Pages: [1] 2 3 :: one page |
|
Author |
Thread Statistics | Show CCP posts - 0 post(s) |
ChronoSphere
Sturmgrenadier Inc Gentlemen's Club
|
Posted - 2010.01.05 01:15:00 -
[1]
Account hackings seem to occur way too often. Having a physical login token would make those accounts impossible to access by unauthorized people unless they knew the account name, password and had the physical token.
I can't think it would be very hard to do this, as other MMO's have done this already. Has there been any internal discussion about doing this? I would imagine this would help reduce the workload on GM's from having to unravel so many hacked account petitions. -------------- ~Admiral, Commanding Officer Sturmgrenadier, Inc. Join Sturmgrenadier today! |
Leaving Eve
Boo Hoo Federation
|
Posted - 2010.01.05 01:25:00 -
[2]
I would pay five bucks for one. I'm pretty much alright as security goes. I don't find Audrey Bittoni that attractive, and don't buy ISK.
I'd certainly pay five bucks or so for an eve branded USB token though.
|
Intense Thinker
Minmatar
|
Posted - 2010.01.05 02:04:00 -
[3]
I would gladly pay you Tuesday for a hamburger today...
Originally by: a51 duke1406 The girls just dont understand that sunday is pvp night, not cuddle on the couch watching tv night.
|
Magnus Nordir
Caldari Nordir Industries
|
Posted - 2010.01.05 02:06:00 -
[4]
Edited by: Magnus Nordir on 05/01/2010 02:06:27 Change your password to a random 16-character string twice a week. If you're paranoid about keyloggers, use a mouse and onscreen keyboard to enter the password. Problem solved.
NOTE: Hitting the keyboard blindly does NOT produce a random string. While it is high-entropy (though not as much as a dedicated random plucker), it doesn't account for caps and special characters in a meaningful way. It's best to use a dedicated encryption program like TrueCrypt or PGP/GPG, and let it run the random key generator at least overnight. Generating two to three random characters per day is the most secure way to go, since your computer is more likely to do different stuff in the background over a longer period, and that results in more entropy. --------------------------- Only those who surrender are lost |
Leaving Eve
Boo Hoo Federation
|
Posted - 2010.01.05 02:06:00 -
[5]
Originally by: Intense Thinker I would gladly pay you Tuesday for a hamburger today...
This must be above my intellect. Don't get it.
|
Aloriana Jacques
Amarr Royal Amarr Institute
|
Posted - 2010.01.05 02:12:00 -
[6]
You should be aware that the MMOs that have them are able to do it because they get huge bulk discounts that make them affordable right?
I know I'm not going to spend 50$ on a gizmo because they can only expect to sell a few thousand compared to the millions the mmos using it can. - - - Aloriana Jacques - Skill Sheet
|
Gunnanmon
Gallente The Scope
|
Posted - 2010.01.05 02:15:00 -
[7]
Please refrain from posting ideas. The Eve forum isn't the right place for such things. Signature locked for discussing moderation. Navigator
|
Intense Thinker
Minmatar
|
Posted - 2010.01.05 02:22:00 -
[8]
Originally by: Leaving Eve
Originally by: Intense Thinker I would gladly pay you Tuesday for a hamburger today...
This must be above my intellect. Don't get it.
Damn kids today...
Originally by: a51 duke1406 The girls just dont understand that sunday is pvp night, not cuddle on the couch watching tv night.
|
Kia Tor
|
Posted - 2010.01.05 03:14:00 -
[9]
Huh, I must be older than I thought. Didn't think Popeye was that long ago.
|
Benco97
Gallente Shadow Veil Industrial
|
Posted - 2010.01.05 03:18:00 -
[10]
I have heard of these sorts of devices before but not in detail, could someone kindly explain how they work? ______________________________________________
Originally by: P'uck
You're a DUMBASS - bold italic underline at the VERY LEAST.
|
|
AmarrettoDiAmarr
|
Posted - 2010.01.05 03:59:00 -
[11]
Originally by: Benco97 I have heard of these sorts of devices before but not in detail, could someone kindly explain how they work?
It does not have to be a "device" - you can get it as an iPhone app - no new hardware is required.
wikipedia 2FA
Basically the iphone app/key fob generates a new password every say minute. The Server knows what fob is associated with the account so it knows the password of the moment. So if someone intercepts/keylogs the password or intercepts the network or WiFi transmission, it is no longer valid next minute.
Companies with remote logins have been using 2FA for a decade or two (e.g. from RSA) Blizzard has been offering an authenticator for a couple of years. $6.50 IIRC Authenticator for You Know Who |
Benco97
Gallente Shadow Veil Industrial
|
Posted - 2010.01.05 04:06:00 -
[12]
Originally by: AmarrettoDiAmarr
Originally by: Benco97 I have heard of these sorts of devices before but not in detail, could someone kindly explain how they work?
