| Pages: 1 2 [3] 4 :: one page |
| Author |
Thread Statistics | Show CCP posts - 0 post(s) |
Seamus Donohue
   |
Posted - 2010.10.09 17:45:00 -
[61]
Edited by: Seamus Donohue on 09/10/2010 17:47:05
Yes, implement it. Yes, make it optional.
If you make it, I will buy it.
 Originally by: De'Veldrin
As long as it's optional, yes indeedy. I love the little key fob things. I just hope I don't confuse it with the one I have for work.
The ones mailed out by Blizzard for World of Warcraft have the Blizzard logo on them, so they can't be mistaken for anything else unless one is blind. Of course, if one is blind, then that raises more fundamental usability issues with the game, itself. 
It should be a simple matter to have EVE Online RSA devices be manufactured with the CCP logo.
__________________________________________________
Survivor of Teskanen, fan of John Rourke. |
Zendoren
Aktaeon Industries
|
Posted - 2010.10.09 20:29:00 -
[62]
Edited by: Zendoren on 09/10/2010 20:29:46
Supported.
I would love to have a complimentary and functional EVE-Online key chain!
|
Astroka
|
Posted - 2010.10.09 23:00:00 -
[63]
Supported. Former WoW player, and I like this system. Very few drawbacks to implementing this and the added (optional!) security is wonderful.
======================================
"Rawr" means "I love you" in dinosaur!
====================================== |
Dek Kato
|
Posted - 2010.10.10 03:56:00 -
[64]
Supported, though I would hope for a good implementation to support the number of multiple account owners on EVE.
Originally by: CCP Shadow
Thread locked due to troll convention.
|
Aineko Macx
|
Posted - 2010.10.10 05:57:00 -
[65]
Wholeheartedly supported. Tho IIRC CCP already went MEH over it in the past 
________________________
CCP: Where fixing bugs is a luxury, not an obligation. |
Saidin Thor
|
Posted - 2010.10.12 00:12:00 -
[66]
Like the idea, but totally agree with Dek Kato's post.
Originally by: Dek Kato
Supported, though I would hope for a good implementation to support the number of multiple account owners on EVE.
|
Nikita Haley
Collegium Mechanicae
|
Posted - 2010.10.12 03:05:00 -
[67]
As per Dek Kato.
You know, I used to poke fun of my roommates' Blizzard auth things all the time. I would've definitely bought one for EVE though, CCP's got a snazzy logo just waiting for a functional keychain to sit on.
|
ChrisIsherwood
|
Posted - 2010.10.12 16:33:00 -
[68]
Supported.
Yes, most problems occur when people are being stupid. OTOH, it is probably easier to change the security than the entire human race. And you having done something unsafe and survived does not prove it was safe - be it DUI, unprotected s*x or surfing. Google "first day exploits" - Adobe and Flash are recent favorites where an up-to-date machine on a good website can even get malware served up from an advertising network that appears in the sidebar.
This will cost CCP money to implement. However the reduced customer service costs offset this. At some point, as the player population grows and humans (customer service agents/GMs) get more expensive and technology gets cheaper, the lines will cross, if TFA is not already a cost savings.
Also note that it's not just physical fobs any more. iPhone/Android/smartphone applications get around the shipping issue.
Personally, I would prefer for CCP to be a leader in technology in general and play protection in particular. But at least now they should play catch-up.
The next level is to optionally allow a corp/alliance to say that certain roles require a TFA authenticator. E.g., a large alliance could say only characters with an authenticator could be assigned the role that allows disband an alliance. The CVA disband that was undone probably could have been avoided.
|
Tonto Auri
Vhero' Multipurpose Corp
|
Posted - 2010.10.13 00:11:00 -
[69]
Originally by: SXYGeeK
Blizzard uses this for WOW and we make fun of how "trivial" it is to level a WOW character, yet they have a better level of protection than our EVE characters.
Please don't take it that I am recommending you go play WOW... but they have a very well done implementation of RSA security.
What you mean RSA security? You seems to be spitting words without knowledge. What in Blizzard stupidity is related to Rivest-Shamir-Aldeman chipher algorithm?
--
Thanks CCP for cu |
Facepalm
Battlestars
Wildly Inappropriate.
|
Posted - 2010.10.15 11:09:00 -
[70]
Yes plx. Knead theese theese daiz.
