EVE Search - [Proposal] RSA authentication (help us protect our accounts)

All Channels

Assembly Hall

[Proposal] RSA authentication (help us protect our accounts)

» Click here to find additional results for this topic using Google

Monitor this thread via RSS [?]

Pages: 1 2 3 4 :: [one page]
Author	Thread Statistics \| Show CCP posts - 0 post(s)
SXYGeeK Gallente do you -Mostly Harmless-	Posted - 2010.10.04 16:54:00 - [1] With the recent wave of account hackings and CCP's reminder again to "Protect Your Accounts" I would like to reboot an inactive Proposal. http://www.eveonline.com/ingameboard.asp?a=topic&threadID=131673 With the amount of time we invest into this game and the damage that can be caused by hacking perhaps greater than that of a credit card theft to some of us there is, in my opinion, not enough done by CCP to give us the tools to protect our accounts. There are a lot of suggestions about how security could be improved but the single best improvement would be RSA authentication. Blizzard uses this for WOW and we make fun of how "trivial" it is to level a WOW character, yet they have a better level of protection than our EVE characters. Please don't take it that I am recommending you go play WOW... but they have a very well done implementation of RSA security. here's the FAQ that will give a little idea of how it works. http://us.blizzard.com/support/article.xml?locale=en_US&articleId=24660 some key things to note. -keys are optional, If you do not have a key setup on your account you can login with username and password as usual. -once a key is added to the account it will be required for all logins. -a single key can be added to multiple accounts, it won't mean they are linked just that they all accept the same key. -ideally keys would be available for <$10 US, CCP could even offer them for 1 PLEX, optionally software keys would be available for all the smart phone app stores so we can use our phones as a key. I believe this is one of the most important meta game issues we have at this time, please discuss and promote this issue, do not let this thread die again. -We So SeXy
Aiwha 101st Space Marine Force Nulli Secunda	Posted - 2010.10.04 16:58:00 - [2] As a former WoW player, I definitely support such a system. Its not unduly complicated or hindering for users, and provides a level of security that few other features can match. I like me Senior Recruiter
Hadiax	Posted - 2010.10.04 16:58:00 - [3] I'd definatly say this is a good idea. Mainly because its optional, people will have the option to better protect their accounts but aren't forced to buy anything either. Can't go wrong with choice :p
mickeydilab1 GeoCorp. -Mostly Harmless-	Posted - 2010.10.04 17:14:00 - [4] Great idea to have additional layer of security, and it wont cost much.
Laviski UK Corp -Mostly Harmless-	Posted - 2010.10.04 17:27:00 - [5] Supported!!!!
MC SAKE	Posted - 2010.10.04 18:08:00 - [6] I support this. Would be great to have iphone/android apps for this as well.
Vuk Lau	Posted - 2010.10.04 18:11:00 - [7] Edited by: Vuk Lau on 04/10/2010 18:11:47 I like the proposal. Will investigate more and most likely raise it for the next meeting.
Seigneur Doa freelancers inc -Mostly Harmless-	Posted - 2010.10.04 18:18:00 - [8] Great idea and as you said it's simple to use. -- Keep your head up and the hammer down.
Pheobe Transista GeoCorp. -Mostly Harmless-	Posted - 2010.10.04 18:41:00 - [9] Definitely support better security options such as this.
Javajunky	Posted - 2010.10.04 18:42:00 - [10] I threw this post up back in February or sometime thereabouts, continue to support.
DeapSpace MadHatter	Posted - 2010.10.04 18:44:00 - [11] I would totally put down 300 million isk to have a more secure account.
BuzzBoy	Posted - 2010.10.04 18:45:00 - [12] Supported !
Lou Cypher Infinite Improbability Inc -Mostly Harmless-	Posted - 2010.10.04 19:11:00 - [13] yo Shrike > Good Morning Northen Monekys, this is God speaking.
Mynas Atoch Eternity INC. -Mostly Harmless-	Posted - 2010.10.04 19:13:00 - [14] Following best industry practice in account security matters should not require users to request. The unique metagaming that CCP's games are marketed on should result in CCP LEADING the industry in protection of its players.
