EVE Search - simple way CCP could protect users from hacking

All Channels

Player Features and Ideas Discussion

simple way CCP could protect users from hacking

» Click here to find additional results for this topic using Google

Monitor this thread via RSS [?]

Pages: [1] :: one page
Author	Thread Statistics \| Show CCP posts - 1 post(s)
Ephemeron Retribution Corp. Initiative Associates	Posted - 2010.02.26 20:41:00 - [1] Most of the "hacking" cases involve stealing of the user account name and password - especially when those words are used on web sites. CCP should take a careful look at how online banking industry deals with security. I don't know all the details, but the concept is simple: Users can be asked to select several security questions and their answers for them, such as "what is your favorite food". Then CCP can keep track of a list of IP address that the player uses to login to server. When server detects new IP, it can prompt the player to answer a couple of those security questions. Since IPs are not likely to change every day, user is not inconvenienced much. In case the player fails to answer security questions wrong, he would have to contact GM or try again after an hour or so. Again, I don't know the exact details of how the banks do it, but they do it well. To allow smooth transition to enhanced security, these features could be made optional to existing players, not requirements.
Lork Niffle Gallente External Hard Drive	Posted - 2010.02.26 20:48:00 - [2] Originally by: Ephemeron Since IPs are not likely to change every day, user is not inconvenienced much. Most of the UK is based on dynamic IP, unless you buy a web hosting pack your IP will refresh in the early morning each day. ------------------------------------- The system issues man.
Roo Roo	Posted - 2010.02.26 20:49:00 - [3] Edited by: Roo Roo on 26/02/2010 20:49:54 Edited by: Roo Roo on 26/02/2010 20:49:41 Research static versus dynamic IP addresses. EDIT: Lork beat me to it.
Gwendion Gallente Bladed Moon One Stop Research	Posted - 2010.02.26 20:53:00 - [4] Or they could do what Wow does. They have cheap RSA-type keys you can use for password generation. I think that would solve 99% of all those problems. (Though Im pretty sure the ones WoW uses aren't RSA, as those are bloody expensive) Hint to CCP: Get RSA token :P Or allow us to use our own? Hmm -----------------------------------
bff Jill	Posted - 2010.02.26 21:12:00 - [5] i wish i had a dynamic IP address. The internet is more fun when you have one of those.
deathscyth76 Caldari Third Return Inc. Consortium.	Posted - 2010.02.26 21:13:00 - [6] So, Have you actually worked with RSA keys, at all? Or you you just talking out your ass? ------------- All I want is for the rocks to LOVE ME. "Goonswarm was always going to go out in a blaze of hilarious incompetence, trolling and noise."
Gorki Andropov THIS IS GAME	Posted - 2010.02.26 21:13:00 - [7] Originally by: Ephemeron I don't know all the details Roger, Captain. ----------------------------------------------- "I have not problem with prostitute, but the kiddy dools is to much for me" - Orcan
Furb Killer Gallente	Posted - 2010.02.26 21:45:00 - [8] Quote: online banking Quote: Users can be asked to select several security questions and their answers for them, such as "what is your favorite food". Which bank do you use again? Just want to make sure i never will use such a terrible one.
Ephemeron Retribution Corp. Initiative Associates	Posted - 2010.02.27 00:52:00 - [9] Ok I didn't expect so much negativity for trying to secure your accounts. I realized there is an alternative to using IP identifier - since it can change easily with dynamic IP. There are identifiers specific to your computer. The simplest way is to create a cookie file, something in your cache. So when someone else accesses your account from different computer, it wouldn't have a matching cookie file and would need to go thru extra security checks. There are also MAC addresses and windows license keys that could be used. The security questions themselves don't need to be anything complicated at all. No need to mock the "what is your favorite food" question. It's just a trigger question for 2nd password that is rarely used and thus much harder for hacker to obtain with keylog or website phishing.
AS lordyx	Posted - 2010.02.27 01:20:00 - [10] some banks in uk use a calulator and chip and pin card, to make the number up, other use a code which you enter "something from 8 to 15 letters long but you have to pick 3 letters from the code you enter, the difference being you cant type it. you have to pick them from a drop down list of the 26 letters and 10 numbers available. other options are rsa style keys, second passwords, vpn links, usb card readers with mifare smart cards ( like london underground ), mag swipe.
Daelorn	Posted - 2010.02.27 01:25:00 - [11] If they can get past "What is your password?" then whats the point of a few more questions? Thats why what Blizzard has works.
Lord Dralos	Posted - 2010.02.27 01:33:00 - [12] i think we all see what your trying to do with the suggestion of using ip, mac codes etc but im probably not alone in this i have more than one comp and also have mobile broadband so i can still play eve on laptop when away from home so use of these options for security wouldnt be a good option. one of the best options ive come across for security is for the creation of a master account thats used for billing and the likes and the normal account to log into game.
De'Veldrin Minmatar Special Projects Executive The Obsidian Legion	Posted - 2010.02.27 02:04:00 - [13] Edited by: De''Veldrin on 27/02/2010 02:06:16 Originally by: deathscyth76 So, Have you actually worked with RSA keys, at all? Or you you just talking out your ass? We use RSA SecurID fobs to access the VPN at my office. They're actually pretty slick and dead easy to use. Originally by: Ephemeron Ok I didn't expect so much negativity for trying to secure your accounts. I don't think anyone here is negative towards the idea of protecting their internet spaceships - but your idea is horrible man. "What is your favorite food?" Seriously? If I just guessed pizza I could get into the account of half the teenage players right off the bat. --Vel Forum Mom: Spanking the snot out of little brats.
Cat o'Ninetails Rancer Defence League	Posted - 2010.02.27 02:29:00 - [14] Originally by: bff Jill i wish i had a dynamic IP address. The internet is more fun when you have one of those. yeah lol i have had my ip address for about three years
Gad'ui	Posted - 2010.02.27 02:41:00 - [15] having a floating IP is so nice, I wish that was required by law or something for ISPs to do.

