Pages: [1] :: one page |
|
Author |
Thread Statistics | Show CCP posts - 0 post(s) |
Niccolado Starwalker
Gallente Shadow Templars
|
Posted - 2010.01.09 11:37:00 -
[1]
Not long ago we had lots of hackers flooding the forums wit Wii Sex toys. And although that seems to have been stopped for the moment, threads on the forums indicates accounts still being breached. I wont judge wether this is the players obvious fault or being innocent. I just notice the need for a login token.
There are many reasons for it.
1. It is preventive, leading maybe to less attack on the game, seeing its better protected. 2. It saves the players the annoyance and problems being robbed. Better secured account means a happier player. At least I would be. 3. Saves CCP investigation time, which ofcource means CCP saves money. 4. Seeing the game will possibly be a very long lived one compared to other, it will be a long time investment too
Now, I dont know how much this would cost CCP. But most players I think would be more than happy to buy one for 6-10 dollar. Particularily in the view that theres not many games that have more dedicated players, not to mention that the average time they stay with the game is way longer than they stay with other online games. And when you count in money saved on investigations, the GM work force could be spent on helping the players rather than investigating.
What you think?
It would also be fun with some input from CCP, but I guess you are all having your weekend now?
Originally by: Dianabolic Your tears are absolutely divine, like a fine fine wine, rolling down your cheeks until they flow down the river of LOL. |
Mr Cleann
|
Posted - 2010.01.09 12:06:00 -
[2]
I have no idea what you mean by a login token. let alone what one is. However if it enhances my accounts and dont involve me giving up an arm or a leg i am in favor of it. Please elaborate.
|
Niccolado Starwalker
Gallente Shadow Templars
|
Posted - 2010.01.09 12:32:00 -
[3]
Edited by: Niccolado Starwalker on 09/01/2010 12:32:57
Originally by: Mr Cleann I have no idea what you mean by a login token. let alone what one is. However if it enhances my accounts and dont involve me giving up an arm or a leg i am in favor of it. Please elaborate.
A login token is a small independent electronic password generator much used by netbanks around the world. You enter for example a 4 digit number (static) and each time enter this number you get a different 6 digit number back. This you enter instead or in addition to your current game password.
Since you dont know the game password anymore seeing to it change every time you use the pin key generator, you cant actually as easily get hacked anymore. If someone is snappping up the entered 6 digit key when you are logging in, it does not matter seeing its a one time use only. next time you need to enter a new 6 digit code.
Ofcource the 4 digit pincode you use on the pin key generator is a different matter, but since this key generator is not connected to the PC you cant get keyloggers in it, and as such is protected against most hackers.
This is what I hope to see CCP introduce
Safty for a small ammount of cash.
My account = my life
Originally by: Dianabolic Your tears are absolutely divine, like a fine fine wine, rolling down your cheeks until they flow down the river of LOL. |
Mr Cleann
|
Posted - 2010.01.09 12:43:00 -
[4]
That sounds like a good idea as it would definately enhance the security. When I was in the military we had to use a password to gain access to certain physical sites like the armory. Each day that p/w would change to something new. So I am definately familure with the that plan you mention. It could definately save a lot of headaches. Hope the powers that be do some serious looking in to this.
|
Thera Romana
|
Posted - 2010.01.09 12:52:00 -
[5]
I would prefer a USB hardward token over a software token.
|
Niccolado Starwalker
Gallente Shadow Templars
|
Posted - 2010.01.09 12:56:00 -
[6]
Originally by: Thera Romana I would prefer a USB hardward token over a software token.
It must be a token totally independent from the PC. An item you cant change or tamper with. Otherwise we will soon see 1.) people who mess up their tokens and end up having to petiton it to get back to the game and 2.) make it easier to crack and hack etc. After all the unit being completely independent from the PC is the major point with the token.
Originally by: Dianabolic Your tears are absolutely divine, like a fine fine wine, rolling down your cheeks until they flow down the river of LOL. |
Salah Paranah
|
Posted - 2010.01.10 05:30:00 -
[7]
Edited by: Salah Paranah on 10/01/2010 05:32:02
Originally by: Niccolado Starwalker Edited by: Niccolado Starwalker on 09/01/2010 12:32:57
Originally by: Mr Cleann I have no idea what you mean by a login token. let alone what one is. However if it enhances my accounts and dont involve me giving up an arm or a leg i am in favor of it. Please elaborate.