Reza Najafi UK Corp -Mostly Harmless-	Posted - 2010.10.04 21:25:00 - [15] Edited by: Reza Najafi on 04/10/2010 21:26:44 I support this.
Saithe Caldari	Posted - 2010.10.04 22:08:00 - [16] There's also this thing I recently discovered. It's called your brain. I laugh at these people who cry about being victims of Identity theft and account hacking. Very FEW accounts are actually 'hacked'. Instead, the account info is phished because someone isn't using their brain. I personally run my entire PC with no antivirus, no firewall, and I run with DMZ on. Never once have I gotten any form of spyware, any virus, and only ONCE has my Eve account been compromised. And that was a lucky guess due to someones computer storing passwords in Firefox. So, in short; to better protect your account, USE YOUR **ING HEAD WHEN GOING TO WEBSITES. Seriously, why the ** do you need to enter your account information ANYWHERE but eveonline.com, eveonline gate, or the actual Eve client?
SXYGeeK Gallente do you -Mostly Harmless-	Posted - 2010.10.04 22:33:00 - [17] Originally by: Saithe There's also this thing I recently discovered. It's called your brain. I laugh at these people who cry about being victims of Identity theft and account hacking. Very FEW accounts are actually 'hacked'. Instead, the account info is phished because someone isn't using their brain. I personally run my entire PC with no antivirus, no firewall, and I run with DMZ on. Never once have I gotten any form of spyware, any virus, and only ONCE has my Eve account been compromised. And that was a lucky guess due to someones computer storing passwords in Firefox. So, in short; to better protect your account, USE YOUR **ING HEAD WHEN GOING TO WEBSITES. Seriously, why the ** do you need to enter your account information ANYWHERE but eveonline.com, eveonline gate, or the actual Eve client? This may work for some, and has so far worked for me as well, but I am not naive enough to believe that I am better than every security threat out there. this Is why I employ every security precaution at my disposal when dealing with things like my bank, utility companies, ext... I would like to have more options for security for EVE as I have invested a significant amount of my time there. However, not all users of Eve are as capable as you / or I , nor do I think we wish to limit the possible subscriber base to PC security enthusiasts. also, there's no need for the rude language in the Assembly Hall -We So SeXy
Saithe Caldari	Posted - 2010.10.04 22:39:00 - [18] I just find it amusing when people think they should rely upon someone else for account protection. Yes, security protections are useful; however the greatest security protection one can employ is yourself.
Wikis	Posted - 2010.10.04 22:46:00 - [19] GIVE ME RSA PROTECTION - N-O-W
Orange Lagomorph	Posted - 2010.10.04 23:10:00 - [20] I love how Saithe is soapboxing about "using your brain" when he himself brainlessly compromised one of his own accounts. Everyone always believes they're too smart to get phished, hacked or compromised. It never fails. But most of the time, they aren't. I support this product and/or service, because more protection can't hurt and might help.
codex09 Minmatar do you -Mostly Harmless-	Posted - 2010.10.04 23:11:00 - [21] Yes it would be great if there was more protection but not if it is going to cost players even more $$$ to play. The very best protection is that which the end user deploys themselves & when 98% of hacks are actually more along the lines of the person getting the p/w etc from the accounts owner due to being a friend, relative, or because they buy ISK or frequent sites that most players wouldn't bother with <hacking sites, Pirate software sites the list goes on> Why should everyone else have to pay for that? Extra security is always a good thing when it comes to computer games, BUT no matter how much security a game has nothing will stop it from happening if people continue to see their account details as something that isn't really that important, or they continue to frequent Phishing sites, Pirate Software sites etc etc. There are people who want to die & It is Our Job To make sure they get their wish as fast as possible!?!
