Pages: [1] 2 :: one page |
|
Author |
Thread Statistics | Show CCP posts - 0 post(s) |
Armon Deacon
Amarr Rage Quit Inc
|
Posted - 2009.06.02 19:42:00 -
[1]
CCP has recently seen a surge in customers and is now arguable one of the top 2 or 3 MMORPG's in NA. However, along with this success comes the attention of some undesirables, and an increase in account thefts, compromises, etc.
There are many ways a user can protect themselves, but in the current age we live in, its much easier to get compromised due to various software exploits where the user even in good faith might not be aware. Not to mention, as users increase, the amount of for lack of a better word "Folks who simply dont know how to protect themselves" increases as well.
This leads to an increase in petitions, and an overall workload increase for CCP.
A solution that WoW and FF11 are using that has been successful is authenticators from Vasco (www.vasco.com) These authenticators are usually less than 10.00, and provide a second layer of protection.
They create one time use 6 digit passwords, that you must enter AFTER you enter your password, and these passwords are only good for 30 seconds. I.E. You enter your log in and pass word, hit enter, it asks for your authenticator key. You press the button on your authenticator, and a key is created, and is only usable for 30 seconds before its no longer functional. You enter the key, and you are online.
Therefore, even if someone were to know your password, they would still not be able to access your account.
The nice thing about these keys, is they can also be tied to multiple accounts, so if you are a sick freak like myself with over 4 accounts, you can rest easy knowing you are more secure.
This method is a cheap way to guarantee that even the most nonsavy of users are protected, and completely optional for those who feel they are safe enough.
I would love to see this implemented. ---------------------sig------------------ EvE BeliEvE project. Can a new player compete in EvE? |
Oam Mkoll
The Legion of Spoon Curatores Veritatis Alliance
|
Posted - 2009.06.02 20:01:00 -
[2]
THIS. Or at least start with Blizzard's idea of Mobile Authenticator for iPhone, iPod Touch and soon mobiles. |
Sumnamna
Caldari Flying Scotsmen
|
Posted - 2009.06.02 20:19:00 -
[3]
Edited by: Sumnamna on 02/06/2009 20:20:26 I disagree, This is just another way to implement a password change scheme, If your not willing to protect your account then you should suffer the effects, At what point do people start to take responsibility for themselves? I could almost agree if it was truly optional, But these things tend to take on a life of their own and before you know it you have to buy into it or you can't play.
|
Armon Deacon
Amarr Rage Quit Inc
|
Posted - 2009.06.02 20:30:00 -
[4]
Originally by: Sumnamna Edited by: Sumnamna on 02/06/2009 20:20:26 I disagree, This is just another way to implement a password change scheme, If your not willing to protect your account then you should suffer the effects, At what point do people start to take responsibility for themselves? I could almost agree if it was truly optional, But these things tend to take on a life of their own and before you know it you have to buy into it or you can't play.
I dont understand what you mean by password change scheme. This is an optional layer of security to protect your account that would be on the game client and the website. You would have to have the authenticator to change your password.
Obviously people are responsible for themselves, but as cyber groups get smarter and smarter, you can fall victim completely innocently. Few months back there was a youtube exploit. Simply watching a youtube link on a blog could infect you with a trojan. This goes beyond the customers responsibility, and starts to fall under simply falling victim to something outside your control.
However, I dont understand where you get life of their own. Blizzard has been using this for almost 2 years, it is still 100% optional, not required, and will stay that way. This is something new that few mmo companys have tried, and the two that have, neither have forced it on anyone. So again, I dont see how you can say it leads to forced use. ---------------------sig------------------ EvE BeliEvE project. Can a new player compete in EvE? |
TheOnlyProphet
Altus Provisio Violent Society
|
Posted - 2009.06.02 21:20:00 -
[5]
Sounds like a good idea. Plus I like gadgets.
|
Cheekything
Gallente Fallen Angel's Blade.
|
Posted - 2009.06.02 23:50:00 -
[6]
The idea is a good one but I refuse to give my support based on the following reasons:
1) CCP's Staff are on ball and very fast at dealing with things from what i've heard.
2) It'd delude people that they don't need to know about how to use secure passwords.
3) Eve's Player tend to be more mature on average in age and mind.
