Pages: [1] :: one page |
|
Author |
Thread Statistics | Show CCP posts - 0 post(s) |
Naal Morno
ECP Rogues Dusk and Dawn
|
Posted - 2006.11.25 01:02:00 -
[1]
The full note states: For security reasons the option to save passwords in the login screen has been removed.
I think you are very wrong here. If somebody is hacked, they also have keylogger on their machine which means retyping password WILL ACTUALLY reveal it to the hacker and allow to access not only Eve itself but also their account info.
Many people run more than one account and therefore forcing them to retype the password without possibility of saving it is a change for worse. Since it wasn't possible to save by default anyway, why the change? I will have to shorten my password, which is 18 chars now, to something possible to type without getting ****ed off every time I have to do it, on each account. And I relog a lot.
I will blame CCP if my account gets hacked due to weak password. _________________________________________
Once I thought T2 BPO Lottery is a problem... Then I've become a part of problem and I relized that previously I was just plain jealous. |
Protunia
Gallente
|
Posted - 2006.11.25 01:53:00 -
[2]
I see no problem with this at all.
You have a pen and paper?? My Character Stats
|
Eewec Ourbyni
Caldari
|
Posted - 2006.11.25 01:55:00 -
[3]
Originally by: Protunia I see no problem with this at all.
You have a pen and paper??
You want to type (example only) "sdf56n!!HH^3rhghg6*(T4Ftg2FBH(^874" everytime you login?
This is a sig...
-- You think this guys post is nuts.... you should see his bio --
... good, ain't it! |
Protunia
Gallente
|
Posted - 2006.11.25 02:02:00 -
[4]
LOL anyone who would waste their time making a password that crazy deserves to have to type it in every time My Character Stats
|
Eewec Ourbyni
Caldari
|
Posted - 2006.11.25 02:15:00 -
[5]
Edited by: Eewec Ourbyni on 25/11/2006 02:17:12
Originally by: Protunia LOL anyone who would waste their time making a password that crazy deserves to have to type it in every time
And the reason I make passwords that hard is so they are darn f^$"ing difficult to ***** (EDIT: Apparently the term 'c r a c k' is not liked by the filter, yet it has many more normal everyday use meanings than it has rude ones). But if your machine does get infected with a keylogger after you made it, CCP have just handed that password over to the folks who control it, instead of it being nice and relatively safe behind encrypted storage with only those who have physical access to the PC capable of using it, if they can get passed the normal user password and security on my PC user account, or they actually manage to hack my PC and gain control over it and nab it that way....
Maybe I am a little over-protective of my account, but I'd like my account and my details, to remain, My Account and My Details.
This is a sig...
-- You think this guys post is nuts.... you should see his bio --
... good, ain't it! |
Viktor Fyretracker
Caldari Worms Corp
|
Posted - 2006.11.25 02:21:00 -
[6]
there isnt an option to save passwords to start with or id have been using it. unless some 3rd party thing was doing it.
|
oDDiTy V2
Black Nova Corp Band of Brothers
|
Posted - 2006.11.25 02:24:00 -
[7]
Originally by: Viktor Fyretracker there isnt an option to save passwords to start with or id have been using it. unless some 3rd party thing was doing it.
You could add something like "networkadvanced = 1" to your config.ini file or something like that and it allowed you to save your password.
|
Mithrantir Ob'lontra
Gallente Ixion Defence Systems The Cyrene Initiative
|
Posted - 2006.11.25 02:24:00 -
[8]
Originally by: Eewec Ourbyni Edited by: Eewec Ourbyni on 25/11/2006 02:17:12
Originally by: Protunia LOL anyone who would waste their time making a password that crazy deserves to have to type it in every time
And the reason I make passwords that hard is so they are darn f^$"ing difficult to ***** (EDIT: Apparently the term 'c r a c k' is not liked by the filter, yet it has many more normal everyday use meanings than it has rude ones). But if your machine does get infected with a keylogger after you made it, CCP have just handed that password over to the folks who control it, instead of it being nice and relatively safe behind encrypted storage with only those who have physical access to the PC capable of using it, if they can get passed the normal user password and security on my PC user account, or they actually manage to hack my PC and gain control over it and nab it that way....