De'Veldrin Minmatar CareBears on Fire The Obsidian Legion	Posted - 2010.10.04 23:50:00 - [22] As long as it's optional, yes indeedy. I love the little key fob things. I just hope I don't confuse it with the one I have for work. --Vel
Saelie	Posted - 2010.10.05 00:31:00 - [23] Supporting option for increased security.
count sporkula	Posted - 2010.10.05 01:23:00 - [24] i would certainly consider buying it
Jeff Curro The Rising Stars -Mostly Harmless-	Posted - 2010.10.05 01:46:00 - [25] ftw
stupid monkey	Posted - 2010.10.05 04:32:00 - [26] sounds good
Demondrew THORN Syndicate Controlled Chaos	Posted - 2010.10.05 06:57:00 - [27] great idea protect my stuff ccp!
theWoman do you -Mostly Harmless-	Posted - 2010.10.05 06:57:00 - [28] yeah baby yeah
Drake Draconis Shadow Cadre Shadow Confederation	Posted - 2010.10.05 08:22:00 - [29] Edited by: Drake Draconis on 05/10/2010 08:23:32 No amount of key fobs or additional security will ever beat common sense. 9 times out of 10 the problem starts with the idiot at the keyboard.... the ones who click on links to sites that are not legitimate... the ones who download software without restraint. You can't fix stupid... and I seriously doubt CCP will even bother to do this properly if such a proposal would come to pass. As long as its option I don't have a problem with it. But mark my words... this is a patch at best... not a solution. ========================= CEO of Shadow Cadre http://www.shadowcadre.com =========================
Nuts Nougat Perkone	Posted - 2010.10.05 09:49:00 - [30] Passwordless login a la SSH please. ---
Miss Maersk	Posted - 2010.10.05 10:55:00 - [31] Support??, U've got it m8, good ideas in here
TeaDaze	Posted - 2010.10.05 12:16:00 - [32] This is part of the Account Security Enhancements proposal which is still in the CSM backlog. We can discuss this again during the December summit and try to get it raised in priority. TeaDaze.net Blog \| CSM Database
Laxyr Chamsin Mining Inc.	Posted - 2010.10.05 12:21:00 - [33] As long as it stays optional...
wr3cks Reliables Inc Majesta Empire	Posted - 2010.10.05 13:28:00 - [34] So, to clarify, how many times do we have to raise what is obviously a good idea before CCP will consider it? Three? Five?
De'Veldrin Minmatar CareBears on Fire The Obsidian Legion	Posted - 2010.10.05 15:03:00 - [35] Originally by: wr3cks So, to clarify, how many times do we have to raise what is obviously a good idea before CCP will consider it? Three? Five? Over 9000 --Vel
SXYGeeK do you -Mostly Harmless-	Posted - 2010.10.05 15:08:00 - [36] Originally by: TeaDaze This is part of the Account Security Enhancements proposal which is still in the CSM backlog. We can discuss this again during the December summit and try to get it raised in priority. Thanks Tea, however the security tokens seems to be a small footnote in the proposal you linked. It's mostly concerned with character transfer proceedings. I might add that If account management was secured by RSA key it would be much much harder for anyone to initiate an unauthorized character transfer. I want to stress that RSA keys are perhaps the single best security mechanism that could be added and we should be clear that it should be the first priority, not a "Long term security improvement to consider" -We So SeXy
H3ndrix freelancers inc -Mostly Harmless-	Posted - 2010.10.05 16:35:00 - [37] Edited by: H3ndrix on 05/10/2010 16:36:25 sounds good I used to have a Sig but CCP Nerfed it !!!! It wasn't Nerfed, it was moderationally enhanced. -Darth Patches
Otaci	Posted - 2010.10.05 17:44:00 - [38] Originally by: Nuts Nougat Passwordless login a la SSH please. Ooh yeah, this would be great. Maybe as an alternative to the RSA, a USB or smartcard thing maybe. Got the USB plugged in then don't need password.
Tharill daSai Serringer Arms Inc Free United Spirits	Posted - 2010.10.05 17:44:00 - [39] Support
Leveaux Gallente Eve University Ivy League	Posted - 2010.10.05 18:21:00 - [40] I suppose this!!! I have used RSA while I was in the U.S. Navy and we currently use it at my current job. ཀཐ٦རམ ٦ཏཤནཟཤ
Troll Bridgington SWARTA Mostly Clueless	Posted - 2010.10.05 18:30:00 - [41] A keyfob would be nice. It would give me an excuse to carry around more eve related stuff on my person.
