Pages: 1 2 3 :: [one page] |
|
Author |
Thread Statistics | Show CCP posts - 0 post(s) |
Finde learth
Republic Military School Minmatar Republic
15
|
Posted - 2012.07.16 02:03:00 -
[1] - Quote
SERENITY already have this.
And Horace said Tranquility will have "soon".(I don't have the link because i don't have the microblog account.)
pÇîs¢Psñì@Fû¢s«ÜF¦ötÜätî½FǦµ£¦:1. µ¼ºµ£ìS+Üt½ïsì¦sÉ»tö¿sÆîs¢+µ£ìS+ǵá+tÜätÖ+TÖåsÖ¿n+îF+Ös¦åµÿ»EVEsà¿tÉât+ƒS+ÇtÜätÖ+s+òµû¦s+Ån+îsŬS+ìF+çsàês£¿s¢+µ£ìS+èt¦+S¦ån+¢2. T¬îF»ütáütÜäS+ôT¬îµêæS+¼F+æµ£ƒS+ÜS+«sñìsÆîS+ÿsîûpÇépÇì
I have ask Hilmar about this on twitter,still waiting for his response. https://twitter.com/Finde_learth/status/224528638836604928
|
Johan Civire
Dirty Curse inc.
24
|
Posted - 2012.07.16 02:05:00 -
[2] - Quote
Finde learth wrote:SERENITY already have this. And Horace said Tranquility will have "soon".(I don't have the link because i don't have the microblog account.) pÇîs¢Psñì@Fû¢s«ÜF¦ötÜätî½FǦµ£¦:1. µ¼ºµ£ìS+Üt½ïsì¦sÉ»tö¿sÆîs¢+µ£ìS+ǵá+tÜätÖ+TÖåsÖ¿n+îF+Ös¦åµÿ»EVEsà¿tÉât+ƒS+ÇtÜätÖ+s+òµû¦s+Ån+îsŬS+ìF+çsàês£¿s¢+µ£ìS+èt¦+S¦ån+¢2. T¬îF»ütáütÜäS+ôT¬îµêæS+¼F+æµ£ƒS+ÜS+«sñìsÆîS+ÿsîûpÇépÇì I have ask Hilmar about this on twitter,still waiting for his response. https://twitter.com/Finde_learth/status/224528638836604928
now in english? |
Tarsus Zateki
GoonWaffe Goonswarm Federation
691
|
Posted - 2012.07.16 02:13:00 -
[3] - Quote
Using two part authentication works really well in Blizzard's line of games. No one that uses an authenticator has been publicly proven to have had their accounts compromised (lots of folks that have lied about having one though and been hilariously called out by Blizzard GMs). Of course with nearly ten million subscribers to World of Warcraft and several million other players in Diablo 3 there is a huge market for currency and items sourced from stolen accounts. I wonder how large an issue this is in Eve Online.
Either way as a user of an authenticator in my Blizzard games I'd happily support two part authentication in Eve Online, even if it was a just a simple E-Mail code sent to you when you try to log-in through an unfamiliar IP Address and such. You asked me once, what was in Room 101. I told you that you knew the answer already. Everyone knows it. The thing that is in Room 101 is the worst thing in the world. |
Tarsus Zateki
GoonWaffe Goonswarm Federation
691
|
Posted - 2012.07.16 02:14:00 -
[4] - Quote
Johan Civire wrote:
now in english?
His post made perfect sense, but if we're being idiots in this thread... you have poor hygiene and dress in a shabby manner. You asked me once, what was in Room 101. I told you that you knew the answer already. Everyone knows it. The thing that is in Room 101 is the worst thing in the world. |
Torneach
Apocalypse Exploration
272
|
Posted - 2012.07.16 02:57:00 -
[5] - Quote
Is it really necessary? |
Tarsus Zateki
GoonWaffe Goonswarm Federation
695
|
Posted - 2012.07.16 02:58:00 -
[6] - Quote
That would depend on how frequently Eve-Online accounts are stolen. Up to Screegs really. You asked me once, what was in Room 101. I told you that you knew the answer already. Everyone knows it. The thing that is in Room 101 is the worst thing in the world. |
Corina Jarr
Spazzoid Enterprises Purpose Built
1052
|
Posted - 2012.07.16 03:01:00 -
[7] - Quote
I'd have no problem with it.
Its not like it would make our lives a frustrating nightmare like the captcha suggestions.
