Pages: [1] :: one page |
|
Author |
Thread Statistics | Show CCP posts - 2 post(s) |
Zee Sebiestor
OurEVE.com
4
|
Posted - 2015.11.05 17:21:49 -
[1] - Quote
Simple question to 3rd party developers. Do you feel the player base has a fear of using the evesso? I have had several players say they would not participate with my 3rd party website because they did not trust me with their eve login. I tried to explain how the evesso works but was faced with distrust. Has anyone else experienced simular issues? |
Pete Butcher
KarmaFleet Goonswarm Federation
301
|
Posted - 2015.11.05 19:01:00 -
[2] - Quote
Zee Sebiestor wrote:Simple question to 3rd party developers. Do you feel the player base has a fear of using the evesso? I have had several players say they would not participate with my 3rd party website because they did not trust me with their eve login. I tried to explain how the evesso works but was faced with distrust. Has anyone else experienced simular issues?
Yes I did, but I have a desktop app. Users tend not to trust 3rd party apps, and that's generally good. The best we can do is explain the safety of the operation. CCP can also add some text to the login page about it.
http://evernus.com - the ultimate multiplatform EVE trade tool + nullsec Alliance Market tool + Trade Advisor
|
Hel O'Ween
Men On A Mission
137
|
Posted - 2015.11.06 16:13:00 -
[3] - Quote
Currnetly not using SSO myself, but I can see the trust issue, given that this is EVE we're talking about, where you should trust no one and we're asking for "giv real credentials, pls!"
Even I as a dev was scared off the first time I encountered a SSO login screen at a 3rd party site/app (didn't got the memo about SSO being available).
Not sure how to deal with it, though. On the one hand, CCP could "advertise" SSO (and how it works) more offensive to the players. On the other hand, doing so will make SSO "legit" and I'm sure some scammers will come up with a fake SSO login screen and abuse it. I doubt that a none-techie will be able to spot the fake.
EVEWalletAware - an offline wallet manager.
|
Pete Butcher
KarmaFleet Goonswarm Federation
301
|
Posted - 2015.11.06 16:19:04 -
[4] - Quote
Hel O'Ween wrote:Currnetly not using SSO myself, but I can see the trust issue, given that this is EVE we're talking about, where you should trust no one and we're asking for "giv real credentials, pls!"
Even I as a dev was scared off the first time I encountered a SSO login screen at a 3rd party site/app (didn't got the memo about SSO being available).
Not sure how to deal with it, though. On the one hand, CCP could "advertise" SSO (and how it works) more offensive to the players. On the other hand, doing so will make SSO "legit" and I'm sure some scammers will come up with a fake SSO login screen and abuse it. I doubt that a none-techie will be able to spot the fake.
Personally, I doubt in game scammers will make fake login pages. All player actions are traceable and the people behind it would surely be found, if they ever used the credentials. Also, we have two factor auth nowadays.
http://evernus.com - the ultimate multiplatform EVE trade tool + nullsec Alliance Market tool + Trade Advisor
|
Zee Sebiestor
OurEVE.com
4
|
Posted - 2015.11.06 19:41:40 -
[5] - Quote
I think ccp should put out a video about the evesso and explain it's workings. That would help alot. |
SJ Astralana
Syncore
130
|
Posted - 2015.11.08 01:09:09 -
[6] - Quote
Pete Butcher wrote:Also, we have two factor auth nowadays.
2fa can be bypassed by starting exefile directly, so it's basically useless.
Hyperdrive your production business: Eve Production Manager
|
Pete Butcher
KarmaFleet Goonswarm Federation
301
|
Posted - 2015.11.08 05:44:01 -
[7] - Quote
SJ Astralana wrote:Pete Butcher wrote:Also, we have two factor auth nowadays. 2fa can be bypassed by starting exefile directly, so it's basically useless.
I'm assuming it will be fixed one day.
http://evernus.com - the ultimate multiplatform EVE trade tool + nullsec Alliance Market tool + Trade Advisor
|
salacious necrosis
Federal Defense Union Gallente Federation
13
|
Posted - 2015.11.09 03:01:48 -
[8] - Quote
Pete Butcher wrote:Hel O'Ween wrote:Currnetly not using SSO myself, but I can see the trust issue, given that this is EVE we're talking about, where you should trust no one and we're asking for "giv real credentials, pls!"
Even I as a dev was scared off the first time I encountered a SSO login screen at a 3rd party site/app (didn't got the memo about SSO being available).
Not sure how to deal with it, though. On the one hand, CCP could "advertise" SSO (and how it works) more offensive to the players. On the other hand, doing so will make SSO "legit" and I'm sure some scammers will come up with a fake SSO login screen and abuse it. I doubt that a none-techie will be able to spot the fake. Personally, I doubt in game scammers will make fake login pages. All player actions are traceable and the people behind it would surely be found, if they ever used the credentials. Also, we have two factor auth nowadays.
Is faking an EVE SSO site bannable? I'm sure that would be a possible end result if this ever came up, but is it stated explicitly anywhere?
|
|
CCP FoxFour
C C P C C P Alliance
4173
|
Posted - 2015.11.09 14:09:19 -
[9] - Quote
salacious necrosis wrote:Pete Butcher wrote:Hel O'Ween wrote:Currnetly not using SSO myself, but I can see the trust issue, given that this is EVE we're talking about, where you should trust no one and we're asking for "giv real credentials, pls!"
Even I as a dev was scared off the first time I encountered a SSO login screen at a 3rd party site/app (didn't got the memo about SSO being available).