A login token is a small independent electronic password generator much used by netbanks around the world. You enter for example a 4 digit number (static) and each time enter this number you get a different 6 digit number back. This you enter instead or in addition to your current game password.
Since you dont know the game password anymore seeing to it change every time you use the pin key generator, you cant actually as easily get hacked anymore. If someone is snappping up the entered 6 digit key when you are logging in, it does not matter seeing its a one time use only. next time you need to enter a new 6 digit code.
Ofcource the 4 digit pincode you use on the pin key generator is a different matter, but since this key generator is not connected to the PC you cant get keyloggers in it, and as such is protected against most hackers.
This is what I hope to see CCP introduce
Safty for a small ammount of cash.
My account = my life
So your saying that the process related to keeping my account secure should be left to someone else rather than myself? Account management and security should be left to the account holders, and if a breach is made, investigated and resolved by CCP.
How would this require 'less' investigation on CCP's part?
How would a 4 digit key with a 6 digit random return be any different than entering your password and running it through a hash mechanism?
Also it seems like your saying that every time I want to log into my game, i have to enter something different each time, how am I going to get it? Wait for the client to generate it? Then CCP has to fix it all the time because hackers are creating key generators, much the same way serial numbers are cracked.
edit: and just to be fair, regardless of how security is implemented theres always - always - going to be someone that breaks it, you think net banks are secure? maybe better than an average website, but it doesnt mean they can't be hacked.
|
Niccolado Starwalker
Gallente Shadow Templars
|
Posted - 2010.01.10 08:16:00 -
[8]
Originally by: Salah Paranah So your saying that the process related to keeping my account secure should be left to someone else rather than myself? Account management and security should be left to the account holders, and if a breach is made, investigated and resolved by CCP.
Yes and No. We are speaking about a electronic key generator prefabricated by CCP, coded up to your account. When you receive the item, you can only utilize the item to access the account. You do this by enter the 4 key code and you receive from the key generator a 6 key number back. This 5 key you use to log on to your account. So the key is generated by the generator. That way if someone keylogg your computer and get the 6 key password, they wont be able to utilize it to log on to your account since its a one time use only. And you used that password when you logged in; and the time the keylogger logged it. But since they cant keylogg your key generator seeing to its a independent item from the PC and a unit you cant tamper with yourself either, the password is safe. As long you keep your key generator and the following password to utilize it safe.
Originally by: Salah Paranah How would this require 'less' investigation on CCP's part?
Theres not a day I have seen on the forums or heard on the forums someones account have got hacked. Now, seriously, the hack usually never happen because CCP is sloppy or slacked with security. It usually happends because the player have been unavare of a keylogger on their computer. Or have given their password to someone helse who used it (not possible anymore with a keygen..) to rob the players account, or by other means. This will be reduced drastically seeing you cant give away your account information anymore unless you give them the keygen and password! Any keylogging will not have an effect on your account anymore.
Originally by: Salah Paranah How would a 4 digit key with a 6 digit random return be any different than entering your password and running it through a hash mechanism?
Most hacks on account happens because sloppyness. Keylogging for example. Can an account be breached? yes. But not as easy anymore!
Originally by: Salah Paranah Also it seems like your saying that every time I want to log into my game, i have to enter something different each time, how am I going to get it? Wait for the client to generate it? Then CCP has to fix it all the time because hackers are creating key generators, much the same way serial numbers are cracked.
Yes, you will have to use a keygen to access your account. When it comes to serialnumber generators it is a serial number which works on all copies of the program. And you need to apply it once. Here you have a unique key tied to your account. That means the keygen wont work on other accounts. So the hacker needs to find the hash to your specific account. Much harder than your current password. And who say it only needs to be a numeric string? Maybe the keygen can give numbers and letters too?
edit: and just to be fair, regardless of how security is implemented theres always - always - going to be someone that breaks it, you think net banks are secure? maybe better than an average website, but it doesnt mean they can't be hacked. Anything can be hacked. Even Pentagon have been hacked. But you need superior specialists and lots of lots of time. Which is not worth the time for the ISK sellers. They in it for the business right? So can it be hacked? Sure. But I am very sure we would see wayy less attacks. After all, its the same function used by banks.
Originally by: Dianabolic Your tears are absolutely divine, like a fine fine wine, rolling down your cheeks until they flow down the river of LOL. |
AmarrettoDiAmarr
|
Posted - 2010.01.10 08:29:00 -
[9]
This is a relatively common request; the latest I saw was CCP, can you implement a login token?