Maybe I am a little over-protective of my account, but I'd like my account and my details, to remain, My Account and My Details.
You know that you can use a very nice combination of a txt file and copy&paste techniques. Is that so troubling?
------- Nobody can be exactly like me. Even I have trouble doing it. |
Eewec Ourbyni
Caldari
|
Posted - 2006.11.25 02:30:00 -
[9]
Edited by: Eewec Ourbyni on 25/11/2006 02:32:41
Originally by: Mithrantir Ob'lontra
Originally by: Eewec Ourbyni Edited by: Eewec Ourbyni on 25/11/2006 02:17:12
Originally by: Protunia LOL anyone who would waste their time making a password that crazy deserves to have to type it in every time
And the reason I make passwords that hard is so they are darn f^$"ing difficult to ***** (EDIT: Apparently the term 'c r a c k' is not liked by the filter, yet it has many more normal everyday use meanings than it has rude ones). But if your machine does get infected with a keylogger after you made it, CCP have just handed that password over to the folks who control it, instead of it being nice and relatively safe behind encrypted storage with only those who have physical access to the PC capable of using it, if they can get passed the normal user password and security on my PC user account, or they actually manage to hack my PC and gain control over it and nab it that way....
Maybe I am a little over-protective of my account, but I'd like my account and my details, to remain, My Account and My Details.
You know that you can use a very nice combination of a txt file and copy&paste techniques. Is that so troubling?
Yeah, your right... but where to store the .txt file.... hmmm, password protected encrypted zip file..... has possibilities.
EDIT: Still, it would be so much easier if the client continued to do this automatically instead of losing the functionality.
This is a sig...
-- You think this guys post is nuts.... you should see his bio --
... good, ain't it! |
Gamer4liff
Caldari Metalworks THE INTERSTELLAR FOUNDRY
|
Posted - 2006.11.25 02:32:00 -
[10]
This change would be a lot less annoying if you didn't have to log in 80 times to post a single message.
|
|
Haffrage
Revelations Inc. Shroud Of Darkness
|
Posted - 2006.11.25 02:59:00 -
[11]
I agree with the OP, the save password option was great. I type my passwords as seldomly as possible, and no I'm not about to save them in a text file somewhere on my computer. That's even worse. At least with the save password option the only way to find out what the pass is is to download a program that would read it straight from the file or the program's memory. But nooo, if I decide to save it elsewhere it's just a doubleclick away =| -----
|
Audri Fisher
Caldari The Keep THE R0CK
|
Posted - 2006.11.25 03:03:00 -
[12]
Originally by: Gamer4liff This change would be a lot less annoying if you didn't have to log in 80 times to post a single message.
They are trying to nerf dark shiki
|
Mithrantir Ob'lontra
Gallente Ixion Defence Systems The Cyrene Initiative
|
Posted - 2006.11.25 03:49:00 -
[13]
Originally by: Eewec Ourbyni Edited by: Eewec Ourbyni on 25/11/2006 02:32:41
Originally by: Mithrantir Ob'lontra
Originally by: Eewec Ourbyni Edited by: Eewec Ourbyni on 25/11/2006 02:17:12
Originally by: Protunia LOL anyone who would waste their time making a password that crazy deserves to have to type it in every time
And the reason I make passwords that hard is so they are darn f^$"ing difficult to ***** (EDIT: Apparently the term 'c r a c k' is not liked by the filter, yet it has many more normal everyday use meanings than it has rude ones). But if your machine does get infected with a keylogger after you made it, CCP have just handed that password over to the folks who control it, instead of it being nice and relatively safe behind encrypted storage with only those who have physical access to the PC capable of using it, if they can get passed the normal user password and security on my PC user account, or they actually manage to hack my PC and gain control over it and nab it that way....
Maybe I am a little over-protective of my account, but I'd like my account and my details, to remain, My Account and My Details.