Not sure how to deal with it, though. On the one hand, CCP could "advertise" SSO (and how it works) more offensive to the players. On the other hand, doing so will make SSO "legit" and I'm sure some scammers will come up with a fake SSO login screen and abuse it. I doubt that a none-techie will be able to spot the fake. Personally, I doubt in game scammers will make fake login pages. All player actions are traceable and the people behind it would surely be found, if they ever used the credentials. Also, we have two factor auth nowadays. Is faking an EVE SSO site bannable? I'm sure that would be a possible end result if this ever came up, but is it stated explicitly anywhere?
Yes. 100% so.
This is generally the article I link people when asking about the SSO: https://support.eveonline.com/hc/en-us/articles/205381192-Single-Sign-On-SSO-
I am working on getting a link to it added to the SSO login page itself. Apparently takes time for a modification like that to happen...
@CCP_FoxFour // Technical Designer // Team Size Matters
Third-party developer? Check out the official developers site for dev blogs, resources, and more.
|
|
Max Kolonko
WATAHA. Unseen Wolves
571
|
Posted - 2015.11.09 16:34:10 -
[10] - Quote
Hel O'Ween wrote:Currnetly not using SSO myself, but I can see the trust issue, given that this is EVE we're talking about, where you should trust no one and we're asking for "giv real credentials, pls!"
Even I as a dev was scared off the first time I encountered a SSO login screen at a 3rd party site/app (didn't got the memo about SSO being available).
Not sure how to deal with it, though. On the one hand, CCP could "advertise" SSO (and how it works) more offensive to the players. On the other hand, doing so will make SSO "legit" and I'm sure some scammers will come up with a fake SSO login screen and abuse it. I doubt that a none-techie will be able to spot the fake.
One way to be certain is to go to any eveonline page (forum, gate, account) and log in there and select to remember you. Then go to third party site a click on eve login. If it didn't ask for password and go straight to scope and character selection you are safe. If not be suspicious.
Read and support:
Don't mess with OUR WH's
What is Your stance on WH stuff?
|
|
Hel O'Ween
Men On A Mission
137
|
Posted - 2015.11.09 17:30:02 -
[11] - Quote
Max Kolonko wrote: One way to be certain is to go to any eveonline page (forum, gate, account) and log in there and select to remember you. Then go to third party site a click on eve login. If it didn't ask for password and go straight to scope and character selection you are safe. If not be suspicious.
That's only true for web apps, not desktop applications, I fear. Or is it?
EVEWalletAware - an offline wallet manager.
|
Max Kolonko
WATAHA. Unseen Wolves
571
|
Posted - 2015.11.09 17:39:28 -
[12] - Quote
Hel O'Ween wrote:Max Kolonko wrote: One way to be certain is to go to any eveonline page (forum, gate, account) and log in there and select to remember you. Then go to third party site a click on eve login. If it didn't ask for password and go straight to scope and character selection you are safe. If not be suspicious.
That's only true for web apps, not desktop applications, I fear. Or is it?
I actually dont know. But even standalone apps open a web interface for login, arent they?
Read and support:
Don't mess with OUR WH's
What is Your stance on WH stuff?
|
|
CCP FoxFour
C C P C C P Alliance
4174
|
Posted - 2015.11.10 08:01:48 -
[13] - Quote
Hel O'Ween wrote:Max Kolonko wrote: One way to be certain is to go to any eveonline page (forum, gate, account) and log in there and select to remember you. Then go to third party site a click on eve login. If it didn't ask for password and go straight to scope and character selection you are safe. If not be suspicious.
That's only true for web apps, not desktop applications, I fear. Or is it?
If it works for one it would work for both.
@CCP_FoxFour // Technical Designer // Team Size Matters
Third-party developer? Check out the official developers site for dev blogs, resources, and more.
|
|
Hel O'Ween
Men On A Mission
137
|
Posted - 2015.11.10 17:36:21 -
[14] - Quote
Quote: I actually dont know. But even standalone apps open a web interface for login, arent they?
I have no clue either ...
Quote: If it works for one it would work for both.
So the server does the "remember me"-magic? How so?
I'm trying to understand how a valid SSO login can be persisted if on the client side two different applications (web browser + 3rd party desktop application), which share no connection/data with each other, other than running on the same machine, be identified as being already authenticated.
Sorry, if this is trivial question for "web pros", but inquiring minds want to know.
EVEWalletAware - an offline wallet manager.
|
Pete Butcher
KarmaFleet Goonswarm Federation
302
|
Posted - 2015.11.10 18:46:33 -
[15] - Quote
Hel O'Ween wrote:Quote: I actually dont know. But even standalone apps open a web interface for login, arent they?
I have no clue either ...
They can. In Evernus I used both methods - internal and external browser. External one can take advantage of remember me functionality.
Hel O'Ween wrote:Quote: If it works for one it would work for both.
So the server does the "remember me"-magic? How so? I'm trying to understand how a valid SSO login can be persisted if on the client side two different applications ( web browser + 3rd party desktop application), which share no connection/data with each other, other than running on the same machine, be identified as being already authenticated. Sorry, if this is trivial question for "web pros", but inquiring minds want to know.
3rd party app only needs a token to authenticate. Where that token comes from is pretty much irrelevant. Therefore, one can use a browser to log in (with remember me on) and the browser will redirect back locally to the application with appropriate code. This can often fail for many reasons (if someone tells you otherwise - he's an idiot with no real experience), but it usually works.
http://evernus.com - the ultimate multiplatform EVE trade tool + nullsec Alliance Market tool + Trade Advisor
|
|
|
|
Pages: [1] :: one page |
First page | Previous page | Next page | Last page |