As for when, when CCP thinks it is needed. |
Tarsus Zateki
GoonWaffe Goonswarm Federation
695
|
Posted - 2012.07.16 03:02:00 -
[8] - Quote
Corina Jarr wrote: ...captcha suggestions...
Careful now, this is CCP we're talking about. You asked me once, what was in Room 101. I told you that you knew the answer already. Everyone knows it. The thing that is in Room 101 is the worst thing in the world. |
Degren
Dreddit Test Alliance Please Ignore
1851
|
Posted - 2012.07.16 03:11:00 -
[9] - Quote
About to leave work, will translate when I get home.
~an hour.
Reserving post, obviously. This avatar is as happy as Eve gets! -áSoooooo happy. |
Viktor Fyretracker
Emminent Terraforming
38
|
Posted - 2012.07.16 03:32:00 -
[10] - Quote
Corina Jarr wrote:I'd have no problem with it.
Its not like it would make our lives a frustrating nightmare like the captcha suggestions.
As for when, when CCP thinks it is needed.
Captcha is a horrible thing. bots still get around it and its scrambled letters can be hard to read. EVE is like swimming on a beach in shark infested waters,-á There is however a catch...-á The EVE Beach you also have to wonder which fellow swimmer will try and eat you before the sharks. |
|
Tau Cabalander
Retirement Retreat Working Stiffs
868
|
Posted - 2012.07.16 03:45:00 -
[11] - Quote
Tarsus Zateki wrote:Using two part authentication works really well in Blizzard's line of games. No one that uses an authenticator has been publicly proven to have had their accounts compromised (lots of folks that have lied about having one though and have been hilariously called out by Blizzard GMs after claiming to be hacked). I lost my Blizzard authenticator, and found it again after about 2 years of playing EVE.
I can vouch that an authenticator is a great way to prevent account access
It is probably 3-5 years old and still works. Good battery. |
Degren
Dreddit Test Alliance Please Ignore
1851
|
Posted - 2012.07.16 04:31:00 -
[12] - Quote
Tau Cabalander wrote:Tarsus Zateki wrote:Using two part authentication works really well in Blizzard's line of games. No one that uses an authenticator has been publicly proven to have had their accounts compromised (lots of folks that have lied about having one though and have been hilariously called out by Blizzard GMs after claiming to be hacked). I lost my Blizzard authenticator, and found it again after about 2 years of playing EVE. I can vouch that an authenticator is a great way to prevent account access It is probably 3-5 years old and still works. Good battery.
Just FYI, the original blizz authenticators were cracked. This avatar is as happy as Eve gets! -áSoooooo happy. |
Tau Cabalander
Retirement Retreat Working Stiffs
868
|
Posted - 2012.07.16 18:40:00 -
[13] - Quote
Degren wrote:Just FYI, the original blizz authenticators were cracked. Not a crack per se, but a man-in-the-middle attack when using a trojan infected key-logging computer, and with a 30 second vulnerability window.
I wonder about people that run random executables, or click on questionable links, or surf without script and pop-up protection, etc. |
Finde learth
Republic Military School Minmatar Republic
15
|
Posted - 2012.07.17 06:20:00 -
[14] - Quote
http://i.imgur.com/mfr4g.png XJPNU8 is verified code.
I really don't want see this happen on Tranquility. |
Kel Shek
Blue Sun Labs
0
|
Posted - 2012.07.17 06:56:00 -
[15] - Quote
I think some sorta captcha thing for EVE would be bad and completely unneccessary.
I think an authenticator type deal would be kinda nifty. though realistically, a bit excessive.
if it could be made into a cool keychain though, and no more expensive than the Blizz ones, might be totally worth it.
I mean ultimately there's a lot more at stake in an EVE account than in a WOW account. so it makes a certain amount of sense. |
Oberine Noriepa
844
|
Posted - 2012.07.17 07:13:00 -
[16] - Quote
Note that those screenshots feature the launcher and not the client itself. It's not a bad thing in the slightest. |
Xercodo
Disturbed Friends Of Diazepam
1218
|
Posted - 2012.07.17 07:19:00 -
[17] - Quote
Oberine Noriepa wrote:Note that those screenshots feature the launcher and not the client itself. It's not a bad thing in the slightest.
Um, CCP wants to push the login process to the launcher and make the client only character select.
This being a normal thing is a possibility. But I only see it as a bot deterrent for bots that run completely on their own through downtimes too.
