Origin's Terrible Account Security

[Gibs960]

Hey guys, I just wondered if anyone else had experienced terrible account security with Origin.

 

Last night I checked my emails to find that my primary email address had been changed for my Origin account and this morning, after resetting the email address, I logged in to the account to see they'd changed my profile picture, country and security question into a German question.

 

It's always been my understanding that there's only so much that someone can do without having access to your email address, even if they have your password, but Origin appear to let anyone change the password, security questions and anything else they choose to.

 

So, does anyone else have any bad experiences with Origin, or any other online accounts, that are worth sharing?

[Guest]

Yes, my account was hacked before. But through customer chat they resolved the issue. That was before 2FA exists.

[MeatFeastMan]

I have yeah, it's definitely vulnerable when it comes to security. My account was taken over by some polish guy. I contacted EA about the issue, and they managed to get my account back. I keep getting sent security code emails, pretty much every few days, even months after the issue was resolved. EA and Origin need to step it up...

[KuJoe]

Nope, never had any issues with my Origin account. My advice would be that instead of blaming Origin for "terrible account security", I would take 2 minutes of your time right now and practice better account security by enabling 2FA on your account. Origin can only help those who help themselves first, no amount of security on the backend will stop your account from being hacked if you don't enable that security first.

[Akolyte]

Just now, KuJoe said:

Nope, never had any issues with my Origin account. My advice would be that instead of blaming Origin for "terrible account security", I would take 2 minutes of your time right now and practice better account security by enabling 2FA on your account. Origin can only help those who help themselves first, no amount of security on the backend will stop your account from being hacked if you don't enable that security first.

Yup, I agree with @KuJoe, If you used a good password that was 16 characters+, had lower + upper case, and numbers then someone must've hacked Origin's database or hacked another account, or something along those lines.  I don't think that happened.  So I think the most likely, is you were just using a really bad password that is in many password databases.  

 

Please use something unique, with at least 16 characters.  You need to remember, it's more about length.  A 40 character password of just words with a few numbers and a symbol is far better than a randomized 10 character password. It's algorithmic. ¯\_(ツ)_/¯

[Gibs960]

Just now, KuJoe said:

Nope, never had any issues with my Origin account. My advice would be that instead of blaming Origin for "terrible account security", I would take 2 minutes of your time right now and practice better account security by enabling 2FA on your account. Origin can only help those who help themselves first, no amount of security on the backend will stop your account from being hacked if you don't enable that security first.

In my eyes, giving someone the ability to change things put in place to protect the account with basically no verification is poor security, however much you want to blame me.

 

It most certainly was an oversight on my part to not enable 2-step again (which I had to disable and forgot to re-enable the last time someone gained access to my account), but I've now re-enabled it and hopefully I won't hear any more of it.

[Gibs960]

6 minutes ago, Mike_The_B0ss said:

Yup, I agree with @KuJoe, If you used a good password that was 16 characters+, had lower + upper case, and numbers then someone must've hacked Origin's database or hacked another account, or something along those lines.  I don't think that happened.  So I think the most likely, is you were just using a really bad password that is in many password databases.  

 

Please use something unique, with at least 16 characters.  You need to remember, it's more about length.  A 40 character password of just words with a few numbers and a symbol is far better than a randomized 10 character password. It's algorithmic. ¯\_(ツ)_/¯

I don't think they've had the password, I'm sure I've been able to reset my password and security question before without having any verification through their online chat. 

[TetraSky]

Just the simple fact that EA doesn't allow passwords longer than 16 characters is a problem honestly...

[Akolyte]

9 minutes ago, Gibs960 said:

I don't think they've had the password, I'm sure I've been able to reset my password and security question before without having any verification through their online chat. 

I wasn't meaning that, I was just talking about using a good password.  Because most hacks involving passwords without a leaked database are normally from a password database and cracker.  Which can be mitigated by using a good password and changing it every 90-180 days. 

1 minute ago, TetraSky said:

Just the simple fact that EA doesn't allow passwords longer than 16 characters is a problem honestly...

That is a serious problem.  They need to update their security standards.  There was a guy who made a test setup (home system specs) and cracked passwords 20 characters long. Not even normal ones either within a day.   So, quite bad.  

[Bloodshed Romance]

I literally just went through this... my old not used SWTOR account was hit first which let them change the email address for my origin account...