Pages: 1 2 :: [one page] |
|
Author |
Thread Statistics | Show CCP posts - 1 post(s) |
Victor Vision
Amarr Central Intelligence Service
|
Posted - 2009.09.04 05:20:00 -
[1]
Due to the current threat, and as a general account security update:
- Whenever account password is to be changed, a security pin needs to be entered. (security pins are provided to users via e-mail)
This will not hinder hackers from stealing all your stuffs, but it will hinder them from stealing your account.
best regards, VV
EVE War I-The Beginning - EVE HistoryWiki |
Lori Carlyle
Void Engineers Mass - Effect
|
Posted - 2009.09.04 06:48:00 -
[2]
TBH, I'd love to have that on here.
|
JaseNZ
Gallente
|
Posted - 2009.09.04 07:05:00 -
[3]
I would second this.
The IRC servers I chat on use a similar setup. You change your password, or email address, and it emails your current email address, saying something to the effect of:
"Someone has recently requested a password change for your nickname.
If this was not done by you, please follow this link within the next 72 hours (linky provided) to abort this change.
If this was done by you...you need not take any action."
If CCP could perhaps think of and implement something along those lines, it may cut down on all the petitions they have to deal with in regards to hacked accounts.
A win for them and a win for us.
|
Carniflex
Caldari Fallout Research Fallout Project
|
Posted - 2009.09.04 07:09:00 -
[4]
I think hackers usually change e-mail address before password to prevent you from resetting your password.
Good idea overall, but would need solution also to e-mail change considering that sometimes e-mail you want to change from is no longer available. Ofc if it's not then you can't also klick on the link rejecting the change.
Propably for a start putting e-mail change on your account on 72h timer for a start would be good step in more secure direction.
|
Digital Solaris
|
Posted - 2009.09.04 07:44:00 -
[5]
It is a good suggestion, but at the same time I don't think the "ultimate responsibility" for your account should lie with CCP.
And unless people change their opinion and mindset drastically about the whole subject, it is going to be a pointless implementation because you are always going to have people complaining about how the security arrangements in place hamper their game experience or whatever. |
Zartanic
|
Posted - 2009.09.04 07:47:00 -
[6]
Edited by: Zartanic on 04/09/2009 07:50:10
Originally by: Carniflex I think hackers usually change e-mail address before password to prevent you from resetting your password.
Good idea overall, but would need solution also to e-mail change considering that sometimes e-mail you want to change from is no longer available. Ofc if it's not then you can't also klick on the link rejecting the change.
Propably for a start putting e-mail change on your account on 72h timer for a start would be good step in more secure direction.
If the Email you change is no longer available nothing happens, the new email is activated anyway eventually.
Many sites do this, Id assumed CCP did already.
EDIT: The only issue with all this is that it seems many who are hacked seem bent on ignoring basic common sense and somehow the hackers will fool them into getting round any checks. The gullibility of people is astounding on the web. But it will stop some hacking.
|
Jones Bones
Beyond Divinity Inc Beyond Virginity
|
Posted - 2009.09.04 07:49:00 -
[7]
Stop clicking pron links and/or buying isk.
Problem solved. =================== Go Bucks! |
Tiny Tove
|
Posted - 2009.09.04 08:26:00 -
[8]
Originally by: Jones Bones Stop clicking pron links and/or buying isk.
Problem solved.
So I suppose the solution to insurance is to stop crashing cars and stop getting your house broken in to? Is the solution to the NHS funding to stop getting sick and stop having accidents?
Unfortunately, the "I think therefore you are" doesn't work, never has, never will. Thanks for saying it again though, we always enjoy having somebody with a sense of self superiority coming along and demonstrating the opposite.
|
Rakshasa Taisab
Caldari Sane Industries Inc. Ethereal Dawn
|
Posted - 2009.09.04 08:39:00 -
[9]
Originally by: Tiny Tove
Originally by: Jones Bones Stop clicking pron links and/or buying isk.
Problem solved.