The bot users would simply just login manually and let the bot take over form there. It has been said that the Serenity server is over run with bots cause....well we all know the Chinese gold farmer stereotype :3 The Drake is a Lie |
Finde learth
Republic Military School Minmatar Republic
15
|
Posted - 2012.07.17 07:20:00 -
[18] - Quote
Oberine Noriepa wrote: Note that those screenshots feature the launcher and not the client itself. It's not a bad thing in the slightest.
You can't log in unless you use the launcher log in. So it means if eve auto restart for any reasons, you need to close the auto restart EVE then use the launcher log in.
That's very annoying.
And the launcher log in won't save your account name. |
Vitamin B12
30
|
Posted - 2012.07.17 07:50:00 -
[19] - Quote
A feature like this would only harm the normal player.
Bots will simply use a captcha solving service (deathbycaptcha.com for example). Capital Ships Related BPC's & BPO's // fair price-á// fast delivery https://forums.eveonline.com/default.aspx?g=posts&m=973041 |
Chokichi Ozuwara
Royal One Piece Corporation Deadly Unknown
380
|
Posted - 2012.07.17 07:56:00 -
[20] - Quote
Captcha does nothing to secure your account. Bots are designed to capture captchas and fire them off to third party solving services (manual and automated) which beat them easily.
Adding this would be stupid. It would be like 2008 all over again. Tears will be shed and pants will need to be changed all round. |
|
Terrorfrodo
Deep Space Darwinian Law Enforcement Agency
88
|
Posted - 2012.07.17 08:01:00 -
[21] - Quote
I HATE captchas. Don't do this! The Invulnerability Sphere:Make mining/industrial vessels defendable, better fights for everyone! |
dexington
Lysergic.acid.diethylamide
53
|
Posted - 2012.07.17 08:08:00 -
[22] - Quote
Chokichi Ozuwara wrote:Captcha does nothing to secure your account. Bots are designed to capture captchas and fire them off to third party solving services (manual and automated) which beat them easily.
Adding this would be stupid. It would be like 2008 all over again.
It protects you account against brute force attacks, or at least makes the process of brute force attacks slow and expensive if there is no way to decode the answer without human interaction. |
Terrorfrodo
Deep Space Darwinian Law Enforcement Agency
88
|
Posted - 2012.07.17 08:38:00 -
[23] - Quote
To protect against brute force attacks, they could just throttle login attempts: When you enter a wrong password twice, you can't attempt another login until three minutes have passed. Brute-forcing an account would take a looong time then. The Invulnerability Sphere:Make mining/industrial vessels defendable, better fights for everyone! |
Pak Narhoo
Knights of Kador
625
|
Posted - 2012.07.17 09:26:00 -
[24] - Quote
Can't say I'm going to be happy with this but if it is a working deterrent to bots.... Hi, I'm CCP Arrow, I screwed up the.. ummm... |
dexington
Lysergic.acid.diethylamide
53
|
Posted - 2012.07.17 09:33:00 -
[25] - Quote
Terrorfrodo wrote:To protect against brute force attacks, they could just throttle login attempts: When you enter a wrong password twice, you can't attempt another login until three minutes have passed. Brute-forcing an account would take a looong time then.
That works well against brute force attacks that target a single account, but is very ineffective against other automated attacks that simultaneously attacks multiple accounts.
|
Terrorfrodo
Deep Space Darwinian Law Enforcement Agency
88
|
Posted - 2012.07.17 09:40:00 -
[26] - Quote
If every account can have only a very limited number of unsuccessful login attempts per day, then the overall number of accounts hacked by brute force attacks will be very low. Only those choosing a really bad password will be vulnerable, but EVE does enforce the choosing of a reasonably complex password now.
Tbh I don't see how people still get hacked other than by keyloggers infecting their computers. Captchas won't protect us from that either. The Invulnerability Sphere:Make mining/industrial vessels defendable, better fights for everyone! |
Mara Rinn
Cosmic Industrial Complex Cosmic Consortium
1627
|
Posted - 2012.07.17 09:47:00 -
[27] - Quote
Why not just implement the two-factor authentication for which we already have the damned key fobs?
How is CAPTCHA supposed to prevent brute-force attacks anyway? CCP surely know that there are sweat shops dedicated to people solving CAPTCHAS for fifty cents an hour, don't they? (just check out Amazon's Mechanical Turk) Day 0 advice for new players: Day 0 Advice for New Players |
Anya Ohaya
School of Applied Knowledge Caldari State
143
|
Posted - 2012.07.17 10:07:00 -
[28] - Quote
Terrorfrodo wrote:To protect against brute force attacks, they could just throttle login attempts: When you enter a wrong password twice, you can't attempt another login until three minutes have passed. Brute-forcing an account would take a looong time then.
