Pages: 1 2 [3] :: one page |
|
Author |
Thread Statistics | Show CCP posts - 0 post(s) |

Marconus Orion
Massive PVPness
221
|
Posted - 2012.07.18 15:02:00 -
[61] - Quote
A phone ap as an authenticator works like a charm. I am surprised this game still does not support one. |

Sentamon
Imperial Academy Amarr Empire
35
|
Posted - 2012.07.18 15:24:00 -
[62] - Quote
Torneach wrote:Is it really necessary?
Yes. |

MadMuppet
Universal Freelance CONSORTIUM UNIVERSALIS
503
|
Posted - 2012.07.18 15:32:00 -
[63] - Quote
I wouldn't mind it if I didn't have to log in every time I change characters. If I tried to make a type of coffee that made all of you happy, and you rated it, the group score for it would be about 60 out of 100. Break into 3 or 4 coffee clusters, and made coffee just for each cluster, the scores would go from 60 to 78. The difference between coffee at 60 and coffee at 78 is a difference between coffee that makes you wince or makes you happy. |

Linda Shadowborn
Dark Steel Industries
188
|
Posted - 2012.07.18 16:21:00 -
[64] - Quote
Just Lilly wrote:How about an mobile authenticator instead, like the one Blizzard use. It's a free app for your smartphone.
Everyone use smartphones...
I dont :) |

Haffsol
Froody Guys Spaceships Business
7
|
Posted - 2012.07.18 16:28:00 -
[65] - Quote
Quote:Quote: is https too easy to implement or what?
It's two different thing, https is applying a application layer cryptographic protocol to the http protocol, http + ssl. This is used to avoid eavesdropping and tampering of the data send between two computers. so if you consider your pc secure from a physical point of view, and you don't store your passwords in a file called EVE-PASSWORDS-OF-ALL-MY-ACCOUNTS.DOC on your desktop than https should be just the way to go. I mean, it's a sort of tunneling between my pc and the CCP servers on a cryptographic layer. And has been proven to be quite solid in years since its introduction. What can go wrong?
I like logging into something using name & pwd and not loosing time trying to convince a computer that I'm human |

Tarsus Zateki
GoonWaffe Goonswarm Federation
753
|
Posted - 2012.07.18 17:40:00 -
[66] - Quote
The recent hilarity involving the huge number of people having their Diablo 3 accounts stolen shows our PCs are not secure and no amount of self-assurance will change that. Using two part authentication moves one factor out of the hands of account thieves and puts it somewhere they can't get it without outright mugging or robbing you. Both of which are real crimes in most nations.
Edit: Captcha is a ****** solution, physical authenticators you carry on you are a good solution. Heck CCP could use the same VASCO Digi-Pass authenticators that Blizzard uses and save a bunch of money. You asked me once, what was in Room 101. I told you that you knew the answer already. Everyone knows it. The thing that is in Room 101 is the worst thing in the world. |

Finde learth
Republic Military School Minmatar Republic
16
|
Posted - 2012.07.31 09:34:00 -
[67] - Quote
Finally CCP won't add the stupid captcha on Tranquility.
When you input fail on Serenity, the stupid captcha will still appear.
http://i.imgur.com/VkUrw.png |

dexington
102
|
Posted - 2012.07.31 09:47:00 -
[68] - Quote
Haffsol wrote:Quote:Quote:is https too easy to implement or what? It's two different thing, https is applying a application layer cryptographic protocol to the http protocol, http + ssl. This is used to avoid eavesdropping and tampering of the data send between two computers. so if you consider your pc secure from a physical point of view, and you don't store your passwords in a file called EVE-PASSWORDS-OF-ALL-MY-ACCOUNTS.DOC on your desktop than https should be just the way to go.
SSL/HTTPS does not protect you against automated attacks that are trying to guess you password, which is what CAPTCHA tries to do.
Besides i think user authentication is already done over a secure connection. GÇ£The best way to keep something bad from happening is to see it ahead of time, and you can't see it if you refuse to face the possibility.GÇ¥-á |

Vera Algaert
Republic University Minmatar Republic
274
|
Posted - 2012.07.31 10:29:00 -
[69] - Quote
Mr M wrote:I hate it when I get a captcha like this. that's because you don't understand how recaptcha works 
google uses recaptcha to outsource OCR work to you, so each captcha consists of one word that is known and one word that is unknown to google.
The second word has no influence on whether you pas the captcha or not, it's just a word that google's OCR systems have trouble identifying (they digitize newspapers, books or more recently street numbers for google maps) and that they want your help with. So they take all submissions for the second word from users who had the first (known) word right and see if there is a consensus between users on what it is supposed to read - if there is they know what to digitize it as (and yes, this is of course exploitable and /b/tards are trying to exploit it hoping to insert racial slurs into the digitized texts as they go).
The font gives away that turntu is the "known" word in your example and that you have to get this one right to pass the captcha while apolole is unknown to Google and as such doesn't matter. |

HyperZerg
Free-Space-Ranger Ev0ke
11
|
Posted - 2012.07.31 11:14:00 -
[70] - Quote
As long as the hashs aren't stored in the local computer no need for capchas ...
Just add: per IP and per account 5 trys then wait 10 sec till another login is allowed. Then, even if you try to "guess" the password "1234" you need up to 10k trys => ~27h If you have to use non-numeric password with at least 7 characters, special characters and stuff you can forget to use a brute-force attack.
Captchas ONLY use is to block bots in automated request. IF they are already blocked after too many failed logins no need for them. Okay you could stop bots from automated login to you char but there are easy ways to avoid captchas.. You got 1 person online who get the captchas copyed as picture, solves it and send it back to the bot who needs it. The real botters won't cry and all the normal players will be pissed of badly.
|
|

Abel Merkabah
TIMELINE Industries
87
|
Posted - 2012.07.31 13:36:00 -
[71] - Quote
This is all silly. The obvious solution is biometrics.
Every time you sign in, you need to submit a small blood sample (EvE is thirsty). EvE will verify your genetic code; problem solved.
Edit - I'd like to see a bot do that.
Seriously, authenticators rock though. I support key fab or smart phone authenticators. "The human body can be drained of blood in 8.6 seconds, given adequate vacuuming systems." |
|
|
|
Pages: 1 2 [3] :: one page |
First page | Previous page | Next page | Last page |