CCP Applebabe	Posted - 2010.02.27 03:44:00 - [16] Moved from EVE General Discussion. Applebabe Community Representative CCP Hf, EVE Online Contact us

Mike C Caldari Ipuvaepe Industries	Posted - 2010.02.27 05:07:00 - [17] Edited by: Mike C on 27/02/2010 05:08:08 bad idea, I have proof. EDIT 1/1: No but seriously, there is a fault to this. ↑↑ bar is just /quote ↑↑ [03:17:29] Trade Skills > Jesus believes in god [03:17:38] Mike C > believed* [03:17:48] Trade Skills > touche
Jade Mitch Gallente The Scope	Posted - 2010.02.27 07:02:00 - [18] What you're basically asking for is an idiot patch. Forget it, it's impossible to protect users who refuse to protect themselves.
Rip Minner Gallente Balthizar Drako Inc.	Posted - 2010.02.27 08:18:00 - [19] I like the WOW solution. It works great. I have had my WOW account hacked and I do take steps but lets face it some people like me have kids and wifes man. I have to work I cant keep them from doing stupid stuff when I'm not around. I love the WOW thing alot. Is it a rock? Point a Lazer at it and profit. Is it a ship? Point a Lazer at it and profit. I dont realy see any differnces here.
Ban Doga	Posted - 2010.02.27 10:10:00 - [20] Originally by: Gwendion Or they could do what Wow does. They have cheap RSA-type keys you can use for password generation. I think that would solve 99% of all those problems. (Though Im pretty sure the ones WoW uses aren't RSA, as those are bloody expensive) Hint to CCP: Get RSA token :P Or allow us to use our own? Hmm Has been suggested several times already. Apparently not important enough...

Pages: [1] :: one page
First page \| Previous page \| Next page \| Last page

COPYRIGHT NOTICE
EVE Online, the EVE logo, EVE and all associated logos and designs are the intellectual property of CCP hf. All artwork, screenshots, characters, vehicles, storylines, world facts or other recognizable features of the intellectual property relating to these trademarks are likewise the intellectual property of CCP hf. EVE Online and the EVE logo are the registered trademarks of CCP hf. All rights are reserved worldwide. All other trademarks are the property of their respective owners. CCP hf. has granted permission to EVE-Search.com to use EVE Online and all associated logos and designs for promotional and information purposes on its website but does not endorse, and is not in any way affiliated with, EVE-Search.com. CCP is in no way responsible for the content on or functioning of this website, nor can it be liable for any damage arising from the use of this website.