Klyria Agent-Orange Nabaal Syndicate	Posted - 2010.10.05 20:04:00 - [42] Yeah, this is something I like.
David Carel Random Selection. Tactical Narcotics Team	Posted - 2010.10.05 20:44:00 - [43]
Lina Aviari	Posted - 2010.10.06 15:25:00 - [44] Supported. One caution regarding an optional system is the fact that non-users of the Blizzard tokens have had (probably software) tokens put on their stolen accounts to lock them out of their own accounts. This is not a deal-killer by any means, but thought needs to be put into a process for efficiently handling/preventing situations like this if tokens are implemented.
Hugh Hefner Paxton Industries -Mostly Harmless-	Posted - 2010.10.06 15:43:00 - [45] I support this suggestion.
Musashi Takanohana	Posted - 2010.10.06 15:45:00 - [46] +1
Magnus Lex	Posted - 2010.10.06 15:46:00 - [47] +1
Magnus Compress	Posted - 2010.10.06 15:48:00 - [48] +1
Intar Medris Production Industry Mining Profiteers Shadow of xXDEATHXx	Posted - 2010.10.06 21:44:00 - [49] Originally by: Saithe There's also this thing I recently discovered. It's called your brain. I laugh at these people who cry about being victims of Identity theft and account hacking. Very FEW accounts are actually 'hacked'. Instead, the account info is phished because someone isn't using their brain. I personally run my entire PC with no antivirus, no firewall, and I run with DMZ on. Never once have I gotten any form of spyware, any virus, and only ONCE has my Eve account been compromised. And that was a lucky guess due to someones computer storing passwords in Firefox. So, in short; to better protect your account, USE YOUR **ING HEAD WHEN GOING TO WEBSITES. Seriously, why the do you need to enter your account information ANYWHERE but eveonline.com, eveonline gate, or the actual Eve client? Your the one not using your head. No firewall, no anti-virus, or no anti-malware period. You sir are a hacker's wet dream. Even when surfing to a legitimate site you can be infected, or one of your friends get infected and the virus gets attached to an email they send you. Oh and how do you know you haven't been infected with nothing to scan to detect threats, you don't. And when you do get one hope it is only a nuisance virus and not one that could destroy your beloved computer from the inside out. And yes better security is always better. Flame me I dare you.**
Mara Rinn	Posted - 2010.10.06 21:48:00 - [50] Originally by: Saithe There's also this thing I recently discovered. It's called your brain. à my Eve account been compromised à due to someones computer storing passwords in Firefox. USE YOUR ****ING HEAD WHEN GOING TO WEBSITES FYP. I'd be interested to hear some statistics from CCP about the number of failed login attempts per account per day. i.e.: the number of brute-force attempts by people trying to guess bad passwords. -- [Aussie players: join ANZAC channel]
Cebraio	Posted - 2010.10.06 21:54:00 - [51] Supporting more account security! ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄`
Insurgent540 Minmatar	Posted - 2010.10.07 02:16:00 - [52] +1 Support this proposal
Melina Lin	Posted - 2010.10.07 05:30:00 - [53] Griefing the phishers! It's a start.
Martosh Toma Fraction Investment	Posted - 2010.10.07 14:25:00 - [54] Edited by: Martosh Toma on 07/10/2010 14:27:11 Add the folowing securities before enabling rsa key purchase: - account details must be unmoddified for 30 days prior to request - login notification of recent account detail modification - login notificcation of failed logins - login notification of previously unknown ip logins (both on web and client login of course) with some kind of email verification allow rsa purchase (5 day cooldown + login notification of purchase request) doing it this way you could even sell the rsa for a few plex at little extra security risks
Ervyn Infinite Improbability Inc -Mostly Harmless-	Posted - 2010.10.07 15:45:00 - [55] Edited by: Ervyn on 07/10/2010 15:45:59 Excellent idea.