So I suppose the solution to insurance is to stop crashing cars and stop getting your house broken in to? Is the solution to the NHS funding to stop getting sick and stop having accidents?
Then stop driving drunk and don't give out copies of your house key at the worst pub in town... With included map of the house with the location of your most valuable stuff.
|
Leana Darkrider
Minmatar Creatio -ex- nihilo The Donkey Rollers
|
Posted - 2009.09.04 08:54:00 -
[10]
As I agree with all the others that think the responsibility of the accounts lies with the owner it self, and not with CCP, this could be a great feature.
It will not only lower the hacked accounts, but also gives CCP more time to work on Ambulation and / or Dominion ______________________________________ If only EVE could cook, if only.... |
|
Myleena
|
Posted - 2009.09.04 08:56:00 -
[11]
By far the simplest solution is to change the login process so that you only enter 3 characters from your password and not the whole password at a time.
|
Tiny Tove
|
Posted - 2009.09.04 09:02:00 -
[12]
Originally by: Leana Darkrider As I agree with all the others that think the responsibility of the accounts lies with the owner it self, and not with CCP, this could be a great feature.
It will not only lower the hacked accounts, but also gives CCP more time to work on Ambulation and / or Dominion
CCP is the account owner.
|
Heroldyn
|
Posted - 2009.09.04 09:05:00 -
[13]
i dont think the suggested technique would ultimatly help the problem. the 'hackers' could still enter the account (without changing the password), and quickly transfer all the stuff off the characters.
a better solution would be for ccp to compare the ip adresses between logins. if they seem to far between (geolocation), the client could request further action(s) by the player.
|
Tiny Tove
|
Posted - 2009.09.04 09:26:00 -
[14]
Originally by: Heroldyn
a better solution would be for ccp to compare the ip adresses between logins. if they seem to far between (geolocation), the client could request further action(s) by the player.
I'm not sure that's "better" or "worse", what we can be very sure of is, doing nothing to improve security is unacceptable.
I am very sure that my bank would not sit around wondering what to do about this kind of activity, they've already got an access system that has lead to no major breaches yet by simply employing a two password system, one of which is never physically typed in, requiring a potential hacker to go to much greater lengths to acquire the information he needs. I feel that if they had a major breach, they would work round the clock to resolve it by any means. I would actually presume that they have a general solution to account security sat waiting for deployment the moment a solid breach mechanism is discovered.
One would hope that CCP were working on something as we speak, but this problem has been around for several weeks now, and the only thing CCP have so far come up with is a weak warning sign on the forum and announcements about Dust. It's hardly a fitting response to something this serious.
|
Adunh Slavy
|
Posted - 2009.09.04 11:32:00 -
[15]
Originally by: Digital Solaris
And unless people change their opinion and mindset drastically about the whole subject, it is going to be a pointless implementation because you are always going to have people complaining about how the security arrangements in place hamper their game experience or whatever.
Make it opt-in. If you don't want the extra security, then you don' have to have it. Then Darwin can take over.
The Real Space Initiative - V5 (Forum Link)
|
Mara Rinn
|
Posted - 2009.09.04 12:40:00 -
[16]
All browsers have vulnerabilities. Eventually even the most fastidiously security-conscious player is going to experience the horror of a compromised computer.
The main options are: upgrade to Mac OS X or Windows Vista, do your daily work and game playing in a non-administrator account, don't install new software unless you downloaded it from a trusted source yourself, don't allow Flash or Silverlight.
As an extreme example you could switch to a text-only browser, or configure the browser you're using to disable pop up windows, disable images, put an ad-blocker in... any number of countermeasures are available.
The simplest option right at this point in time is not to follow links that go offsite to anywhere except eve-files, eve-search, eve-agents, dotlan, eve-survival, etc. And turn off images, turn off Flash, turn off Silverlight. None of that stuff is actually necessary to use the web.
[Aussie players: join channel ANZAC] |
Darth Skorpius
Crystalline INC Dead End Society
|
Posted - 2009.09.04 13:10:00 -
[17]
Originally by: Tiny Tove
Originally by: Jones Bones Stop clicking pron links and/or buying isk.