4) Eve's 400,000ish players is no where near the 4 million or so for WoW.
5) Eve's game play to become good is far different form WoW.
To summarise: Players on Eve as you well know have to play for a few months before they become somewhat decent and many years to become a "big success". Players in WoW can "grind" to high levels easily in a few months.
What this means is that players on eve cannot create new players so easily if they have their others banned for X reason.
People who decided to hack accounts are likely to be caught quickly and the other player account restored in a faction of the time.
People are welcome to be devious in game and infiltrate other corporations .. which provides much more reward as it's more celebrated for example Goons and BoB.
If a Goon did this by hacking an account there would of been an uproar but this was not the case.
So Eve does not really need a random thing for this and also it may make selling characters much harder.
Cheeky.
|
Armon Deacon
Rage Quit Inc
|
Posted - 2009.06.03 00:09:00 -
[7]
Again, being aware on how to protect yourself is good to have, however, it is no longer fool proof as it was years prior. With the new risks and browser exploits that are available why would anyone NOT be pro-more security?
I assume you meant legally selling of accounts for isk, in that case the authenticators can be easily removed via the websites account screen by following some basic directions and usually providing 2 - 3 sequential passwords.
EvE does have a decent turn around time, but it took almost a week for my friends account to be returned when he was hacked 2 months ago. Granted a week isnt to terribly bad, but by that time said hacker had already cleared his assets and run off with a decent chunk of the corporate assets we had as well at the time.
The account was restored, but the assets were not, this protects against this type of situation. Again, folks this is purely optional, and if you feel you are safe then by all means continue with out one. However, for paranoid folks like myself with multiple accounts this is simply giving us further ways to protect our investment. ---------------------sig------------------ EvE BeliEvE project. Can a new player compete in EvE? |
Drake Draconis
Minmatar Shadow Cadre
|
Posted - 2009.06.03 00:12:00 -
[8]
Edited by: Drake Draconis on 03/06/2009 00:13:06 Not supported.
There's this thing called common sense.
1: Don't go to websites pretending to be EVE online 2: Don't give out your account information or use the same username/passwords 3: Don't buy ISK 4: Don't use an windows system that has crappy anti-virus/anti-spyware.... otherwise i don't care how good you are... your gonna get taken eventually.
Problem solved. ========================= CEO of Shadow Cadre http://www.shadowcadre.com ========================= Dependable, Honorable, Intelligent, No-nonsense Vote Herschel Yamamoto for CSM! |
Armon Deacon
Amarr Rage Quit Inc
|
Posted - 2009.06.03 00:18:00 -
[9]
Originally by: Drake Draconis Edited by: Drake Draconis on 03/06/2009 00:13:06 Not supported.
There's this thing called common sense.
1: Don't go to websites pretending to be EVE online 2: Don't give out your account information or use the same username/passwords 3: Don't buy ISK 4: Don't use an windows system that has crappy anti-virus/anti-spyware.... otherwise i don't care how good you are... your gonna get taken eventually.
Problem solved.
And these methods no longer keep you safe is what Im trying to say. Again, why not allow those of us who want the extra security to do so? ---------------------sig------------------ EvE BeliEvE project. Can a new player compete in EvE? |
Oam Mkoll
Caldari The Legion of Spoon Curatores Veritatis Alliance
|
Posted - 2009.06.03 05:33:00 -
[10]
Edited by: Oam Mkoll on 03/06/2009 05:35:20
Originally by: Cheekything The idea is a good one but I refuse to give my support based on the following reasons:
1) CCP's Staff are on ball and very fast at dealing with things from what i've heard. 2) It'd delude people that they don't need to know about how to use secure passwords. 3) Eve's Player tend to be more mature on average in age and mind. 4) Eve's 400,000ish players is no where near the 4 million or so for WoW. 5) Eve's game play to become good is far different form WoW.
1. We have great and helpful doctors, why worry about staying healthy. 2. An authenticator does not replace the password (merely augments it) but on the other hand YEAH, it's pretty fool-proof, much more so than an average password. 3. And yet CCP admits that security is a growing concern. Which means people aren't always to blame for new security threats. Or do you personally filter your own network traffic packet by packet? 4. Yes. Aaand..? We don't deserve security? BTW WoW has 11+ million active players so disparity is even greater but your statement remains irrelevant. 5. Again.. what this has to do with account security? The OP isn't proposing to make EVE into WoW?