------------
|
Pesets
The Hunt Club
|
Posted - 2010.10.17 16:20:00 -
[71]
|
ChrisIsherwood
|
Posted - 2010.10.18 15:28:00 -
[72]
Originally by: Tonto Auri
What you mean RSA security? You seems to be spitting words without knowledge. What in Blizzard stupidity is related to Rivest-Shamir-Aldeman chipher algorithm?
The algorithm is called RSA. The name of the company is called RSA. The first (widely known) 2FA hardware dongles were sold by RSA Inc. and called RSA Authenticators. The Blizzard Authenticator(tm) may or may not be based upon a RSA Authenticator(tm) from the RSA. It's been over 17 years (patent life) since their 1978 paper so there may be cheaper alternatives than from RSA Inc. But in the same way that people make xerox copies and google the internet even if they use a Canon and (shudder) Bling, I usually see them referred to as RSA Authenticators, whether describing the Blizzard model or another.
|
AmarrettoDiAmarr
|
Posted - 2010.10.18 15:46:00 -
[73]
|
Maxsim Goratiev
Gallente
Imperial Tau Syndicate
|
Posted - 2010.10.18 16:31:00 -
[74]
thi is fairly usefull, and shall be done. Login history as well please.
E-mail with a recovery key active for three days every time a password is changed.
Password and e-mail cannot be changed on the same day, at least three days must pass.
Character has to be unlocked before it can be moved/transferedsold, the unlocking prosess may take three days/whatever
There is an enormous amount of security features that can be implemented.
Wedo deserve more security.
|
SXYGeeK
Gallente
do you
-Mostly Harmless-
|
Posted - 2010.10.25 16:56:00 -
[75]
Yet another reminder today to secure our accounts under yet another "wave" of account hackings.
perhaps the frequency and seeming ease at which these "waves" of account compromise are occurring should give some indication that EVE account security is not adequate, and that placing most of the responsibility for account security on vulnerable users and their systems is not improving the problem.
Please support this and ask your favorite CSM to encourage CCP to prioritize account security in light of these continuing waves.
We need a breakwater, a breakwater made of authentication tokens :), and perhaps some "no wake" buoys.
-We So SeXy |
Rickhart
|
Posted - 2010.10.25 19:39:00 -
[76]
how can someone not support this?
|
Berendas
Neo Spartans
Laconian Syndicate
|
Posted - 2010.10.25 22:20:00 -
[77]
More account security can't be a bad thing.
|
Gilgamoth
Eldritch Storm
The Matari Consortium
|
Posted - 2010.10.28 23:38:00 -
[78]
I support this
Regards,
Gil
---
We're Recruiting |
SXYGeeK
Gallente
do you
-Mostly Harmless-
|
Posted - 2010.10.28 23:57:00 -
[79]
http://www.eveonline.com/ingameboard.asp?a=topic&threadID=1406554&page=1
Check out this thread for a great video on youtube.
Markee Dragon (shattered crystal fame) interviewing Jared Psigoda (a kingpin in RMT consulting "Chinese Gold Farming"
Discuss in the thread linked above.
It is another reason that we need increased account security capabilities.
-We So SeXy |
BloodySpade
ANZAC ALLIANCE
IT Alliance
|
Posted - 2010.10.29 03:51:00 -
[80]
|
Dred Smith
|
Posted - 2010.10.31 15:30:00 -
[81]
Supported.
If CCP can act promptly, hackers will look for easier targets, and even non-adopters would be safer.
To be honest CCP should have offered this six months ago; now they have to use their precious resources to recover accounts for annoyed subscribers (I wonder what fraction quit EVE entirely?)
|
SXYGeeK
Gallente
do you
-Mostly Harmless-
|
Posted - 2010.11.03 20:08:00 -
[82]
Another proposal thread popped up for this issue here...
http://www.eveonline.com/ingameboard.asp?a=topic&threadID=1408509&page=1
I wanted to consolidate this discussion to this thread and keep it alive as it has a number of supports.
Please remember to click the "support" checkbox when posting your support here.
in this other thread it was suggested that PGP encryption be used as it is freely available.
I will cross post my response here.
---
PGP encryption is not a suitable alternative to external pass phrase systems.
a private key is needed to generate the PGP encryption on your client side, this could be captured by a keylogger or other compromise just as easy as a password.
The power of a security key, such as Pay Pal, or Blizzard Authenticator, is that it is a separate device that is much more difficult to compromise (it can even be your smart phone).
The best security is implemented by authenticating 3 things.
1: Something you know (a password)
2: Something you have (an external key, ID badge, ext..)