3 minutes is overkill. 3 seconds should be enough to make brute force attacks impractical on all but the weakest passwords (it would take eight hours go through a dictionary of common words)). |
Random Celestial
Royal Amarr Institute Amarr Empire
3
|
Posted - 2012.07.17 13:04:00 -
[29] - Quote
dexington wrote:Chokichi Ozuwara wrote:Captcha does nothing to secure your account. Bots are designed to capture captchas and fire them off to third party solving services (manual and automated) which beat them easily.
Adding this would be stupid. It would be like 2008 all over again. It protects you account against brute force attacks, or at least makes the process of brute force attacks slow and expensive if there is no way to decode the answer without human interaction.
You can buy 1000 captcha solves for $1.37 USD.
<- Runs craigslist bots for car dealers, CL dropped captchas now though. |
Roc Wieler
Tribal Liberation Force Minmatar Republic
177
|
Posted - 2012.07.17 13:16:00 -
[30] - Quote
There are many good forms of captcha other than scrambled letters.
http://www.jquery4u.com/security/10-jquery-captcha-plugins/
Of course, as mentioned, none of these is 100% foolproof, but many serve as a deterrent, and that makes a difference. Never start a fight you can win.
|
|
dexington
Lysergic.acid.diethylamide
53
|
Posted - 2012.07.17 13:42:00 -
[31] - Quote
Random Celestial wrote:dexington wrote:Chokichi Ozuwara wrote:Captcha does nothing to secure your account. Bots are designed to capture captchas and fire them off to third party solving services (manual and automated) which beat them easily.
Adding this would be stupid. It would be like 2008 all over again. It protects you account against brute force attacks, or at least makes the process of brute force attacks slow and expensive if there is no way to decode the answer without human interaction. You can buy 1000 captcha solves for $1.37 USD. <- Runs craigslist bots for car dealers, CL dropped captchas now though.
Having to spend 1.37$ to check the 1000 commonly used passwords, with a paper trail to the company doing the captcha solving, is really not a sweet deal.
You are right, captcha is not going to stop all attacks, but at some point attackers are going to look for easier targets. You can probably find a lot of corp website or 3. party forums with a decent amount of active users, if they have a login mechanic, there is a good chance you can find some combination of username/email/password that would enable you to access some/several eve accounts.
In the end it's probably going to be easier to find a security vulnerability in a 3. party web site, then trying to brute force accounts on a ccp owned site, with or without captcha, but each layer of security makes the target less attractive. |
Lord Ryan
Quantum Cats Syndicate
540
|
Posted - 2012.07.17 13:58:00 -
[32] - Quote
capshit would be the straw......................... -á"Nerf it cause I can't fly it". I want to fly a badass Mon Calamari stlye-ácruiser painted to match my Tron clothes. |
Kisumii
Bio-Tech Research Luna Sanguinem
81
|
Posted - 2012.07.17 14:34:00 -
[33] - Quote
This is bollocks, Just do what RIFT did, If you log in from unfamiliar IP you cannot spend or move any items until you check your email for the coin lock code and punch it in game. Simples.
Unless ofcourse you was dumb enough to get your game AND email hacked... |
Blastcaps Madullier
Celestial Horizon Corp. Ethereal Dawn
61
|
Posted - 2012.07.17 14:37:00 -
[34] - Quote
no thank you, that systems a pain in the ass and frankly dont want to see it, authenticators for smart phones maybe, this crap persoanly want no part of, frequently you have to refresh the "phrase" several times just to get one thats barely readable, so with due respect **** THAT.
|
AureoBroker
Etoilles Mortant Ltd. Solyaris Chtonium
53
|
Posted - 2012.07.17 14:44:00 -
[35] - Quote
Captchas do not work in the slightest.
Email code would be much better, or authenticator after that. |
Alayna Le'line
10
|
Posted - 2012.07.17 14:51:00 -
[36] - Quote
Tarsus Zateki wrote:Either way as a user of an authenticator in my Blizzard games I'd happily support two part authentication in Eve Online, even if it was a just a simple E-Mail code sent to you when you try to log-in through an unfamiliar IP Address and such.
Rift did this e-mail thing and it was extremely annoying. E-mail is NOT an instant form of communication, something people tend to forget, and having to wait 10minutes or more before you can do anything on your account (it would disallow buying/selling/trashing of items until you had verified your account)
Also CAPTCHA's are a terrible terrible form of authentication: either they are too readable and can be broken by bots, or they are not readable, and can't be read by the humans supposed to be reading them either. In the worst case they mess around with various kinds of colors on top of the regular gibberish making things just impossible for people like me (that is, [partially] colorblind people). I HATE captchas with a fiery passion.