SXYGeeK Gallente do you -Mostly Harmless-	Posted - 2010.10.08 16:25:00 - [56] Another announcement today to protect our accounts, and the only tool we are given is the antiquated password with the recommendation to change it often. Please support this topic and let CCP know we need better tools to help us protect our accounts. -We So SeXy
BurningWrath Perkone	Posted - 2010.10.08 21:26:00 - [57] Yes, I pay quite a bit for my two toons. I dont want to loose it just like that. +1 ______________________________________________ From Carebears to Scarebears~
Delagos Almondis	Posted - 2010.10.08 21:40:00 - [58] Like. But please, dont sell them via the eve store where you have to pay ~30 $ shipment costs for a 10x10 minmatar sticker. I especially like the smartphone app idea.
Gauss Gun	Posted - 2010.10.08 23:34:00 - [59]
Meisje	Posted - 2010.10.09 13:39:00 - [60] Eve has an account hacking problem because of all the 3rd party work that goes into the game. Extra security on accounts seems very appropriate in this case.
Seamus Donohue	Posted - 2010.10.09 17:45:00 - [61] Edited by: Seamus Donohue on 09/10/2010 17:47:05 Yes, implement it. Yes, make it optional. If you make it, I will buy it. Originally by: De'Veldrin As long as it's optional, yes indeedy. I love the little key fob things. I just hope I don't confuse it with the one I have for work. The ones mailed out by Blizzard for World of Warcraft have the Blizzard logo on them, so they can't be mistaken for anything else unless one is blind. Of course, if one is blind, then that raises more fundamental usability issues with the game, itself. It should be a simple matter to have EVE Online RSA devices be manufactured with the CCP logo. __________________________________________________ Survivor of Teskanen, fan of John Rourke.
Zendoren Aktaeon Industries	Posted - 2010.10.09 20:29:00 - [62] Edited by: Zendoren on 09/10/2010 20:29:46 Supported. I would love to have a complimentary and functional EVE-Online key chain!
Astroka	Posted - 2010.10.09 23:00:00 - [63] Supported. Former WoW player, and I like this system. Very few drawbacks to implementing this and the added (optional!) security is wonderful. ====================================== "Rawr" means "I love you" in dinosaur! ======================================
Dek Kato	Posted - 2010.10.10 03:56:00 - [64] Supported, though I would hope for a good implementation to support the number of multiple account owners on EVE. Originally by: CCP Shadow Thread locked due to troll convention.
Aineko Macx	Posted - 2010.10.10 05:57:00 - [65] Wholeheartedly supported. Tho IIRC CCP already went MEH over it in the past ________________________ CCP: Where fixing bugs is a luxury, not an obligation.
Saidin Thor	Posted - 2010.10.12 00:12:00 - [66] Like the idea, but totally agree with Dek Kato's post. Originally by: Dek Kato Supported, though I would hope for a good implementation to support the number of multiple account owners on EVE.
Nikita Haley Collegium Mechanicae	Posted - 2010.10.12 03:05:00 - [67] As per Dek Kato. You know, I used to poke fun of my roommates' Blizzard auth things all the time. I would've definitely bought one for EVE though, CCP's got a snazzy logo just waiting for a functional keychain to sit on.
ChrisIsherwood	Posted - 2010.10.12 16:33:00 - [68] Supported. Yes, most problems occur when people are being stupid. OTOH, it is probably easier to change the security than the entire human race. And you having done something unsafe and survived does not prove it was safe - be it DUI, unprotected sx or surfing. Google "first day exploits" - Adobe and Flash are recent favorites where an up-to-date machine on a good website can even get malware served up from an advertising network that appears in the sidebar. This will cost CCP money to implement. However the reduced customer service costs offset this. At some point, as the player population grows and humans (customer service agents/GMs) get more expensive and technology gets cheaper, the lines will cross, if TFA is not already a cost savings. Also note that it's not just physical fobs any more. iPhone/Android/smartphone applications get around the shipping issue. Personally, I would prefer for CCP to be a leader in technology in general and play protection in particular. But at least now they should play catch-up. The next level is to optionally* allow a corp/alliance to say that certain roles require a TFA authenticator. E.g., a large alliance could say only characters with an authenticator could be assigned the role that allows disband an alliance. The CVA disband that was undone probably could have been avoided.
