Pages: [1] :: one page |
|
Author |
Thread Statistics | Show CCP posts - 0 post(s) |
Favonius85
House Aratus Fatal Ascension
1
|
Posted - 2012.09.20 16:53:00 -
[1] - Quote
Google, Dropbox, Battle.net, and lots of other online services offer the option to enable 2-Step authentication for their accounts, using an Android or iPhone device or a purchasable dongle to generate login codes. Was wondering what everyone thought about having the option available for our EVE accounts. |
Goldensaver
Vorbild Industries Inc. State Section 9
11
|
Posted - 2012.09.20 17:00:00 -
[2] - Quote
Ugh. I hate those things. If I could scrap them all, I would. Sorry, but it's an extra step that wastes time in my opinion.
Edit: of course, I forgot to put in that if it were optional, I guess I wouldn't mind. I mean, it can't hurt if it's just another choice to make. |
Favonius85
House Aratus Fatal Ascension
1
|
Posted - 2012.09.20 17:04:00 -
[3] - Quote
I don't think it should be made mandatory by any means. Simply something optional that can be enabled to improve account security. |
Luc Chastot
Moira. Villore Accords
3
|
Posted - 2012.09.20 17:11:00 -
[4] - Quote
As annoying as 2-step verification can get sometimes, I always use it. Considering CCP is planning to move the login to the launcher, I would think this wouldn't be too hard to implement. |
NiGhTTraX
FISKL GUARDS Nulli Secunda
191
|
Posted - 2012.09.20 17:13:00 -
[5] - Quote
They already said they will implement this. Search forum, search CSM minutes, search... If you're gonna post here thinking your idea is the greatest thing since bacon and that it will save EVE and possibly all humankind with it, you're gonna have a bad time. |
Favonius85
House Aratus Fatal Ascension
1
|
Posted - 2012.09.20 17:37:00 -
[6] - Quote
NiGhTTraX wrote:They already said they will implement this. Search forum, search CSM minutes, search...
"Authenticators are coming, email verification needs to be sorted but itGÇÖs something theyGÇÖre working on and hopefully getting done soon. Anti-hacking is mostly talking about injection stuff, which theyGÇÖre working on and dealing with. "
Oops, found on page 149 of this summer's CSM minutes.
Anyway, yes please CCP |
Hans Momaki
State War Academy Caldari State
21
|
Posted - 2012.09.20 20:14:00 -
[7] - Quote
YES, YES, YES! ASAP please. Optional ofcourse. |
Vi'ach
12
|
Posted - 2012.09.20 21:59:00 -
[8] - Quote
No thanks, if people can't secure their own accounts and insist on using their Faceache username/password for all their net logins then they deserve to have their accounts hacked. Granted, there is a duty for the developers to "protect" their side of the authentication, but devs should not have to deal with users inability to protect themselves.
http://nix.so/6g |
Luc Chastot
Moira. Villore Accords
3
|
Posted - 2012.09.21 07:38:00 -
[9] - Quote
Vi'ach wrote:No thanks, if people can't secure their own accounts and insist on using their Faceache username/password for all their net logins then they deserve to have their accounts hacked. Granted, there is a duty for the developers to "protect" their side of the authentication, but devs should not have to deal with users inability to protect themselves. http://nix.so/6g
Online Attack Scenario: (Assuming one thousand guesses per second)3.36 million trillion trillion centuries
I would still use 2-step verification. |
Vi'ach
5
|
Posted - 2012.09.21 10:03:00 -
[10] - Quote
Luc Chastot wrote: Online Attack Scenario: (Assuming one thousand guesses per second)3.36 million trillion trillion centuries
I would still use 2-step verification.
You are talking about a brute force attack, which I would assume the devs have ways to stop automated attacks like that, it makes no difference if users use the same login details for lots of services which are then compromised. The attacker does not need to brute force the authentication, as he/she has the details from the 3rd party site.
Again, users should protect themselves and not expect the world to hold their hand! |
|
Vi'ach
12
|
Posted - 2012.09.21 10:03:00 -
[11] - Quote
Luc Chastot wrote: Online Attack Scenario: (Assuming one thousand guesses per second)3.36 million trillion trillion centuries
I would still use 2-step verification.
You are talking about a brute force attack, which I would assume the devs have ways to stop automated attacks like that, it makes no difference if users use the same login details for lots of services which are then compromised. The attacker does not need to brute force the authentication, as he/she has the details from the 3rd party site.
Again, users should protect themselves and not expect the world to hold their hand!
EDIT: A 2-step process can't be optional either as it will leave holes in the authentication making it redundant, plus a waste of dev time. |
S'totan
Impen Reloaded Axiomatic Dominion
17
|
Posted - 2012.09.21 21:47:00 -
[12] - Quote
I have a better idea!!!!!