Now Blizzard (and a bunch of other companies, like Bioware I think) use an authenticator that spits out a semi-random number that you have to input together with your password, that I can get behind. It works wonders. Typing in a number takes just seconds and you can generally install an application on your phone as well as have a hardware authenticator (or multiple) attached to one single account (so you're not tied down when on the move or when you manage to lose on or the other).
Of course EVE being EVE it'd be nice if you could use one authenticator for multiple accounts, think of poor Chribba folks... ;)
|
Roc Wieler
Tribal Liberation Force Minmatar Republic
177
|
Posted - 2012.07.17 16:16:00 -
[37] - Quote
Last year at Fanfest they actually handed out random code generators. I still have mine. I think they went down this path and abandoned it. I would be interested in finding out why. Never start a fight you can win.
|
highonpop
Void.Tech Fatal Ascension
138
|
Posted - 2012.07.17 16:16:00 -
[38] - Quote
1 simple step in a bigger war against bots.
doit SEE YOU IN 319 STATION!!! WOOO HOOOO!!!!! |
Verfanny
Imperial Shipment Amarr Empire
0
|
Posted - 2012.07.17 17:03:00 -
[39] - Quote
I would personally prefer an authenticator rather than a CAPTCHA.
My 0.02 ISK |
Vaerah Vahrokha
Vahrokh Consulting
1661
|
Posted - 2012.07.17 17:21:00 -
[40] - Quote
Kisumii wrote:This is bollocks, Just do what RIFT did, If you log in from unfamiliar IP you cannot spend or move any items until you check your email for the coin lock code and punch it in game. Simples.
Unless ofcourse you was dumb enough to get your game AND email hacked...
No, the majority of players is on dynamic IP and mails *by design* may arrive hours late.
Plus some folks (like me) since years have their accounts bound to an email that the server makes available only after 20 minutes or so. Imagine having to wait 20 mins per each log in. Auditing | Collateral holding and insurance | Consulting | PLEX for Good Charity
Twitter channel |
|
Just Lilly
17
|
Posted - 2012.07.17 19:21:00 -
[41] - Quote
How about an mobile authenticator instead, like the one Blizzard use. It's a free app for your smartphone.
Everyone use smartphones... May 15 2012 |
Dave stark
Perkone Caldari State
193
|
Posted - 2012.07.17 19:23:00 -
[42] - Quote
user name and password is fine. this is a game not my online banking. Reading my posts is like panning for gold; most it will be useless, but occasionally you'll find a nugget of gold. |
Lin-Young Borovskova
Science and Trade Institute Caldari State
522
|
Posted - 2012.07.17 19:25:00 -
[43] - Quote
Finde learth wrote:Oberine Noriepa wrote: Note that those screenshots feature the launcher and not the client itself. It's not a bad thing in the slightest.
You can't log in unless you use the launcher log in. So it means if eve auto restart for any reasons, you need to close the auto restart EVE then use the launcher log in. That's very annoying. And the launcher log in won't save your account name.
Nor prevents the account of being stolen or bots anyway, well maybe just in some silly dudes minds. brb |
Cede Forster
Graffa
8
|
Posted - 2012.07.17 19:34:00 -
[44] - Quote
optional authenticator would be nice, just using username + password to secure the account feels a little like walking at night through detroit
with a blond wig, a miniskirt and bag full of drugs |
Tarsus Zateki
GoonWaffe Goonswarm Federation
735
|
Posted - 2012.07.17 22:55:00 -
[45] - Quote
Dave stark wrote:user name and password is fine. this is a game not my online banking.
Of course stealing banking information is a felony in most countries while stealing an Eve Online account isn't. Having a little extra security on something you value that has no real criminal repercussions isn't a bad idea. The value of stolen WoW accounts is the reason Blizzard sells authentication fobs at a loss and provides free authenticators for smart phones. They can't prosecute account thieves and the customer service costs of dealing with stolen accounts is far more than the price of fobs.
Its even worse in Eve Online as a compromised account can not only result in a loss of ISK and assets but could jeopardize the gameplay and assets of hundred or thousands of other people in the case of corporation CEOs and alliance executors. You asked me once, what was in Room 101. I told you that you knew the answer already. Everyone knows it. The thing that is in Room 101 is the worst thing in the world. |
Terminal Insanity
The Filthy Ones
639
|
Posted - 2012.07.17 23:03:00 -
[46] - Quote
YES make this a requirement for trials or accounts that are less then a few months old.
