Pages: [1] 2 3 :: one page |
|
Author |
Thread Statistics | Show CCP posts - 1 post(s) |
|
CCP Fallout
|
Posted - 2010.03.09 22:49:00 -
[1]
The first in our monthly series of blogs written by Customer Support, GM Grimmi's blog, "Account Security," discusses just that.
Fallout Associate Community Manager CCP Hf, EVE Online Contact us |
|
|
Chribba
Otherworld Enterprises Otherworld Empire
|
Posted - 2010.03.09 22:57:00 -
[2]
Edited by: Chribba on 09/03/2010 23:04:19 l o v e .
edit/I also hope there is some account features being planned/added whatever it may be to assist us on increase security for our accounts.
Great work, keep it up!!
/c
Secure 3rd party service |
|
Ancy Denaries
SpaceMonkey's Alliance
|
Posted - 2010.03.09 23:00:00 -
[3]
Originally by: Chribba l o v e .
/c
How the hell is it that you're always first?
Also, nice blog. ---- The Demigodess with a Conscience - An EVE IC Blog
Originally by: CCP Dropbear rofl
edit: ah crap, dev account. Oh well, official rofl at you sir.
|
randomname4me
|
Posted - 2010.03.09 23:09:00 -
[4]
Originally by: Ancy Denaries
Originally by: Chribba l o v e .
/c
How the hell is it that you're always first?
Also, nice blog.
Dev hax
Originally by: CCP Navigator Thread has degenerated into nothing but spam.
Locked.
Petition|Successful|Reimbursement|Lag Pick 3 |
SirHarryPierce
|
Posted - 2010.03.09 23:27:00 -
[5]
Good post, hope people will follow it.
|
Mashie Saldana
Red Federation
|
Posted - 2010.03.09 23:28:00 -
[6]
So are RSA keyfobs planned as one of the options going forward?
After all it's only soo much you can do saving stupid users from themselves.
|
TeaDaze
|
Posted - 2010.03.09 23:30:00 -
[7]
Originally by: Chribba Edited by: Chribba on 09/03/2010 23:04:19 l o v e .
edit/I also hope there is some account features being planned/added whatever it may be to assist us on increase security for our accounts.
Great work, keep it up!!
/c
CSM Pitched upgrades as per this Wiki article.
I'm also glad they have taken the decision to warn people about other game passwords being used against eve, good job all
|
Kylee Serenity
Dulce Bellum Inexpertis High Treason Alliance
|
Posted - 2010.03.09 23:40:00 -
[8]
Awhile ago blizzard offered a simple USB key that is tied to your user account and must be plugged in to the machine in question in order to log in. I'm not sure how well they worked, but if they did, I would certainly buy one for my account(s).
|
Hrin
Merch Industrial SOLODRAKBANSOLODRAKBANSO
|
Posted - 2010.03.09 23:49:00 -
[9]
Edited by: Hrin on 09/03/2010 23:48:52 It would be nice if the entire industry moved to support the USB authenticator. These things are cheap and effective.
|
Niccolado Starwalker
Gallente Shadow Templars
|
Posted - 2010.03.10 00:34:00 -
[10]
Originally by: CCP Fallout The first in our monthly series of blogs written by Customer Support, GM Grimmi's blog, "Account Security," discusses just that.
many have asked for - including me - a login token to access your account. Just like many banks have, and now World of Warcraft.
From a personal perspective I think this would be a good idea. Why? Well, first people tends to stick with EVE longer than most online games. I am now going on my fift year of subscription, and dont plan to leave anytime soon! I simply love my character! And the Game! But although I take all precautions possible (not buying isk, not visiting doubtful sites etc.) its always possible that you will get infected by other means. Thats the reality of the interweb today!
So please CCP! Give those of us who wants to buy a login token this option! Make it voluntarily. But make it possible! I love my character as I said, and I want to give it the best protection possible.
Also I would love to hear CCPs thoughts about this kind of tokens. I have to admit I dont know much about it, except that it should increase the security massively. And that must be a good thing yes?
Originally by: Dianabolic Your tears are absolutely divine, like a fine fine wine, rolling down your cheeks until they flow down the river of LOL. |
|
Typhado3
Minmatar
|
Posted - 2010.03.10 00:38:00 -
[11]
would be nice if we coudl actually go after the people benifiting from all these hacks....
but that's a whole other can of worms
Anyways hopefully enough people read this and learn something. ------------------------------ God is an afk cloaker |
Cough Drops
Gallente Video Sed Non Credo
|
Posted - 2010.03.10 00:45:00 -
[12]
I think it would be great to see RSA tokens introduced as an optional account security enhancement. It makes brute force attacks and stolen passwords effectively useless. A lot of banks use them for their internet banking service but as previously mentioned, it has been used in the gaming industry as well, most notably by blizzard. I think the huge attraction RMT organizations get with MMOs make such a security feature worth implementing despite the logistical and financial difficulties in doing so.