Tonto Auri Vhero' Multipurpose Corp	Posted - 2010.10.13 00:11:00 - [69] Originally by: SXYGeeK Blizzard uses this for WOW and we make fun of how "trivial" it is to level a WOW character, yet they have a better level of protection than our EVE characters. Please don't take it that I am recommending you go play WOW... but they have a very well done implementation of RSA security. What you mean RSA security? You seems to be spitting words without knowledge. What in Blizzard stupidity is related to Rivest-Shamir-Aldeman chipher algorithm? -- Thanks CCP for cu
Facepalm Battlestars Wildly Inappropriate.	Posted - 2010.10.15 11:09:00 - [70] Yes plx. Knead theese theese daiz. ------------
Pesets The Hunt Club	Posted - 2010.10.17 16:20:00 - [71]
ChrisIsherwood	Posted - 2010.10.18 15:28:00 - [72] Originally by: Tonto Auri What you mean RSA security? You seems to be spitting words without knowledge. What in Blizzard stupidity is related to Rivest-Shamir-Aldeman chipher algorithm? The algorithm is called RSA. The name of the company is called RSA. The first (widely known) 2FA hardware dongles were sold by RSA Inc. and called RSA Authenticators. The Blizzard Authenticator(tm) may or may not be based upon a RSA Authenticator(tm) from the RSA. It's been over 17 years (patent life) since their 1978 paper so there may be cheaper alternatives than from RSA Inc. But in the same way that people make xerox copies and google the internet even if they use a Canon and (shudder) Bling, I usually see them referred to as RSA Authenticators, whether describing the Blizzard model or another.
AmarrettoDiAmarr	Posted - 2010.10.18 15:46:00 - [73]
Maxsim Goratiev Gallente Imperial Tau Syndicate	Posted - 2010.10.18 16:31:00 - [74] thi is fairly usefull, and shall be done. Login history as well please. E-mail with a recovery key active for three days every time a password is changed. Password and e-mail cannot be changed on the same day, at least three days must pass. Character has to be unlocked before it can be moved/transferedsold, the unlocking prosess may take three days/whatever There is an enormous amount of security features that can be implemented. Wedo deserve more security.
SXYGeeK Gallente do you -Mostly Harmless-	Posted - 2010.10.25 16:56:00 - [75] Yet another reminder today to secure our accounts under yet another "wave" of account hackings. perhaps the frequency and seeming ease at which these "waves" of account compromise are occurring should give some indication that EVE account security is not adequate, and that placing most of the responsibility for account security on vulnerable users and their systems is not improving the problem. Please support this and ask your favorite CSM to encourage CCP to prioritize account security in light of these continuing waves. We need a breakwater, a breakwater made of authentication tokens :), and perhaps some "no wake" buoys. -We So SeXy
Rickhart	Posted - 2010.10.25 19:39:00 - [76] how can someone not support this?
Berendas Neo Spartans Laconian Syndicate	Posted - 2010.10.25 22:20:00 - [77] More account security can't be a bad thing.
Gilgamoth Eldritch Storm The Matari Consortium	Posted - 2010.10.28 23:38:00 - [78] I support this Regards, Gil --- We're Recruiting
SXYGeeK Gallente do you -Mostly Harmless-	Posted - 2010.10.28 23:57:00 - [79] http://www.eveonline.com/ingameboard.asp?a=topic&threadID=1406554&page=1 Check out this thread for a great video on youtube. Markee Dragon (shattered crystal fame) interviewing Jared Psigoda (a kingpin in RMT consulting "Chinese Gold Farming" Discuss in the thread linked above. It is another reason that we need increased account security capabilities. -We So SeXy
BloodySpade ANZAC ALLIANCE IT Alliance	Posted - 2010.10.29 03:51:00 - [80]
Dred Smith	Posted - 2010.10.31 15:30:00 - [81] Supported. If CCP can act promptly, hackers will look for easier targets, and even non-adopters would be safer. To be honest CCP should have offered this six months ago; now they have to use their precious resources to recover accounts for annoyed subscribers (I wonder what fraction quit EVE entirely?)