Problem solved.
So I suppose the solution to insurance is to stop crashing cars and stop getting your house broken in to? Is the solution to the NHS funding to stop getting sick and stop having accidents?
Unfortunately, the "I think therefore you are" doesn't work, never has, never will. Thanks for saying it again though, we always enjoy having somebody with a sense of self superiority coming along and demonstrating the opposite.
you cant liken this to insurance. the problem here is ******s and idiots clicking on random links from dodgy looking characters and then having thier stuff stolen. irl, is someoen wants to crash thier car into another, then the person who got crashed into by the idiot is gonna be ****ed and there was nothign they coudl do to stop it, they were just the unlucky one whereas the "victims" of the keylogging and hacking attacks are just victims of thier own stupidity adn are stupid enough to try and blame ccp. that woudl be like me blamign my insurance company if you crashed your car into me just for the hell of it ______________________________________________ Waiting for some random to make me a new sig |
Gunnanmon
Gallente UNITED STAR SYNDICATE
|
Posted - 2009.09.04 13:11:00 -
[18]
Originally by: Tiny Tove
Originally by: Jones Bones Stop clicking pron links and/or buying isk.
Problem solved.
So I suppose the solution to insurance is to stop crashing cars and stop getting your house broken in to? Is the solution to the NHS funding to stop getting sick and stop having accidents?
Unfortunately, the "I think therefore you are" doesn't work, never has, never will. Thanks for saying it again though, we always enjoy having somebody with a sense of self superiority coming along and demonstrating the opposite.
That's him told. Signature locked for discussing moderation. Navigator
|
Sidus Isaacs
Gallente
|
Posted - 2009.09.04 13:20:00 -
[19]
I find the best solution is not to be stupid, no serriously.
If you click on a link to "naked girls" posted by a user on these forums wiht a stupid name. What do you expect? Do you really expect ****? If you are that dense, you deserve it.
And about security, just run a fire wall and a light anti virus, and use common sense. Its not hard people, adding these arbitrary changes becuse some fools lost their accounts (most lily buying RL isk I would think) makes no sense to me. --------------------------------------------------------------------------------
http://desusig.crumplecorn.com/sigs.html |
Tiny Tove
|
Posted - 2009.09.04 13:30:00 -
[20]
Originally by: Darth Skorpius you cant liken this to insurance.
What would you have preferred I liken it to?
Seatbelts? Shall we take away seatbelts? Is seatbelts ok to liken it to? There are hundreds, no thousands, no millions of things that are put in place to keep a majority of people safe from hazards they do not even know about. Should we do away with material handling regulations and just trust that people won't do anything stupid with poisons?
Do you think you're infallable and will never once get a problem rooted in the basic fact that you simply did not know about something?
Are you aware of every single danger you will ever face in your entire lifetime?
|
|
Mara Rinn
|
Posted - 2009.09.04 14:02:00 -
[21]
It may also be worth following the discussion about multifactor authentication in the Assembly Hall. [Aussie players: join channel ANZAC] |
Jones Bones
Beyond Divinity Inc Beyond Virginity
|
Posted - 2009.09.04 14:06:00 -
[22]
Yes yes! We must do everything in our power to protect people from their own stupidity!
No other MMO has any kind of ridiculous login process. =================== Go Bucks! |
Tiny Tove
|
Posted - 2009.09.04 14:20:00 -
[23]
Originally by: Jones Bones Yes yes! We must do everything in our power to protect people from their own stupidity!
No other MMO has any kind of ridiculous login process.
Except the biggest one in the world.
God I don't even know why I bothered.
|
T'ealk O'Neil
|
Posted - 2009.09.04 14:44:00 -
[24]
Edited by: T''ealk O''Neil on 04/09/2009 14:45:46
Originally by: JaseNZ I would second this.
The IRC servers I chat on use a similar setup. You change your password, or email address, and it emails your current email address, saying something to the effect of:
"Someone has recently requested a password change for your nickname.
If this was not done by you, please follow this link within the next 72 hours (linky provided) to abort this change.