NO, DO NOT MAKE ME FILL IN THOSE GODDAMN UNREADABLE CAPTCHAS EVERY ******* GODDAMN TIME I LOG IN.
I already spend more time trying to decipher captchas then anyone should have to. "War declarations are never officially considered griefing and are not a bannable offense, and it has been repeatedly stated by the developers that the possibility for non-consensual PvP is an intended feature." - CCP |
Mr M
Agony Unleashed
181
|
Posted - 2012.07.17 23:59:00 -
[47] - Quote
I hate it when I get a captcha like this.
|
Vitamin B12
30
|
Posted - 2012.07.18 05:27:00 -
[48] - Quote
dexington wrote:Chokichi Ozuwara wrote:Captcha does nothing to secure your account. Bots are designed to capture captchas and fire them off to third party solving services (manual and automated) which beat them easily.
Adding this would be stupid. It would be like 2008 all over again. It protects you account against brute force attacks, or at least makes the process of brute force attacks slow and expensive if there is no way to decode the answer without human interaction.
Brute Force need to be adressed on the server side (CCP) not on the client. If a file is on my computer I can modify it. That is really bad and weak protection. Never give the user control over something.
Regarding "login attempts": I would really like to see the security feature we already got on evegate also in the client. If you are logging in first time with this maschine ask for character names on the account.
/vita
Capital Ships Related BPC's & BPO's // fair price-á// fast delivery https://forums.eveonline.com/default.aspx?g=posts&m=973041 |
dexington
Lysergic.acid.diethylamide
53
|
Posted - 2012.07.18 06:25:00 -
[49] - Quote
Vitamin B12 wrote:Brute Force need to be adressed on the server side (CCP) not on the client. If a file is on my computer I can modify it. That is really bad and weak protection. Never give the user control over something.
I'm not sure i get your point, the image is generated server side, and send to the client. You can modify the image as you like, but the server is still going to require the correct answer associated with the image, to grant you access to the system.
|
Altrue
Exploration Frontier inc
13
|
Posted - 2012.07.18 07:52:00 -
[50] - Quote
This should be interesting to prevent botting, or at least to make their life harder after downtime, requiring a manual intervention.
So, the idea of having a CHAPTA for the first months of an account is imo a good idea.
After.. I see no point, an optionnal authentificator would be fine. "- What is the end-game content of EvE ? -á- The New Unified Inventory. Every player dreams of using it comfortably, but only a few hardcore gamers achieve to do so." |
|
Haffsol
Froody Guys Spaceships Business
7
|
Posted - 2012.07.18 08:12:00 -
[51] - Quote
sorry I'm a bot and can't read captcha
is https too easy to implement or what? |
dexington
Lysergic.acid.diethylamide
54
|
Posted - 2012.07.18 08:35:00 -
[52] - Quote
Haffsol wrote:is https too easy to implement or what?
It's two different thing, https is applying a application layer cryptographic protocol to the http protocol, http + ssl. This is used to avoid eavesdropping and tampering of the data send between two computers.
Captcha is primary a means to try and force human interaction in a given process, most often the login process. |
ChrisDude70
The Night Crew The Night Crew Alliance
24
|
Posted - 2012.07.18 10:38:00 -
[53] - Quote
Kisumii wrote:This is bollocks, Just do what RIFT did, If you log in from unfamiliar IP you cannot spend or move any items until you check your email for the coin lock code and punch it in game. Simples.
Unless ofcourse you was dumb enough to get your game AND email hacked...
This would be a massive pain for us folks with dynamic IPs.
IIRC CCP had some form of keyfob authentication in the works from a few years ago. |
Aramatheia
European Nuthouse
49
|
Posted - 2012.07.18 11:02:00 -
[54] - Quote
Tarsus Zateki wrote:Using two part authentication works really well in Blizzard's line of games. No one that uses an authenticator has been publicly proven to have had their accounts compromised (lots of folks that have lied about having one though and have been hilariously called out by Blizzard GMs after claiming to be hacked). Of course with nearly ten million subscribers to World of Warcraft and several million other players in Diablo 3 there is a huge market for currency and items sourced from stolen accounts. I wonder how large an issue this is in Eve Online.
Either way as a user of an authenticator in my Blizzard games I'd happily support two part authentication in Eve Online, even if it was a just a simple E-Mail code sent to you when you try to log-in through an unfamiliar IP Address and such.