It does not have to be a "device" - you can get it as an iPhone app - no new hardware is required.
wikipedia 2FA
Basically the iphone app/key fob generates a new password every say minute. The Server knows what fob is associated with the account so it knows the password of the moment. So if someone intercepts/keylogs the password or intercepts the network or WiFi transmission, it is no longer valid next minute.
Companies with remote logins have been using 2FA for a decade or two (e.g. from RSA) Blizzard has been offering an authenticator for a couple of years. $6.50 IIRC Authenticator for You Know Who
Ahh, excellent explanation, thank you very much! ______________________________________________
Originally by: P'uck
You're a DUMBASS - bold italic underline at the VERY LEAST.
|
w1ndstrike
Trans-Aerospace Industries
|
Posted - 2010.01.05 06:23:00 -
[13]
Originally by: Magnus Nordir Edited by: Magnus Nordir on 05/01/2010 02:06:27 Change your password to a random 16-character string twice a week. If you're paranoid about keyloggers, use a mouse and onscreen keyboard to enter the password. Problem solved.
NOTE: Hitting the keyboard blindly does NOT produce a random string. While it is high-entropy (though not as much as a dedicated random plucker), it doesn't account for caps and special characters in a meaningful way. It's best to use a dedicated encryption program like TrueCrypt or PGP/GPG, and let it run the random key generator at least overnight. Generating two to three random characters per day is the most secure way to go, since your computer is more likely to do different stuff in the background over a longer period, and that results in more entropy.
you do realize that the on-screen keyboard gets logged just like a regular keyboard? they are both imput sources to the keypress index .DLL file, which is what a keylogger targets. most secure way is to use a non-infected machine
|
Seth Ruin
Minmatar Ominous Corp Cult of War
|
Posted - 2010.01.05 06:30:00 -
[14]
Originally by: AmarrettoDiAmarr
Originally by: Benco97 I have heard of these sorts of devices before but not in detail, could someone kindly explain how they work?
It does not have to be a "device" - you can get it as an iPhone app - no new hardware is required.
wikipedia 2FA
Basically the iphone app/key fob generates a new password every say minute. The Server knows what fob is associated with the account so it knows the password of the moment. So if someone intercepts/keylogs the password or intercepts the network or WiFi transmission, it is no longer valid next minute.
Companies with remote logins have been using 2FA for a decade or two (e.g. from RSA) Blizzard has been offering an authenticator for a couple of years. $6.50 IIRC Authenticator for You Know Who
A simpler solution would be to have optional integration of third-party keys like Yubikeys. Hell they even have a relatively well-documented API and libraries in C and Java.
|
Callista Sincera
Amarr
|
Posted - 2010.01.05 08:14:00 -
[15]
Originally by: Seth Ruin A simpler solution would be to have optional integration of third-party keys like Yubikeys. Hell they even have a relatively well-documented API and libraries in C and Java.
It's not clear on the authentication though. Does it use a token+timebased salt as hash like RSA gizmos or is it just another way to enter a static username/password combo?
Anyway, given the pricing, CCP could probably offer those for less than 15$. Provided they take the time and fix their shops hilarious shipping fees. -
|
Carniflex
StarHunt Systematic-Chaos
|
Posted - 2010.01.05 08:17:00 -
[16]
Why not use just national identity cards ? Many countries have them and they are relatively standardized. It would be optional ofc for all those who love tinfoil hats.
|
Seth Ruin
Minmatar Ominous Corp Cult of War
|
Posted - 2010.01.05 08:26:00 -
[17]
Originally by: Callista Sincera
Originally by: Seth Ruin A simpler solution would be to have optional integration of third-party keys like Yubikeys. Hell they even have a relatively well-documented API and libraries in C and Java.
It's not clear on the authentication though. Does it use a token+timebased salt as hash like RSA gizmos or is it just another way to enter a static username/password combo?
Anyway, given the pricing, CCP could probably offer those for less than 15$. Provided they take the time and fix their shops hilarious shipping fees.
True on them not being clear on the authentication. It does appear to function at least similar to a token+timebased salt. As far as I understand, it generates one-time-use codes which are sent to the server to be authenticated. From the description page: "The YubiKey generates a unique 128-bit code at each authentication event and there is no time window during which two authentication codes are equal. All of the unique codes are encrypted with AES-128 and is then encoded to "readable form", where the resulting string is transmitted in its full length."
There's more information there, but I don't want to stray too far off-topic. In any case, I'm sure there are similar solutions available, but this is the one I have experience with as an end-user (and so I'd love it if CCP implemented it, since I already have the key ).
|
Elena Laskova
|
Posted - 2010.01.05 08:41:00 -
[18]
Anything which uses the same password in your PC more than once is vulnerable to a keylogger.