If this was done by you...you need not take any action."
If CCP could perhaps think of and implement something along those lines, it may cut down on all the petitions they have to deal with in regards to hacked accounts.
A win for them and a win for us.
Bloody forum! deleting my initial reply! grr
Anyway...
This would be the best way of implementing it, but most of the people stupid enough to fall foul of these keyloggers probably have the same password on their email accounts, so the hacker would just change their email password first.
|
Jarna
Amarr Exhumer Industries
|
Posted - 2009.09.04 18:44:00 -
[25]
Both WoW and FFXI have implemented teh random number input code system.
This was suggested for EVE when WoW first launched this feature. Problem is, most people flamed it because they said it would just give the ISK buyers security, making them even more bold and ruining the economy even more by easily obtaining illegal ISK.
In the one way that I have it for my currently canceled WoW account, (yes I canceled it 2 weeks ago after not playing for 6 months), and wouldn't necessarily mind seeing it here for my own sense of security, I can see how many people, and CCP, would prefer it not to be here so that EULA offenders don't get off easy by illegally buying ISK from farmers.
However, it would clear the petition queue some and clean the "OMG My account has been hacked, no response from CCP for 5 weeks, please help me" forum posts in EVE General Discussion.
|
Seltius
|
Posted - 2009.09.09 15:08:00 -
[26]
Originally by: Tiny Tove
Originally by: Jones Bones Yes yes! We must do everything in our power to protect people from their own stupidity!
No other MMO has any kind of ridiculous login process.
Except the biggest one in the world.
God I don't even know why I bothered.
I have to agree with Tiny on this one. Having played WoW and spoken with people that used this. It deffinately was a good idea.
There is no sure way to prevent theft of your account since its not just the **** or isk seller links that could hide loggers. It could be any link here.
Only way to make it harder is enhanced security by CCP. Up to date Virus scan software. Also for people to be more aware of the links they are going to and caution.
|
Jarna
Amarr Exhumer Industries
|
Posted - 2009.09.09 16:39:00 -
[27]
Originally by: Seltius
Originally by: Tiny Tove
Originally by: Jones Bones Yes yes! We must do everything in our power to protect people from their own stupidity!
No other MMO has any kind of ridiculous login process.
Except the biggest one in the world.
God I don't even know why I bothered.
I have to agree with Tiny on this one. Having played WoW and spoken with people that used this. It deffinately was a good idea.
There is no sure way to prevent theft of your account since its not just the **** or isk seller links that could hide loggers. It could be any link here.
Only way to make it harder is enhanced security by CCP. Up to date Virus scan software. Also for people to be more aware of the links they are going to and caution.
I have had the same WinXP system running for 2.5 years. No viruses, no spyware. And it's not like I've never been to shady sites. It MOSTLY IS ISK selling sites that will install keyloggers. This sort of stuff is totally avoidable by the person themselves.
|
Ukucia
Gallente The Scope
|
Posted - 2009.09.09 17:56:00 -
[28]
Originally by: Myleena By far the simplest solution is to change the login process so that you only enter 3 characters from your password and not the whole password at a time.
You do realize they keylog every login, right?
So your solution would require them to log 3 logins, on average.
|
Professor Tarantula
Hedion University
|
Posted - 2009.09.09 17:59:00 -
[29]
Edited by: Professor Tarantula on 09/09/2009 18:04:10 All you'd be doing is causing them to steal people email accounts too. They can log every password entered, not just the EVE one.
|
true sight
|
Posted - 2009.09.09 18:03:00 -
[30]
Originally by: Victor Vision Due to the current threat, and as a general account security update:
- Whenever account password is to be changed, a security pin needs to be entered. (security pins are provided to users via e-mail)
This will not hinder hackers from stealing all your stuffs, but it will hinder them from stealing your account.
best regards, VV
Obviously not as simple as you think.
So, Victor Vision, you just couldn't say no to the chance of some naked pics, because they are so hard to find and you have found yourself keylogged.