Edit: In before everyone who's afraid of change.
best part of blizzards authenticator is even if you havent used a blizzard game in a year (such as myself) youry account is still secure, i check on mine from time to time i just dont play the games anymore. I'd be fine with a physical eve authenticator just like the blizz one. In fact more so then stupid captcha's which only work because the letters are 99% unreadable and a human has to click through about 20 options of crap to find something that actually resembles alpha numeric entities |
Verfanny
Imperial Shipment Amarr Empire
0
|
Posted - 2012.07.18 13:05:00 -
[55] - Quote
On the other hand it could be worse than a CAPTCHA. Look at L2 and Aion where you have to manually enter a 6 digits PIN on a constantly shifting virtual keypad each time you want to log in with a character, and of course the PIN is different for each of your character. |
Lilliana Stelles
Mindstar Technology Executive Outcomes
110
|
Posted - 2012.07.18 13:10:00 -
[56] - Quote
Captchas I can deal with.
Just so long as I don't have to carry around a plastic authenticator to play the game. |
dexington
Lysergic.acid.diethylamide
55
|
Posted - 2012.07.18 13:18:00 -
[57] - Quote
Lilliana Stelles wrote:Just so long as I don't have to carry around a plastic authenticator to play the game.
If/when two-factor authentication is added, i think it's going to be optional to use it, at least that is now it was implemented in other popular mmo's. |
Lilliana Stelles
Mindstar Technology Executive Outcomes
110
|
Posted - 2012.07.18 13:31:00 -
[58] - Quote
dexington wrote:Lilliana Stelles wrote:Just so long as I don't have to carry around a plastic authenticator to play the game. If/when two-factor authentication is added, i think it's going to be optional to use it, at least that is now it was implemented in other popular mmo's. Swtor and Diablo 3 both REQUIRED authentication to use specific features. I ended up buying them before I got a smartphone. I'd rather not have to deal with it in Eve. |
Verfanny
Imperial Shipment Amarr Empire
0
|
Posted - 2012.07.18 13:32:00 -
[59] - Quote
Lilliana Stelles wrote:Captchas I can deal with.
Just so long as I don't have to carry around a plastic authenticator to play the game.
There will most likely be a smartphone app too. |
Palovana
Inner Fire Inc.
258
|
Posted - 2012.07.18 14:39:00 -
[60] - Quote
Mr M wrote:I hate it when I get a captcha like this. +ö+¦++ +¡-ç+¦-ä+¦ +¦+++++++++¦+¦-î +¦++-å+¼+¦++-ä++ -â-ä++ -Ç+++++¦-ä-ü++++-î+¦+¦-î -â+¦-é? Please support: export of settings in editable format
Your stuff goes here. |
|
Marconus Orion
Massive PVPness
221
|
Posted - 2012.07.18 15:02:00 -
[61] - Quote
A phone ap as an authenticator works like a charm. I am surprised this game still does not support one. |
Sentamon
Imperial Academy Amarr Empire
35
|
Posted - 2012.07.18 15:24:00 -
[62] - Quote
Torneach wrote:Is it really necessary?
Yes. |
MadMuppet
Universal Freelance CONSORTIUM UNIVERSALIS
503
|
Posted - 2012.07.18 15:32:00 -
[63] - Quote
I wouldn't mind it if I didn't have to log in every time I change characters. If I tried to make a type of coffee that made all of you happy, and you rated it, the group score for it would be about 60 out of 100. Break into 3 or 4 coffee clusters, and made coffee just for each cluster, the scores would go from 60 to 78. The difference between coffee at 60 and coffee at 78 is a difference between coffee that makes you wince or makes you happy. |
Linda Shadowborn
Dark Steel Industries
188
|
Posted - 2012.07.18 16:21:00 -
[64] - Quote
Just Lilly wrote:How about an mobile authenticator instead, like the one Blizzard use. It's a free app for your smartphone.
Everyone use smartphones...
I dont :) |
Haffsol
Froody Guys Spaceships Business
7
|
Posted - 2012.07.18 16:28:00 -
[65] - Quote
Quote:Quote: is https too easy to implement or what?
It's two different thing, https is applying a application layer cryptographic protocol to the http protocol, http + ssl. This is used to avoid eavesdropping and tampering of the data send between two computers. so if you consider your pc secure from a physical point of view, and you don't store your passwords in a file called EVE-PASSWORDS-OF-ALL-MY-ACCOUNTS.DOC on your desktop than https should be just the way to go. I mean, it's a sort of tunneling between my pc and the CCP servers on a cryptographic layer. And has been proven to be quite solid in years since its introduction. What can go wrong?