You know that you can use a very nice combination of a txt file and copy&paste techniques. Is that so troubling?
Yeah, your right... but where to store the .txt file.... hmmm, password protected encrypted zip file..... has possibilities.
EDIT: Still, it would be so much easier if the client continued to do this automatically instead of losing the functionality.
You can also tamper the security settings of the said file and only yourself can open it or edit it or anything. Which can give a good level of security. Furthermore to go a little crazy you can make it appears as something totally different than what it is. Jpeg file, ini file etc. Hidden from other users of the pc etc.
Some easy solutions that don't require you to create a password to hide other passwords and so on
------- Nobody can be exactly like me. Even I have trouble doing it. |
Tunajuice
|
Posted - 2006.11.25 08:05:00 -
[14]
If you get hacked you get hacked, for the 90% of us who aren't hacked, we should have the convenience of not having to type in our password. For the people who are hacked... their password will come out either way.
|
Naal Morno
ECP Rogues Dusk and Dawn
|
Posted - 2006.11.25 08:15:00 -
[15]
Bottom line CCP:
Leave this feature to PROS and therefore as it is eg. alone, let us store the pass. On YOUR part, make it a assymetric key (well, if it was symmetric to date, I guess you weren't including machine specific info and therefore it was so easy to steal ini file and use it on any machine you wanted, eh?). I think some of your new devs should have SOME knowledge of safe storage.
Neutering us of this feature is REALLY anti-productive.
Thanks much. This patch is all but junk so far. _________________________________________
Once I thought T2 BPO Lottery is a problem... Then I've become a part of problem and I relized that previously I was just plain jealous. |
Matrix Aran
Legio Immortalis
|
Posted - 2006.11.25 10:51:00 -
[16]
The more modern keyloggers don't just log keystrokes they log saved data being transmited between your comp and a target website. This was used in a rather nasty WoW keylogger, so even people with saved account names and passwords got done. Also you have to remember, the eve client probably doesn't store the saved pasword localy under any dort of encryption. This means it would be even easier to simply steal the cached password data.
As for passwords, personaly I use a 18 character password with numerals and symbols. Its not all that hard to set up a memorable password if you put some thought into constructing it. Think |33+ $p34|< ----
|
Yoshimako
|
Posted - 2006.11.25 14:09:00 -
[17]
personaly i think if you are paranoid this is the best solution: (note, this will get irritating but hey your paranoid, what do you care?)
Make up a password or random numbers and letters then write it down.
Now choose a load more random numbers and letters to type in before and after aforementioned password.
Now type this long string in everytime and delete off all the spare random numbers and letters.
You will feel much, much safer under your tinfoil hat.
|
Hoshi
DAB RAZOR Alliance
|
Posted - 2006.11.25 22:54:00 -
[18]
Edited by: Hoshi on 25/11/2006 22:54:26
Originally by: Matrix Aran The more modern keyloggers don't just log keystrokes they log saved data being transmited between your comp and a target website. This was used in a rather nasty WoW keylogger, so even people with saved account names and passwords got done. Also you have to remember, the eve client probably doesn't store the saved pasword localy under any dort of encryption. This means it would be even easier to simply steal the cached password data.
As for passwords, personaly I use a 18 character password with numerals and symbols. Its not all that hard to set up a memorable password if you put some thought into constructing it. Think |33+ $p34|<
Passwords are both stored encrypted right now (in the prefs.ini file the password look something like c2569bd86598053716) and transmitted encrypted. That's one of the reason win 9x is not supported anymore, it did not support the encryption CCP was enforcing.
|
Noomee
|
Posted - 2006.11.25 23:03:00 -
[19]
I think anyway that if you are stupid and wreckless enough to allow a keylogger to get on your system in the first place, you deserve that your EVE account be hacked.