Some nasty people now know your username/password. Due to this amazing idea by some guy called Victor Vision, they can't change your password because they need a pin-number, which they are yet to keylog. So instead, they just log into your account and take your ISKie's, sell all your stuff etc anyway.
At the end of the day, you ask the simple question: Why do they 'hack' accounts? is it because they can't afford to pay their own subscriptions? or is it because they want all your items and ISK? yes, if you hadn't guessed its the latter, your suggestion does not have any effect on this, so how in any way shape or form does it discourage these people from doing it in the first place? --------------------------------------
True Sight President Foiritan Emissary --<<!SUPPORT DRONES!>>--
|
|
Ukucia
Gallente The Scope
|
Posted - 2009.09.09 18:08:00 -
[31]
Originally by: Victor Vision Due to the current threat, and as a general account security update:
- Whenever account password is to be changed, a security pin needs to be entered. (security pins are provided to users via e-mail)
This will not hinder hackers from stealing all your stuffs, but it will hinder them from stealing your account.
best regards, VV
So what happens when the "hacker" changes the email, then changes the password? He gets the email, enters the pin, and completely bypasses your security.
|
true sight
|
Posted - 2009.09.09 18:14:00 -
[32]
Originally by: Myleena By far the simplest solution is to change the login process so that you only enter 3 characters from your password and not the whole password at a time.
Unfortunately this means it would just take them longer to get peoples passwords, not prevent, it would also make most people much more careless 'lol they can't get my password' and thus, would only have a short-term effect at the start and no real lasting effect, it also has no effect on idiots stupid enough to fill out phishing emails, websites, 'you've won something!' promotions etc and just handing over their details, these people are unfortunately, extremely hard to protect.
The problem is risk you see.
1) I run around on the internet, stealing credit cards and paypal accounts Best Outcome: I make lots of real-world money Worst Outcome: I get arrested and spend many years in prison
2) I run around on the internet, stealing MMORPG X's user accounts, taking all their items and selling them for real-world money Best Outcome: I make lots of real-world money Worst outcome: I make some real-world money
anything anyone can suggest on here has been suggested before by someone else, on this or another MMO and ultimately has already been taken into consideration by dozens of different MMO's developers but look, every single one still has problems. If it really was as simple as a bunch of random net-gamers all keep claiming it was over the years, the whole issue would have been stopped entirely by now.
There are lots of idea that would partially or temporarily work, but its much harder to come up with a lasting effect, lets summerise the most common suggestions (from various mmo's)
- Stop Trial Accounts Trial accounts generate business for all MMO's, stopping or further restricting these does nothing but shoot your own company in the foot, they would just do more on hacked accounts
- Block 'china' (or any country/location/subnet) or whatever Surprise, not all gold farmers are from China, any sort of IP block would mean they'd just switch to a proxy, block the proxy and they'll swap to another, block that and they'll start tunnelling through a private network etc etc. At the end of the day, they don't get stopped, every so slightly slowed down, but it takes tons of development time
- Partial passwords/pincodes/security questions etc Has no effect on phishing, scams, etc, just slows down (not prevents) keyloggers and adds an inconvenience to all customers
- Authenticators (WoW) Great, 100% effect.. most people don't even think of getting one until AFTER they are hacked, the clever people that do invest are also security concious and these act as an additional layer of security. Most people will keep getting hacked
- Security X (lets say, MAC Address locks) things like hardware identification are great, until your hardware breaks, then you need a process to disable/update/reset this super-security method and any such method could be used by said hackers.
At the end of the day, pleas please understand that it really isn't as simple as you think it is, and that pretty much anything you (not directed at quoted post specificaly, more anyone reading this) come up with has already been thought of and binned. --------------------------------------
True Sight President Foiritan Emissary --<<!SUPPORT DRONES!>>--
|
KaarBaak
Minmatar Squirrel Team
|
Posted - 2009.09.10 00:10:00 -
[33]
So you're saying what? We're done? We've peaked in terms of Internet login security? There's no reason to discuss improvements because as a species we will never be able to get our little pea-sized brains to think of a better, acceptable way?