Quote:
To summarise: Players on Eve as you well know have to play for a few months before they become somewhat decent and many years to become a "big success". Players in WoW can "grind" to high levels easily in a few months.
What this means is that players on eve cannot create new players so easily if they have their others banned for X reason.
People who decided to hack accounts are likely to be caught quickly and the other player account restored in a faction of the time.
See point number 1: why stay healthy if nice doctors can heal you. Of course the time spent in a hospital (i.e. the weeks where you're unable to access your account) are very productive.
Quote: People are welcome to be devious in game and infiltrate other corporations .. which provides much more reward as it's more celebrated for example Goons and BoB.
If a Goon did this by hacking an account there would of been an uproar but this was not the case.
Again, completely irrelevant. Yes, EVE is different from WoW (and from hundreds of other MMOs) which has nothing to do with the fact that OPTIONAL increase in security for any account on the internet, ever, should be a good thing.
Quote: So Eve does not really need a random thing for this and also it may make selling characters much harder.
You completely misunderstand the mechanics of an authenticator. Please do some research first if you want to argue. Authenticators come into play when you LOG INTO your account (at the bank, WoW, to pay taxes, whatever..). They wouldn't have any impact on functionality in regard to gameplay, characters, forums aside from making them all more secure as an option. ---
|
|
Drake Draconis
Minmatar Shadow Cadre
|
Posted - 2009.06.03 05:45:00 -
[11]
Originally by: Armon Deacon
Originally by: Drake Draconis Edited by: Drake Draconis on 03/06/2009 00:13:06 Not supported.
There's this thing called common sense.
1: Don't go to websites pretending to be EVE online 2: Don't give out your account information or use the same username/passwords 3: Don't buy ISK 4: Don't use an windows system that has crappy anti-virus/anti-spyware.... otherwise i don't care how good you are... your gonna get taken eventually.
Problem solved.
And these methods no longer keep you safe is what Im trying to say. Again, why not allow those of us who want the extra security to do so?
Oh I'm sorry... did you buy some ISK recently?
========================= CEO of Shadow Cadre http://www.shadowcadre.com ========================= Dependable, Honorable, Intelligent, No-nonsense Vote Herschel Yamamoto for CSM! |
Chainer Cygnus
|
Posted - 2009.06.03 05:50:00 -
[12]
Edited by: Chainer Cygnus on 03/06/2009 05:50:55 Edited by: Chainer Cygnus on 03/06/2009 05:50:10 Edited by: Chainer Cygnus on 03/06/2009 05:49:51
Originally by: Drake Draconis
Originally by: Armon Deacon
Originally by: Drake Draconis Edited by: Drake Draconis on 03/06/2009 00:13:06 Not supported.
There's this thing called common sense.
1: Don't go to websites pretending to be EVE online 2: Don't give out your account information or use the same username/passwords 3: Don't buy ISK 4: Don't use an windows system that has crappy anti-virus/anti-spyware.... otherwise i don't care how good you are... your gonna get taken eventually.
And these methods no longer keep you safe is what Im trying to say. Again, why not allow those of us who want the extra security to do so?
Oh I'm sorry... did you buy some ISK recently?
I don't think he is disagreeing with you, it is fairly common knowledge that buying ISK risks compromising your account, as do a myriad number of things. And yes, account security is indeed common sense. There is no reason to not have the option to enhance that security if you so choose. Also, have you noticed the level of common sense present in the world today? Seems to be fairly low, so something like this is needed even more.
|
Armon Deacon
Amarr Rage Quit Inc
|
Posted - 2009.06.03 06:14:00 -
[13]
Originally by: Drake Draconis
Originally by: Armon Deacon
Originally by: Drake Draconis Edited by: Drake Draconis on 03/06/2009 00:13:06 Not supported.
There's this thing called common sense.
1: Don't go to websites pretending to be EVE online 2: Don't give out your account information or use the same username/passwords 3: Don't buy ISK 4: Don't use an windows system that has crappy anti-virus/anti-spyware.... otherwise i don't care how good you are... your gonna get taken eventually.
Problem solved.
And these methods no longer keep you safe is what Im trying to say. Again, why not allow those of us who want the extra security to do so?
