's, the information is very clear. 1 - Giving a "hash" is considered to be the same as giving out the password. Hash codes are not, and never were, designed to be a safe way to share accounts. Anyone with a hash can change the e-mail and the password to an account. 2 - There's is *no* safe way to share an account. The game design simply does not currently support any safe sharing method. 3 - Once an account is shared, no GM action will be taken if someone hijacks that account. If a player gives out their hash / password, and another party takes that account over, that is totally the players responsibility. There is no need to post this, and it only incites more arguing. Regards,Retrograde 2 Share this post Link to post Share on other sites
Posted March 28, 2014 Please see the documentation here, and the examples at the bottom. http://www.wurmpedia.com/index.php/Chat_command#Control_commands The password for this command is not for your account, it's for any account that uses the new e-mail ... to ensure it's *your* email you are switching to, and not someone else. While I agree this is not the way one would expect the command to work, this is not new information. Share this post Link to post Share on other sites
Posted March 28, 2014 We can change the email command, but that wouldn't make your account secure. Not sharing your password "hash" is the only way you can secure your account. That password string has never been made to safely share your account, and cannot be made to do so. 1 Share this post Link to post Share on other sites
Posted March 28, 2014 · Hidden by Shrimpiie, March 28, 2014 - Removed - Unncessary Hidden by Shrimpiie, March 28, 2014 - Removed - Unncessary This is a complete lie. Nadroj part owned the account. There was no "exploit" used, and no stealing occured. Gm's please delete this. Share this post Link to post
Posted March 28, 2014 · Hidden by Shrimpiie, March 28, 2014 - Removed - Unncessary Hidden by Shrimpiie, March 28, 2014 - Removed - Unncessary this is wurm shadz, around here logic doesnt exist! Share this post Link to post
Posted March 28, 2014 · Hidden by Shrimpiie, March 28, 2014 - Removed - Unncessary Hidden by Shrimpiie, March 28, 2014 - Removed - Unncessary Milk was a bad idea..... Share this post Link to post