Seriously, with all the new "all-in-one" antivirus such as Symantec Internet Security and such, and all the publicity about internet security in general, anti-spywares and such, it's your **** fault if you get hacked in the first place... It's surely nice to have the EVE client made "secure" in some way, but I don't think it will make much of a difference in the end if the user's PC is not properly protected.
|
Templer Relleg
FATAL REVELATIONS Lotka Volterra
|
Posted - 2006.11.25 23:06:00 -
[20]
Edited by: Templer Relleg on 25/11/2006 23:07:19 I could easily get the source of, lets say evemon, add a few lines of code, and abuse this feature, which ccp is very good off, with removing, unless its actually encrypted(Did they do this, in dragon?).
So the point being, the password is stored in clear text, and with a very few lines of code, i could easily grab your information.
I think its good that CCP remove this.
|
|
Sorja
E X O D U S Imperial Republic Of the North
|
Posted - 2006.11.26 00:06:00 -
[21]
The OP has a point.
While a minor annoyance, the 'remember password' option should remain.
I can't figure why some are flaming the OP with dumb replies, btw, it's pretty stupid. ____________________ A gentleman is someone who can play the bagpipe, but who does not. |
Flock'O Seagulls
Gallente Eye of the Abyss
|
Posted - 2006.11.26 00:32:00 -
[22]
You know. This is a great reason for breach of pseudo-security. Saving account passwords in a client is a lot more risky than say a, key logger.
So a simple fix to not worrying about getting your password stolen is simple. Use anti-spyware software. Use a better internet browser (Firefox or Opera to name two.) You wont have any spyware/viruses/adware/malware/etc. I wouldn't worry about having to type out a password.
Honestly, it seems like you are just trying to find something to complain about. Stop these baseless, blatant attempts of complaints.
Also a small note to those who like to save their passwords in a .txt file. STOP THIS PRACTICE IMMEDIATELY.
And just memorize your passwords. A complex password is never a secure password. ... We have to create the problem that the customer will want to solve. |
Hoshi
DAB RAZOR Alliance
|
Posted - 2006.11.26 14:13:00 -
[23]
Originally by: Flock'O Seagulls You know. This is a great reason for breach of pseudo-security. Saving account passwords in a client is a lot more risky than say a, key logger.
How do you figure that? The passwords are stored encrypted. Even if he downloads your prefs.ini file he won't get the password. ---------------------------------------- A Guide to Scan Probing in Revelations |
James Lyrus
Lyrus Associates Interstellar Starbase Syndicate
|
Posted - 2006.11.26 14:22:00 -
[24]
Originally by: Hoshi
Originally by: Flock'O Seagulls You know. This is a great reason for breach of pseudo-security. Saving account passwords in a client is a lot more risky than say a, key logger.
How do you figure that? The passwords are stored encrypted. Even if he downloads your prefs.ini file he won't get the password.
Encrypted passwords are possible to break.
Personally I feel the 'risk' choice is between: Encrypted password in a file on your computer (e.g. prefs) Or 'typing long complicated password every time you login'.
Both have weaknesses. The former, the file can be stolen or accessed. The latter, a keylogger will pick up. It will also discourage use of 'good' passwords, e.g. long and hard to type ones.
*shrug* I used save password quite a bit - I'm not worried about someone else getting at my computer (I have a login password, and anyway, if you really want to break into my house to get on EVE....)
|
Squichen Parrot
|
Posted - 2006.11.26 23:01:00 -
[25]
The real reason developers dont like people saving their passwords is because once a user has saved their password in the application so that they dont need to type it again, well they have a distinct habit of FORGETTING it... And they have a distinct habit of blaming tech support because they forgot their own password and they hassle tech support to reset their password...
I'd get rid of passwords completely if they could just to cut down the number of calls I get to my IS Ops team because of forgotton passwords.
Forget keyloggers and people hacking your PC - this change will cut down the amount of people who forget their password...
|
Feng Schui
Minmatar Republic Military School
|
Posted - 2006.11.26 23:17:00 -
[26]
Biometrics FTW
http://www.apcc.com/products/family/index.cfm?id=246
|
|
|
|
Pages: [1] :: one page |
First page | Previous page | Next page | Last page |