SXYGeeK Gallente do you -Mostly Harmless-	Posted - 2010.11.03 20:08:00 - [82] Another proposal thread popped up for this issue here... http://www.eveonline.com/ingameboard.asp?a=topic&threadID=1408509&page=1 I wanted to consolidate this discussion to this thread and keep it alive as it has a number of supports. Please remember to click the "support" checkbox when posting your support here. in this other thread it was suggested that PGP encryption be used as it is freely available. I will cross post my response here. --- PGP encryption is not a suitable alternative to external pass phrase systems. a private key is needed to generate the PGP encryption on your client side, this could be captured by a keylogger or other compromise just as easy as a password. The power of a security key, such as Pay Pal, or Blizzard Authenticator, is that it is a separate device that is much more difficult to compromise (it can even be your smart phone). The best security is implemented by authenticating 3 things. 1: Something you know (a password) 2: Something you have (an external key, ID badge, ext..) 3: Something you are (fingerprint) we currently only have #1, and it's easy to obtain something someone knows. adding #2 has proven sufficient for other games, financial institutions, government agencies, ext... and could rather easily be implemented for EVE. adding #3 is usually reserved for the highest security (military/secret) and would be difficult to implement in any meaningful way for online transactions. -We So SeXy
Aeo IV Oneironautics Research Institute	Posted - 2010.11.03 20:45:00 - [83] adding support
Reddx Panther	Posted - 2010.11.05 21:15:00 - [84] RSA ftw, passwords are totally yesterday
GeeShizzle MacCloud FUSI0N INDUSTRIES	Posted - 2010.11.06 00:04:00 - [85] yes to this - RSA ftw.. tho its definitely not infallable. bt only if u browse the most dodgy sites on the net totally unprotected.
EdwardNardella Capital Construction Research	Posted - 2010.11.06 07:38:00 - [86] This enables secure account sharing. This will allow someone to lend out their account with no threat of it being stolen. If it does not then it is worthless. CCRES is recruiting pilots who want to live in WSpace/Wormholes. Fill out an application here!
Pankas Carter Chaos Theory Alliance	Posted - 2010.11.06 13:06:00 - [87] + over nine thousand --
SXYGeeK Gallente do you -Mostly Harmless-	Posted - 2010.11.06 14:48:00 - [88] Edited by: SXYGeeK on 06/11/2010 14:50:38 Originally by: EdwardNardella This enables secure account sharing. This will allow someone to lend out their account with no threat of it being stolen. If it does not then it is worthless. If only one security key can be associated with an account (typical) then this isn't making it easier for account sharing. you'd have to have the person your sharing with to call you (TS or w/e) and read the passphrase of the moment of to them. It's no different than if you where to reset your password for each person you share with prior to allowing them to login and then reseting it. Sharing will continue to be a risk as you still don't know that the person you're sharing with won't otherwise compromise your account, wipe your items/isk, steal your MOM&Titan or otherwise. and when those situations get petitioned someone usually ends up taking the BAN. (read recent EveNews24) If this is combined with IP based security it would make it even more difficult for account sharing to take place. -We So SeXy
EdwardNardella Capital Construction Research	Posted - 2010.11.06 18:05:00 - [89] Originally by: SXYGeeK If only one security key can be associated with an account (typical) then this isn't making it easier for account sharing. I never said anything about it being easier. Originally by: SXYGeeK It's no different than if you where to reset your password for each person you share with prior to allowing them to login and then reseting it. Not true, you could recover your password because you still have the key. Originally by: SXYGeeK Sharing will continue to be a risk as you still don't know that the person you're sharing with won't otherwise compromise your account, wipe your items/isk, steal your MOM&Titan or otherwise. I was talking about account being secure, not assets. Originally by: SXYGeeK and when those situations get petitioned someone usually ends up taking the BAN. (read recent EveNews24) That is why you never petition account theft via sharing. Originally by: SXYGeeK If this is combined with IP based security it would make it even more difficult for account sharing to take place. Yes but no one is talking about this. This feature could make account sharing safer. That said I support this proposal on the condition that all that is required to transfer all three characters on an account is a single RSA key entry. CCRES is recruiting pilots who want to live in WSpace/Wormholes. Fill out an application here!