3: Something you are (fingerprint)
we currently only have #1, and it's easy to obtain something someone knows.
adding #2 has proven sufficient for other games, financial institutions, government agencies, ext... and could rather easily be implemented for EVE.
adding #3 is usually reserved for the highest security (military/secret) and would be difficult to implement in any meaningful way for online transactions.
-We So SeXy |
Aeo IV
Oneironautics Research Institute
|
Posted - 2010.11.03 20:45:00 -
[83]
adding support
|
Reddx Panther
|
Posted - 2010.11.05 21:15:00 -
[84]
RSA ftw, passwords are totally yesterday
|
GeeShizzle MacCloud
FUSI0N INDUSTRIES
|
Posted - 2010.11.06 00:04:00 -
[85]
yes to this - RSA ftw..
tho its definitely not infallable. bt only if u browse the most dodgy sites on the net totally unprotected.
|
EdwardNardella
Capital Construction Research
|
Posted - 2010.11.06 07:38:00 -
[86]
This enables secure account sharing. This will allow someone to lend out their account with no threat of it being stolen.
If it does not then it is worthless.
CCRES is recruiting pilots who want to live in WSpace/Wormholes. Fill out an application here! |
Pankas Carter
Chaos Theory Alliance
|
Posted - 2010.11.06 13:06:00 -
[87]
+ over nine thousand
--
|
SXYGeeK
Gallente
do you
-Mostly Harmless-
|
Posted - 2010.11.06 14:48:00 -
[88]
Edited by: SXYGeeK on 06/11/2010 14:50:38
Originally by: EdwardNardella
This enables secure account sharing. This will allow someone to lend out their account with no threat of it being stolen.
If it does not then it is worthless.
If only one security key can be associated with an account (typical) then this isn't making it easier for account sharing.
you'd have to have the person your sharing with to call you (TS or w/e) and read the passphrase of the moment of to them.
It's no different than if you where to reset your password for each person you share with prior to allowing them to login and then reseting it.
Sharing will continue to be a risk as you still don't know that the person you're sharing with won't otherwise compromise your account, wipe your items/isk, steal your MOM&Titan or otherwise.
and when those situations get petitioned someone usually ends up taking the BAN. (read recent EveNews24)
If this is combined with IP based security it would make it even more difficult for account sharing to take place.
-We So SeXy |
EdwardNardella
Capital Construction Research
|
Posted - 2010.11.06 18:05:00 -
[89]
Originally by: SXYGeeK
If only one security key can be associated with an account (typical) then this isn't making it easier for account sharing.
I never said anything about it being easier.
Originally by: SXYGeeK
It's no different than if you where to reset your password for each person you share with prior to allowing them to login and then reseting it.
Not true, you could recover your password because you still have the key.
Originally by: SXYGeeK
Sharing will continue to be a risk as you still don't know that the person you're sharing with won't otherwise compromise your account, wipe your items/isk, steal your MOM&Titan or otherwise.
I was talking about account being secure, not assets.
Originally by: SXYGeeK
and when those situations get petitioned someone usually ends up taking the BAN. (read recent EveNews24)
That is why you never petition account theft via sharing.
Originally by: SXYGeeK
If this is combined with IP based security it would make it even more difficult for account sharing to take place.
Yes but no one is talking about this.
This feature could make account sharing safer. That said I support this proposal on the condition that all that is required to transfer all three characters on an account is a single RSA key entry.
CCRES is recruiting pilots who want to live in WSpace/Wormholes. Fill out an application here! |
SXYGeeK
Gallente
do you
-Mostly Harmless-
|
Posted - 2010.11.07 02:36:00 -
[90]
I see, you're saying that the risk of having something unrecoverable stolen due to account sharing should be an effective limit on account sharing.
I don't know that that is the case, I have heard of several situations where someone sharing an account just reported it as "hacked" and had their characters/items returned. (the article in EveNews24 is the most recent such report of such a situation)
If CCP where serious about account sharing violations they would have IP based access control and would be issuing warnings and temp bans for suspicious access. I've actually never heard of them doing this.
Personally I think they don't really care until it causes them a support ticket.
You are right, security keys could remove one of the possible risks in sharing an account, however, there is still the risk to assets, corp/alliance roles, reputation. And I don't think that that those risks are really an effective deterrent in the first place. I think that the pain of communicating the key's pass phrase for every login would make most account sharing folks choose to use just passwords and not get a key.
-We So SeXy |
| |
|
| Pages: 1 2 [3] 4 :: one page |
| First page | Previous page | Next page | Last page |