I like logging into something using name & pwd and not loosing time trying to convince a computer that I'm human |
Tarsus Zateki
GoonWaffe Goonswarm Federation
753
|
Posted - 2012.07.18 17:40:00 -
[66] - Quote
The recent hilarity involving the huge number of people having their Diablo 3 accounts stolen shows our PCs are not secure and no amount of self-assurance will change that. Using two part authentication moves one factor out of the hands of account thieves and puts it somewhere they can't get it without outright mugging or robbing you. Both of which are real crimes in most nations.
Edit: Captcha is a ****** solution, physical authenticators you carry on you are a good solution. Heck CCP could use the same VASCO Digi-Pass authenticators that Blizzard uses and save a bunch of money. You asked me once, what was in Room 101. I told you that you knew the answer already. Everyone knows it. The thing that is in Room 101 is the worst thing in the world. |
Finde learth
Republic Military School Minmatar Republic
16
|
Posted - 2012.07.31 09:34:00 -
[67] - Quote
Finally CCP won't add the stupid captcha on Tranquility.
When you input fail on Serenity, the stupid captcha will still appear.
http://i.imgur.com/VkUrw.png |
dexington
102
|
Posted - 2012.07.31 09:47:00 -
[68] - Quote
Haffsol wrote:Quote:Quote:is https too easy to implement or what? It's two different thing, https is applying a application layer cryptographic protocol to the http protocol, http + ssl. This is used to avoid eavesdropping and tampering of the data send between two computers. so if you consider your pc secure from a physical point of view, and you don't store your passwords in a file called EVE-PASSWORDS-OF-ALL-MY-ACCOUNTS.DOC on your desktop than https should be just the way to go.
SSL/HTTPS does not protect you against automated attacks that are trying to guess you password, which is what CAPTCHA tries to do.
Besides i think user authentication is already done over a secure connection. GÇ£The best way to keep something bad from happening is to see it ahead of time, and you can't see it if you refuse to face the possibility.GÇ¥-á |
Vera Algaert
Republic University Minmatar Republic
274
|
Posted - 2012.07.31 10:29:00 -
[69] - Quote
Mr M wrote:I hate it when I get a captcha like this. that's because you don't understand how recaptcha works
google uses recaptcha to outsource OCR work to you, so each captcha consists of one word that is known and one word that is unknown to google.
The second word has no influence on whether you pas the captcha or not, it's just a word that google's OCR systems have trouble identifying (they digitize newspapers, books or more recently street numbers for google maps) and that they want your help with. So they take all submissions for the second word from users who had the first (known) word right and see if there is a consensus between users on what it is supposed to read - if there is they know what to digitize it as (and yes, this is of course exploitable and /b/tards are trying to exploit it hoping to insert racial slurs into the digitized texts as they go).
The font gives away that turntu is the "known" word in your example and that you have to get this one right to pass the captcha while apolole is unknown to Google and as such doesn't matter. |
HyperZerg
Free-Space-Ranger Ev0ke
11
|
Posted - 2012.07.31 11:14:00 -
[70] - Quote
As long as the hashs aren't stored in the local computer no need for capchas ...
Just add: per IP and per account 5 trys then wait 10 sec till another login is allowed. Then, even if you try to "guess" the password "1234" you need up to 10k trys => ~27h If you have to use non-numeric password with at least 7 characters, special characters and stuff you can forget to use a brute-force attack.
Captchas ONLY use is to block bots in automated request. IF they are already blocked after too many failed logins no need for them. Okay you could stop bots from automated login to you char but there are easy ways to avoid captchas.. You got 1 person online who get the captchas copyed as picture, solves it and send it back to the bot who needs it. The real botters won't cry and all the normal players will be pissed of badly.
|
|
Abel Merkabah
TIMELINE Industries
87
|
Posted - 2012.07.31 13:36:00 -
[71] - Quote
This is all silly. The obvious solution is biometrics.
Every time you sign in, you need to submit a small blood sample (EvE is thirsty). EvE will verify your genetic code; problem solved.
Edit - I'd like to see a bot do that.
Seriously, authenticators rock though. I support key fab or smart phone authenticators. "The human body can be drained of blood in 8.6 seconds, given adequate vacuuming systems." |
|
|
|
Pages: 1 2 3 :: [one page] |