Any system where a new random (or secret) key is provided outside your PC is much safer. An "authenticator" is a cheap device that supports this, but other methods are possible.
|
JordanParey
Minmatar Suddenly Ninjas
|
Posted - 2010.01.05 08:57:00 -
[19]
Originally by: Intense Thinker I would gladly pay you Tuesday for a hamburger today...
WIMPY WIN
|
Ivana Twinkle
Amarr Polytechnique Gallenteenne
|
Posted - 2010.01.05 09:47:00 -
[20]
Originally by: Intense Thinker I would gladly pay you Tuesday for a hamburger today...
oh how i lold :)
more of this!
|
|
RaTTuS
BIG Libertas Fidelitas
|
Posted - 2010.01.05 09:50:00 -
[21]
I don't think it is worth it then again I've not been hacked
stupid people are stupid having different passwords for the forum / game may be worth it -- | Capital |
Noun Verber
Gallente
|
Posted - 2010.01.05 09:54:00 -
[22]
Originally by: Magnus Nordir Edited by: Magnus Nordir on 05/01/2010 02:06:27 If you're paranoid about keyloggers, use a mouse and onscreen keyboard to enter the password.
Useless if there is a keylogger, because they don't just record actual keystrokes
|
Trathen
Minmatar
|
Posted - 2010.01.05 10:09:00 -
[23]
Make accounts more secure? If we do that, people who deal with ISK sellers regularly won't learn anything. Maybe they can ease GM load with an automated message, "Consider yourself lucky that they didn't take your bank account, too." _ |
Cypherous
Minmatar Liberty Rogues Rally Against Evil
|
Posted - 2010.01.06 01:42:00 -
[24]
Only silly people get their accounts hacked, never had mine hacked in 5 1/2 years i don't buy ISK i don't click dodgy **** links posted in EO forums, darwin at work TBH Rally Against Evil Site |
Niccolado Starwalker
Gallente Shadow Templars
|
Posted - 2010.01.06 02:01:00 -
[25]
Originally by: ChronoSphere Account hackings seem to occur way too often. Having a physical login token would make those accounts impossible to access by unauthorized people unless they knew the account name, password and had the physical token.
I can't think it would be very hard to do this, as other MMO's have done this already. Has there been any internal discussion about doing this? I would imagine this would help reduce the workload on GM's from having to unravel so many hacked account petitions.
I would gladly buy a login token for my EVE account. Just as a precaution. My account = my life
Originally by: Dianabolic Your tears are absolutely divine, like a fine fine wine, rolling down your cheeks until they flow down the river of LOL. |
ChronoSphere
Sturmgrenadier Inc Gentlemen's Club
|
Posted - 2010.01.06 23:13:00 -
[26]
A very kindly bump to our good friends at CCP for a response :) -------------- ~Admiral, Commanding Officer Sturmgrenadier, Inc. Join Sturmgrenadier today! |
Lady Aja
Caldari
|
Posted - 2010.01.06 23:23:00 -
[27]
mean while at the house of a guy who has 10 pc's and 20 accounts...
"WHICH ****ING ONE IS FOR WHAT ACCOUNT!???.. damn that wife for swapping them on aprils fools day"
|
ChronoSphere
Sturmgrenadier Inc Gentlemen's Club
|
Posted - 2010.01.06 23:29:00 -
[28]
That other game allows you to link multiple accounts with one token. -------------- ~Admiral, Commanding Officer Sturmgrenadier, Inc. Join Sturmgrenadier today! |
Armoured C
Gallente Noir. Noir. Mercenary Group
|
Posted - 2010.01.06 23:30:00 -
[29]
problem isnt the cost of the device , but i don't know if u seen the eve store charges for shipping such things
the item itself may only be 7 quid but they probably charge us 30 quid to ship it , and with the way dominion is going at the moment i don't think they need the hassle of something else preventing customers logging in/braking the game
they don't even have the GTC fixed yet.
so tbh it probably more hassle than it worth at the moment.
|
WCPistolPete
Gallente MacroIntel
|
Posted - 2010.01.07 00:09:00 -
[30]
Originally by: AmarrettoDiAmarrIt does not have to be a "device" - you can get it as an iPhone app - no new hardware is required.[/quote
Now I need a token AND an iPhone? Next I'll need an account for the iPhone. WHERE DOES THE MADNESS END? {WC}PistolPete "...going to take a lot of fireworks to clean this place up..." Homer Simpson |
|
|
|
|
Pages: [1] 2 3 :: one page |
First page | Previous page | Next page | Last page |