This is a common way to increase security and has been for a couple of decades. The people I know who work for a large company and have remote access all use something like this. I think the desire for this will continue to grow.
However, there is considerable opposition. Some people just don't like change; some people believe that the majority of people who get hacked were buying ISK, or at least did something quite stupid. While I believe that there are more ways your EVE machine gets infected than just visiting ISK sites. I.e., lots of opinions, few facts.
My biggest resistance is that the dongle might tend to elope with my where-the-hell-is-my remote and I will have to keep looking in and under couches and such.
The rumor is that Bl*zz*rd is thinking of making the authenticators mandatory. This will pressure the other game companies to at least think about it. Although, that would cause some here to reflexively resist it solely on that basis.
Originally by: Salah Paranah
How would this require 'less' investigation on CCP's part?
Since each password is only valid for a few minutes, using a compromised machine with a keylogger would do the crooks little good. It doesn't have to be something sophisticated like a zero-day exploit getting a keylogger on your system; it could just be a "friend" or fellow WiFi user looking at you typing the password. Knowing that someone logged on yesterday with password 676f6f6e would not help with logging in now. So there would be far fewer hacks, and thus fewer investigations
Originally by: Salah Paranah
How would a 4 digit key with a 6 digit random return be any different than entering your password and running it through a hash mechanism?
Also it seems like your saying that every time I want to log into my game, i have to enter something different each time, how am I going to get it? Wait for the client to generate it? Then CCP has to fix it all the time because hackers are creating key generators, much the same way serial numbers are cracked.
It is the "two" in 2FA; the password comes from something independent of and unconnected to your PC; be it an RSA "dongle", an iPhone app, a list of 50 numbers printed on a card. An overly simplistic example: the CCP server, but not the client or customer, knows that user Nicco has dongle #1536 and can then compute what password that dongle would generate at any login time. No matter how infected or stolen the PC is, you can't access EVE without also having access to the dongle.
tl;dr: good idea. I doubt CCP ever does anything about it. |
Cecilia Syal
Minmatar
|
Posted - 2010.01.10 08:46:00 -
[10]
I could see them doing it, if it was optional and you paid for the device on their eve-store, and then enabled it on account with a small activation fee (cause it would mean a lot more possibility's of petitions cause of account problems logging in etc.) maybe a 20$ device and 10$ activation.
|
|
Seth Ruin
Minmatar Ominous Corp Cult of War
|
Posted - 2010.01.10 09:02:00 -
[11]
I'd like to add my voice to those supporting 2FA in general, but make the same suggestion I made in the other thread: I really like the YubiKey solution. It's cheap, simple, effective, and best of all, used in a number of other services and applications already So instead of "this thing I got for EVE," it's "this thing I got for multiple secure services or applications."
|
Niccolado Starwalker
Gallente Shadow Templars
|
Posted - 2010.01.11 13:00:00 -
[12]
Some fuel for the idea of introducing a Login token for EVE online..
Originally by: Dianabolic Your tears are absolutely divine, like a fine fine wine, rolling down your cheeks until they flow down the river of LOL. |
Ti'anla
Minmatar NOVA Innovations Inc.
|
Posted - 2010.01.11 14:58:00 -
[13]
Count me in on this one, as long as it's optional.
If it were enforced, that'd cut into the size of the playerbase to an unhealthy degree, but if players worried about their account security could reinforce like this if they so choose, I think it'd actively boost the number of incoming players.
|
Regat Kozovv
Caldari Alcothology
|
Posted - 2010.01.11 15:37:00 -
[14]
An optional hardware token would be great.
Not sure if it was linked in here, but when people think hardware tokens, most of the time it's in reference to RSA's implementation.
|
Daedalus II
|
Posted - 2010.01.11 16:14:00 -
[15]
Why not just make it a mobile phone java app? Most mobile phones today can run simple java programs. This way anyone can get improved account security without having to pay anything extra.
|
Aerin Cloudfayr
the evil ones
|
Posted - 2010.01.11 16:30:00 -
[16]
Actually....anyone remember X-wing and TIE Fighter? To login to the game you needed the manual - you needed to go to a certain page and get the code on that page. or other systems, that had you enter a word on a certain line etc etc - perhaps this system could be used, and tied into the Eve Item Database? Or better yet, the forums - something so mercurial as to be unpredictable :D
"What is the name of the 16th forum poster in the topic "Wanted: Game login token" haha
probably not really secure though, but something along those lines... :P
|
|
|
|
Pages: [1] :: one page |
First page | Previous page | Next page | Last page |