That's kind of depressing.
KB KB
Beware the beast Man, for he is the Devil's pawn. Alone among God's primates, he kills for sport or lust or greed. Yea, he will murder his brother to possess his brother's land. |
Zartanic
|
Posted - 2009.09.10 00:39:00 -
[34]
Edited by: Zartanic on 10/09/2009 00:43:31
Originally by: KaarBaak So you're saying what? We're done? We've peaked in terms of Internet login security? There's no reason to discuss improvements because as a species we will never be able to get our little pea-sized brains to think of a better, acceptable way?
That's kind of depressing.
KB
I think he is saying, and I agree, is the only real security is common sense which is sadly lacking in some people. I've known many players who have been hacked although not in EVE and every story I heard its the same old 'I thought it was safe' or 'it seemed genuine'
And in WOW the security keys were bought by those who were unlikely ever to get a logger anyway, it was just a nice money spinner. That would only work if everyone had to have one.
Ultimately until there is a system of eye checks or DNA analyses some players have extreme risk of being hacked and there is little that can be done about it except what has been done already.
If I were CCP Id be very annoyed at those who are lax with security and ban them. They must take up a very disproportionate amount of time. They are a risk to everyone as thy are the sort of player who posts infected links ingame, sends to friends and posts on forums. Maybe some software which reports to CCP where basic security is on the client computer would help. Without that you can't play. There are players who get caught out despite everything but they are rare.
|
nekolove
Eve University
|
Posted - 2009.09.10 01:11:00 -
[35]
To use the e-mail as authenticator for changes on the account information is a bad idea. Because we are speaking about keylogger attacks, and there is a high chance the attacker will get both the game password and email password in many cases. This solution is *something*, at least, but it is bad for keylogger. So let's try to keep it out of the reach of keyloggers.
Today you have other authenticator systems: mobile phone, code generators key-rings, codecard tables. And you can mix this with the login system, not just the account support.
Proper account data for identification of the real owner is also important, so if you have a bogus name and address, go change it now.
|
Catherine Frasier
|
Posted - 2009.09.10 01:29:00 -
[36]
Edited by: Catherine Frasier on 10/09/2009 01:33:50
Originally by: Tiny Tove God I don't even know why I bothered.
I think the better question is "Why are you listening to them?" No matter what you suggest here, no matter how good or useful the idea, some people will immediately leap into the thread and call both you and your idea stupid. They will tell you that if people were smarter, braver, tougher, better then your idea wouldn't be needed at all, that, by extension, the "problem" only affects the stupid, the cowardly, the weak and the lame and screw them. Darwinism blah blah blah. Apparently the point we are to gather from all this chest pounding is that they, clearly, must be uberwarriors.
Do what I do, ignore them.
Better account security would be welcome.
|
Janice Jankowski
|
Posted - 2009.09.10 02:17:00 -
[37]
Don't the spammers steal your stuffs and leave your password?
|
Vaneshi SnowCrash
|
Posted - 2009.09.10 03:03:00 -
[38]
In a recent (last year or so) article a news paper went around Waterloo station in London and offered people choccy bars for their corporate login details.
Most people handed them over.
For a chocolate bar.
Imagine the hoops they'd jump through to get ****. It won't help.
|
Cornaris
|
Posted - 2009.09.10 03:18:00 -
[39]
Most people use the same password for their e-mails as they do everything else on the internets.
OP's suggestion fixes nothing.
The sooner everyone gets their heads out of their asses, and realizes that security begins with YOU, not ccp, not your browser, not your isp.... YOU.
The illusion of security is more dangerous than being unsecured. Period.
Heres the first step in helping you help yourself... http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx
Learn how to internets, or send me your computer so i can charge you $100 to fix your ignorance and stupidity.
|
|
CCP Applebabe
|
Posted - 2009.09.10 06:05:00 -
[40]
Moved to " Features & Ideas Discussion ".
Applebabe Community Representative CCP Hf, EVE Online Contact us |
|
|
|
|
|
Pages: 1 2 :: [one page] |