Oh I'm sorry... did you buy some ISK recently?
Yes because if one were to get compromised they HAVE to be an isk buyer, it cant be something legit like the youtube trojan, simply has to be ineptitude on the persons part. /boggle
You are more than welcome to not like the idea, but dont insult me. ---------------------sig------------------ EvE BeliEvE project. Can a new player compete in EvE? |
Turelus
Caldari 22nd Black Rise Defensive Unit
|
Posted - 2009.06.03 07:43:00 -
[14]
Sounds like a good idea to me, adding that little something to reassure the player is always nice.
|
Fille Balle
Dissolution Of Eternity Ethikos Trade Alliance
|
Posted - 2009.06.03 09:47:00 -
[15]
Hm... could make it optional. Either way, I'm very much pro this. There have been cases of non-isk buyers having their accounts hacked. Face it, this is the only way to make your account 100% bullet proof. If a hacker really wants to, he CAN and WILL get access to your account, unless he's stopped by not having a dongle thingie that has a unique key programmed in to it, or one of those bank'o'internjetsky safe me ho thingemagings whatchamacall'em.
I personally prefer the dongle thing, but either way is fine.
/Signed for more security
|
Another Forum'Alt
Gallente Center for Advanced Studies
|
Posted - 2009.06.03 11:29:00 -
[16]
Forget this, implement Chribba's suggestions for account security instead. BECAUSE OF FALCON. Guide to forum posting |
mazzilliu
|
Posted - 2009.06.03 13:41:00 -
[17]
stuff that makes accounts more secure
MAZZILLIU 2009. CHANGE I CAN IMPOSE ON YOU. |
Elaron
Jericho Fraction The Star Fraction
|
Posted - 2009.06.03 15:54:00 -
[18]
Edited by: Elaron on 03/06/2009 15:54:27
Originally by: Sumnamna At what point do people start to take responsibility for themselves?
I would argue that someone showing willingness to add an additional security measure to their account is being responsible. It is an admission that not everything can be foreseen and taking what seems to be a reasonable step to mitigate against unknown threats.
As long as it is optional, easy to use, and cheap*, I am happy to support this.
* CCP must avoid the situation with the EVE store where postage costs make it prohibitively expensive for people outside North America to buy merchandise from it.
|
Misanth
RABBLE RABBLE RABBLE
|
Posted - 2009.06.03 16:05:00 -
[19]
I don't see an issue with what the OP suggests. It's optional, which is the key. As long as it's not mandatory I suggest it.
Being a MMO-fulltimer since some 7? years now (and employee/gm before that btw), I seen alot of different kinds of security systems. The authenticator is something my sister chose to use in WoW, but while I have an account there I chose to not pick one up. As I said, optional.
There's no downside with this (bar possibly the player losing his authenticator, but if you're careless like that, don't use it), only gains. Supported. - I'd tell you why but then I'll have to kill you. And to kill you I'd have to log in. And to log in I'd have to stop browsing these forums. Both you and me knows that'll never happen. |
Herschel Yamamoto
Agent-Orange
|
Posted - 2009.06.03 17:03:00 -
[20]
As long as this is optional, sounds like a great idea. Giving people the ability to increase their account security if they want to is just fine.
|
|
Verys
The Black Ops Black Core Alliance
|
Posted - 2009.06.03 17:18:00 -
[21]
If it's optional I see why not, but i don't want this to be forced upon players.
|
Sumnamna
Flying Scotsmen
|
Posted - 2009.06.03 20:46:00 -
[22]
Edited by: Sumnamna on 03/06/2009 20:47:44
Originally by: Armon Deacon
I dont understand what you mean by password change scheme. This is an optional layer of security to protect your account that would be on the game client and the website. You would have to have the authenticator to change your password.
Valid Point
Originally by: Armon Deacon
Obviously people are responsible for themselves, but as cyber groups get smarter and smarter, you can fall victim completely innocently. Few months back there was a youtube exploit. Simply watching a youtube link on a blog could infect you with a trojan. This goes beyond the customers responsibility, and starts to fall under simply falling victim to something outside your control..