I spoke to John Cook who is the lead developer for valve software's digital distribution service (Steam) around 6 months ago about account security and implementing RSA keys. He told me it was a great idea that they were definately thinking about implementing, but unfortunately wouldnt happen within the foreseeable future.
|
Agent Stone
Volition Cult The Volition Cult
|
Posted - 2010.03.10 00:58:00 -
[13]
Always good to remind people about security.
Something I would love to see from CCP is something like the Blizzard Authenticator, or my Online Banking Token Reader but for CCP/Eve would be good perhaps? So people can order it off the Eve Online Store and when they login, generate a quick optional pin or something.
Perhaps even options to configure your token to be required for login for the Game Client and Eve Website / Account Management or just Eve Website / Account Management depending on how paranoid the user is feeling. As people often have more than one account... A token that can be registered with multiple accounts would be ideal.
You could even do a deal, so any accounts with 1+ year of subscriptions get a special deal on it, to better enforce or promote adoption, so less of the older accounts with tons of Isk to steal are vulnerable.
But its something I think players could really appreciate, and I really think CCP should have done this a couple of years ago to be honest. SoonÖ does not really cut it when it comes to security.
Its definitely something I would invest in, as losing access to my accounts would be a nightmare.
Ah well... Useful post anyway, and fingers crossed I never have to go through the pain some of my friends have with having their account hacked as its far from pleasant.
|
Tagami Wasp
Caldari Sarz'na Khumatari Ushra'Khan
|
Posted - 2010.03.10 01:06:00 -
[14]
Login token is good security. Implement it ffs!! ------------
+15% to railguns' dmg modifier -reduce Spike optimal bonus to 70% +10% to Caldari railboats PG |
Kile Kitmoore
|
Posted - 2010.03.10 01:18:00 -
[15]
It might be helpful for the user to view a login log (including attempts) for their account. It could help someone at least identify someone is trying to at least gain access. Just a small helpful tool to avoid some attacks.
|
Herschel Yamamoto
Agent-Orange Nabaal Syndicate
|
Posted - 2010.03.10 01:45:00 -
[16]
Not that I disagree with the sentiment - on the contrary, quite a nice blog to see - but does anyone else think that 16+ characters is insanely long for a password? I've never used one longer than 9. Better a password like "2dfg23" than "eveonline123456789", no?
|
HeliosGal
Caldari
|
Posted - 2010.03.10 01:52:00 -
[17]
very good advice all round Signature - CCP what this game needs is more variance in PVE aspects and a little bit less PVP focus, more content more varied level 1-4 missions more than just 10 per faction high sec low sec and 00 |
Jason Edwards
Internet Tough Guy Spreadsheets Online
|
Posted - 2010.03.10 01:57:00 -
[18]
Edited by: Jason Edwards on 10/03/2010 01:59:47 My 32 digit password is good? It's
P@ssw0rdP@ssw0rdMSpress#1MSpress#1
If anyone else wants to use it. ------------------------ To make a megathron from scratch, you must first invent the eve universe. ------------------------ Life sucks and then you get podded. |
Nova Lux
Gallente TalCorp Enterprises Einherjar Alliance
|
Posted - 2010.03.10 02:30:00 -
[19]
Yeah 16 characters is a little long for practicality sakes.
It'd be really nice upon login to see any unsuccessful attempts so we know something's up.
Otherwise a good blog, however I doubt those that really need to see it, won't...
Maybe on new accounts there could be a link on the login screen regarding account security. Get them when they're young and all.
|
GreviousHarmsworth
|
Posted - 2010.03.10 03:08:00 -
[20]
Originally by: Herschel Yamamoto Not that I disagree with the sentiment - on the contrary, quite a nice blog to see - but does anyone else think that 16+ characters is insanely long for a password? I've never used one longer than 9. Better a password like "2dfg23" than "eveonline123456789", no?
16 characters is not difficult at all. Usually what I do is think of a short, unusual phrase then 1337 it. I end up with an easy to remember but strong password.
|
|
SXYGeeK
Gallente do you Mostly Harmless
|
Posted - 2010.03.10 03:32:00 -
[21]
Originally by: TeaDaze
CSM Pitched upgrades as per this Wiki article.
This!
It's great to inform players about how they can be more secure, but this need to be met on the other side by CCP making the game more secure. Seperate Account management/ game / community logins. IP based access logging and security. Security tokens.
Like you said, this problem is not unique to eve, but common to major MMOs, follow the example of others in the industry that and offer ways to increase the security of accounts. Especialy in EVE where our assets in game are so volitile and require so much investment.