..... stop sharing your account information with people... |
D'Argo Sun'Crichton
Celestial Horizon Corp.
0
|
Posted - 2012.12.15 22:38:00 -
[13] - Quote
Vi'ach wrote:Luc Chastot wrote: Online Attack Scenario: (Assuming one thousand guesses per second)3.36 million trillion trillion centuries
I would still use 2-step verification.
You are talking about a brute force attack, which I would assume the devs have ways to stop automated attacks like that, it makes no difference if users use the same login details for lots of services which are then compromised. The attacker does not need to brute force the authentication, as he/she has the details from the 3rd party site. Again, users should protect themselves and not expect the world to hold their hand! EDIT: A 2-step process can't be optional either as it will leave holes in the authentication making it redundant, plus a waste of dev time.
A 2-step process can't be optional?? Then explain how Battle.net is able to do it and they dont seem to have any issues running both single signon and 2 part process signons at the same time. Yes, it would mean that those who didnt use the 2step method would be more vulerable than those who did use it, however to say it cannot be made optional because of holes and redundancy is purely incorrect. You simply do a account check during login "Isauthenticationenabled=Yes Queryforauthentication" "Isauthenticationenabled=no Proceedlogin" |
Sir Substance
I N E X T R E M I S Fidelas Constans
525
|
Posted - 2012.12.16 06:53:00 -
[14] - Quote
CCP gave out physical tokens at fanfest 2011, as a beta run, and then never implemented the code for it.
I am sad. Ishtar Starfire: As a pure caldari pilot i feel that with the deployment of the new tier 3 battlecruisers you have given an unfair advantage to everyone except caldari pilots. an example would be like giving a fat kid a whole cake while the skinny kid has to watch and get nothing.
|
Konrad Kane
Dirt Nap Squad
38
|
Posted - 2012.12.16 12:45:00 -
[15] - Quote
Sir Substance wrote:CCP gave out physical tokens at fanfest 2011, as a beta run, and then never implemented the code for it.
I am sad.
SecureID now do softtokens, which remove the requirement for a physical device. Just as secure and have the added bonus of being able to cut and paste the random password. |
Mallak Azaria
GoonWaffe Goonswarm Federation
1422
|
Posted - 2012.12.17 01:31:00 -
[16] - Quote
EVE supports a 64-character password. Make full use of it. It's about time CCP stops catering to the lazy players with this sense of entitlement for fear of losing money. These aren't the people making the game better, these are the people wanting you to turn EVE in to a game that is like most other MMO's. |
Rams Trough'put
Dormant Dragons
0
|
Posted - 2012.12.17 07:10:00 -
[17] - Quote
I haven't seen some spam messages I seen when I was on xbox live, those message that offer level ups and and achievement unlocking for a slight fee but they need ur account info to the work, that all the 8-15 year olds(and older according the the forums) fall for all the time.....Sometimes it doesn't help how hard the password is. |
Aptenodytes
Reckless Abandon
35
|
Posted - 2012.12.18 10:44:00 -
[18] - Quote
As long as it's optional, why not? My password is a random 15 digit non-alphanumeric string so it's pretty much unnecessary for me, the only way someone's getting into my account is if CCP leaves the password database on a USB key on a train or something. And if that happens I would hope I'd get my assets back anyway.
I always figured these gizmos were simply to make a little extra cash for the games company. If people want to pay CCP to manage their security for them, then why not! I pay someone to clean my kitchen, which I could quite easily do myself. So as long as it doesn't inconvenience me (as in, it's optional), keeps other people happy, and makes money for CCP, then it's win-win.
|
Alundil
Seniors Clan Get Off My Lawn
179
|
Posted - 2012.12.18 19:13:00 -
[19] - Quote
http://securityledger.com/new-25-gpu-monster-devours-passwords-in-seconds/
Relying on passwords alone - even complex ones - isn't a good place to be. 2-factor authentication is a good first step. I support that move when it arrives. |
androch
Lasting Forge Holding Rebel Alliance of New Eden
6
|
Posted - 2012.12.18 20:21:00 -
[20] - Quote
i do not support this, authentication has never been needed in this game at all, the current system works fine, to even get at your account they have to know your account name and one of your characters (which if you use the same name in your account youre a bloody idiot) |
|
Konrad Kane
Dirt Nap Squad
40
|
Posted - 2012.12.18 21:15:00 -
[21] - Quote
TBH digital certs. are probably a much more elegant solution. |
|
|
|
Pages: [1] :: one page |
First page | Previous page | Next page | Last page |