Again I agree with your logic
Originally by: Armon Deacon
However, I dont understand where you get life of their own. Blizzard has been using this for almost 2 years, it is still 100% optional, not required, and will stay that way. This is something new that few mmo companys have tried, and the two that have, neither have forced it on anyone. So again, I dont see how you can say it leads to forced use.
While Blizzard may have kept it optional, I am too much of a cynic to believe that CCP will do the same thing, I am against people forcing me to do anything, That is my main argument against it.
But I am willing to support this with the caveat that I will be telling you "I told you so" if and when they require it as an additional purchase.
|
Nullshadow
Blue Phoenix Productions
|
Posted - 2009.06.03 21:15:00 -
[23]
I have used various secure key generators extensively for work, and for WoW when I last played it. The extra layer of security is useful and welcome.
Note that in WoW it appeared at times that guild leaders and officers were specifically targeted in order to gain access to guild banks. As EVE gets more popular, and in light of the recent damage done to the alliance formerly known as BoB, the risk of seeing corp/alliance assets/sovereignty cleared out by misuse of a hacked account should give people pause. I hate to contemplate what would have happened had that been a hacked account rather than a wily coup.
I agree that it should not be required though, but rather an additional measure for those that wish to have more security.
|
Armon Deacon
Amarr Rage Quit Inc
|
Posted - 2009.06.04 01:08:00 -
[24]
Originally by: Sumnamna
But I am willing to support this with the caveat that I will be telling you "I told you so" if and when they require it as an additional purchase.
Appreciate the support Sumnamna and I will promptly apologize and accept the tar and feathering should that happen
Appreciate the support everyone is giving this, much more positive comments today. ---------------------sig------------------ EvE BeliEvE project. Can a new player compete in EvE? |
Mara Rinn
|
Posted - 2009.06.04 04:38:00 -
[25]
Something like Yubikey would be easier to implement and provide similar security.
If cryptographic authentication is good enough for government departments, banks and major network providers, surely it should provide some advantage to CCP?
Spend a couple of weeks getting Yubikey authentication working for the game client, web site and forums, save months a year tending to "my account has been stolen" petitions.
|
LaVista Vista
Conservative Shenanigans Party
|
Posted - 2009.06.04 04:44:00 -
[26]
Originally by: Mara Rinn Something like Yubikey would be easier to implement and provide similar security.
If cryptographic authentication is good enough for government departments, banks and major network providers, surely it should provide some advantage to CCP?
Spend a couple of weeks getting Yubikey authentication working for the game client, web site and forums, save months a year tending to "my account has been stolen" petitions.
I already suggested the Yubikey. The upcoming version sounds great.
But either of these solutions work for me.
|
Pyrostasis
Rage Quit Inc
|
Posted - 2009.06.06 00:49:00 -
[27]
Supported, with current technology, you can NEVER have enough security. |
Zeonos
Duty.
|
Posted - 2009.06.07 00:06:00 -
[28]
Edited by: Zeonos on 07/06/2009 00:08:35 Support, i had my wow account "hacked" and i am pretty sure it wasnt my own fault. i use both nod32 antivirus, firefalls on pc and router, and change password regular basis, and it still happened, i haven't found a keylogger on my system after the hack, so i would guess it was brute force, but anyways, and authenticator makes it a lot safer. and should be added as an extra options for players to use.
but for the love of god, please ship to all countries... i paid more in shipping for my authenticator, than for the item it self, which is rather annoying.
and for one of the posters up there somewhere.
my password is 9+ in length, and a combination of mixed numbers and letters, capital and not. i dont share my password with any body, and if i do lend out my account(wow), i change the password first, and set it back right after they are done using it, which is often 5minutes to craft some item. i have a fully updated system, xp sp3, nod32, router firmware. and using firefox + adblock+, and generally know what i am doing online..(web programmer..) |
Pyrinea
Rage Quit Inc
|
Posted - 2009.06.07 08:31:00 -
[29]
Edited by: Pyrinea on 07/06/2009 08:31:23 Couldnt agree more, as long as it is optional, this would be a huge benefit to both consumers as added security and to CCP in reduced petitions.
PLEASE implement this or something similar.
|
Sidrow Mex
|
Posted - 2009.06.07 13:42:00 -
[30]
agreed, today's internet environment makes this kind of tools a must have. |
|
|
|
|
Pages: [1] 2 :: one page |
First page | Previous page | Next page | Last page |