SXYGeeK Gallente do you -Mostly Harmless-	Posted - 2010.11.07 02:36:00 - [90] I see, you're saying that the risk of having something unrecoverable stolen due to account sharing should be an effective limit on account sharing. I don't know that that is the case, I have heard of several situations where someone sharing an account just reported it as "hacked" and had their characters/items returned. (the article in EveNews24 is the most recent such report of such a situation) If CCP where serious about account sharing violations they would have IP based access control and would be issuing warnings and temp bans for suspicious access. I've actually never heard of them doing this. Personally I think they don't really care until it causes them a support ticket. You are right, security keys could remove one of the possible risks in sharing an account, however, there is still the risk to assets, corp/alliance roles, reputation. And I don't think that that those risks are really an effective deterrent in the first place. I think that the pain of communicating the key's pass phrase for every login would make most account sharing folks choose to use just passwords and not get a key. -We So SeXy
SXYGeeK Gallente do you -Mostly Harmless-	Posted - 2010.11.19 08:12:00 - [91] I just can't let this drift into the shadow, It must stay on the front page, moar supports plz. -We So SeXy
GloryMen Incidental Damage	Posted - 2010.12.31 17:50:00 - [92] Up
Corian Teranos Caldari Joint Espionage and Defence Industries Preatoriani	Posted - 2010.12.31 19:31:00 - [93] in a side note i would like the password system in eve to accept accented latin and other non standard characters as symbols. :Its all fun and games untill your logistics guy tries passive tanking his raven:
herot Fortunis - Redux	Posted - 2011.01.05 10:30:00 - [94]
Aphrodite Skripalle Galactic Defence Consortium	Posted - 2011.01.05 10:54:00 - [95] add me.. but dont let it cost extra money. Why that ? Its not only the user interest, its ccp interest that users can login safely without fear their accounts can get hacked easily.
Ranka Mei	Posted - 2011.01.05 13:30:00 - [96] Supported. +1 --
Wiki Leaks	Posted - 2011.01.05 15:19:00 - [97] How much money do you need to spend before you feel secure? My bank doesn't feel it necessary to protect with unnecessary hardware, and I rather imagine they're a lot better at account security than CCP or the OP.
NaMorham Santorin Raptor Ops Kamikaze Project	Posted - 2011.01.07 01:40:00 - [98] Edited by: NaMorham Santorin on 07/01/2011 01:40:22 First of all, I strongly support this, Second... Originally by: ChrisIsherwood Originally by: Tonto Auri What you mean RSA security? You seems to be spitting words without knowledge. What in Blizzard stupidity is related to Rivest-Shamir-Aldeman chipher algorithm? The algorithm is called RSA. The name of the company is called RSA. The first (widely known) 2FA hardware dongles were sold by RSA Inc. and called RSA Authenticators. The Blizzard Authenticator(tm) may or may not be based upon a RSA Authenticator(tm) from the RSA. It's been over 17 years (patent life) since their 1978 paper so there may be cheaper alternatives than from RSA Inc. But in the same way that people make xerox copies and google the internet even if they use a Canon and (shudder) Bling, I usually see them referred to as RSA Authenticators, whether describing the Blizzard model or another. The blizzard tokens are from a company called VASCO Data Security, not RSA, RSA (the company) are encryption specialists, VASCO are authentication, just to make it easier if you're looking for more information. Either companies tokens would be better than none, but only if optional edit - since preview deselects the support checkbox ------------------------- How do I set my laser printer to stun?

Pages: 1 2 3 4 :: [one page]

COPYRIGHT NOTICE
EVE Online, the EVE logo, EVE and all associated logos and designs are the intellectual property of CCP hf. All artwork, screenshots, characters, vehicles, storylines, world facts or other recognizable features of the intellectual property relating to these trademarks are likewise the intellectual property of CCP hf. EVE Online and the EVE logo are the registered trademarks of CCP hf. All rights are reserved worldwide. All other trademarks are the property of their respective owners. CCP hf. has granted permission to EVE-Search.com to use EVE Online and all associated logos and designs for promotional and information purposes on its website but does not endorse, and is not in any way affiliated with, EVE-Search.com. CCP is in no way responsible for the content on or functioning of this website, nor can it be liable for any damage arising from the use of this website.