-We So SeXy |
T'Amber
www.shipsofeve.com
|
Posted - 2010.03.10 04:40:00 -
[22]
Originally by: Ancy Denaries
Originally by: Chribba l o v e .
/c
How the hell is it that you're always first?
Also, nice blog.
SuperCowPowers.
Also, thanks to Chribba for some of the ideas that were pushed for security features in teh CSM discussions before it was taken to Iceland.
-T'amber
|
Taedrin
Gallente The Green Cross DEFI4NT
|
Posted - 2010.03.10 05:29:00 -
[23]
Originally by: Ancy Denaries
Originally by: Chribba l o v e .
/c
How the hell is it that you're always first?
Also, nice blog.
It has been hypothesized that he has some system set up on eve-search which notifies him when certain threads are made. It seems that if he uses such a system, that it notifies him whenever there are new dev blogs, and whenever someone posts a thread containing any of the words "Chribba", "Veldspar", "Veldnaught". ----------
Originally by: Dr Fighter "how do you know when youve had a repro accident"
Theres modules missing and morphite in your mineral pile.
|
Jowen Datloran
Caldari Science and Trade Institute
|
Posted - 2010.03.10 06:09:00 -
[24]
This blog inspired me to change my password. ---------------- Mr. Science & Trade Institute
|
Aineko Macx
|
Posted - 2010.03.10 07:44:00 -
[25]
Edited by: Aineko Macx on 10/03/2010 07:44:14
Quote: we are currently working hard on account security upgrades to get this problem under control. There are several items on the menu and the we hope to implement the first countermeasures in the next few weeks.
About f-ing time.
I would pay for an USB Token.
If CCP doesn't want to do that, the least I'd like is to be able to restrict logins to definable IP ranges or domains (ISPs) + out of band communication to change these and accounts settings (like confirmation codes sent via SMS to cell phones).
|
Jimmae
|
Posted - 2010.03.10 07:44:00 -
[26]
16 character strong passwords, eh?
The login servers must lack any type of bruteforce attack detection/countermeasures if this is a serious suggestion.
Delay login attempts after each failed login.
Block login attempts completely for a certain period of time after a number of failed login attempts.
|
RedClaws
Amarr Dragon's Rage E C L I P S E
|
Posted - 2010.03.10 07:48:00 -
[27]
I've always been a bit confused about those authentication keys.
Why do I need a physical thing to generate this extra password? Why can't it be a site you go to?
|
Jimmae
|
Posted - 2010.03.10 07:59:00 -
[28]
Originally by: RedClaws I've always been a bit confused about those authentication keys.
Why do I need a physical thing to generate this extra password? Why can't it be a site you go to?
Those tokens contain a predictable salt based random number generator. The authentification server knows the salt and can at any given time predict the code a token generates.
A token therefore is useless if/when the salt becomes known by a third party as this 3rd party can then generate the same numbers as the token. Using a website to act in the way the tokens do would mean a database containing salts and an authorization process that maps salts to users.
You would essentially require a password to generate a password to accompany your password. The token would provide no additional security as the weak link in the chain would now be the token generating site.
|
Ambo
I've Got Nothing
|
Posted - 2010.03.10 08:17:00 -
[29]
Edited by: Ambo on 10/03/2010 08:22:16
Originally by: Kylee Serenity Awhile ago blizzard offered a simple USB key that is tied to your user account and must be plugged in to the machine in question in order to log in. I'm not sure how well they worked, but if they did, I would certainly buy one for my account(s).
I would definitely buy this.
I'm very careful with security on my system anyway but the extra peace (edit: not piece ) of mind would be well worth it. The thought of something I've spent years building being wrecked by 'lucky guesswork' on the part of the hacker is not an appealing one. --------------------------------------
|
Ricc Deckard
ALTES EISEN Ferrum 26
|
Posted - 2010.03.10 08:27:00 -
[30]
Originally by: Ambo
Originally by: Kylee Serenity Awhile ago blizzard offered a simple USB key that is tied to your user account and must be plugged in to the machine in question in order to log in. I'm not sure how well they worked, but if they did, I would certainly buy one for my account(s).
I would definitely buy this.
I'm very careful with security on my system anyway but the extra piece of mind would be well worth it. The thought of something I've spent years building being wrecked by 'lucky guesswork' on the part of the hacker is not an appealing one.
Yes, me too. I would definately buy a CCP authenticator. We use these keyfobs in the office for vpn authentifications. They provide security at very low costs and low effort. You simply enter your password and your accountname, push a button, get a 6 digit code, enter it, too. That's it...
Please provide keyfobs for Eve ... ---------- Gentlemen, you can't fight in here! This is the War Room. |
|
|
|
|
Pages: [1] 2 3 :: one page |
First page | Previous page | Next page | Last page |