| Pages: [1] 2 :: one page |
|
|
| Author |
Thread Statistics | Show CCP posts - 1 post(s) |
Private Langvann
   |
Posted - 2010.10.05 04:20:00 -
[1]
If CCP is so worried about their players having their accounts hacked, why dont they start selling authenticators like the BANK uses.. and some other known mmo played by millions of other people.
I was having big troubles having my battlenet account hacked all the time. So i got the authenticator, and havent been hacked ever since.
Authenticator ftw.
All hail the mighty fluffy. The destroyer of worlds! |
Lance Fighter
Amarr
|
Posted - 2010.10.05 04:33:00 -
[2]
Weird. Ive never had my account hacked.
Ever.
 Originally by: Cat o'Ninetails
so i'm pretty much anti cat at the moment (lol)
x
|
Forum Stuff
|
Posted - 2010.10.05 04:44:00 -
[3]
They've said it would essentially cost too much to produce/sell for too few people who'd use it to be price effective.
|
Lady Aja
Caldari
|
Posted - 2010.10.05 04:57:00 -
[4]
ccp shoud just get rid of RMT already!
they florish in this game
fix RMT CCP you dumb *****!
|
Seth Ruin
Minmatar
Ominous Corp
Circle-Of-Two
|
Posted - 2010.10.05 05:06:00 -
[5]
Originally by: Forum Stuff
They've said it would essentially cost too much to produce/sell for too few people who'd use it to be price effective.
Except solutions like the YubiKey require no capital on the part of the developer. It's essentially a standalone solution that developers can add to their applications, and I'm certain there are other solutions out there that are similarly cost-effective (this is the only one I have any experience with).
|
Djavo
Storm Solutions
Privateer Alliance
|
Posted - 2010.10.05 07:08:00 -
[6]
I think the best idea is not to click links in emails for say...
"Hi we've found a problem with your account, please login here and give us all your details!"
Would you click on fake bank emails and provide your full details and pin number? If you answer yes to the above please EVEmail me your email address.
That is all.
|
|
Chribba
Otherworld Enterprises
Otherworld Empire
|
Posted - 2010.10.05 07:11:00 -
[7]
Additional security features for our accounts, yes please.
Secure 3rd party service | my in-game channel 'Holy Veldspar' |
|
ThrashPower
Gallente
Genos Occidere
HYDRA RELOADED
|
Posted - 2010.10.05 07:16:00 -
[8]
Originally by: Lance Fighter
Weird. Ive never had my account hacked.
Ever.
Originally by: Djavo
I think the best idea is not to click links in emails for say...
"Hi we've found a problem with your account, please login here and give us all your details!"
Would you click on fake bank emails and provide your full details and pin number? If you answer yes to the above please EVEmail me your email address.
That is all.
Do we even play the same game? Most posters on this forum and most players in game are just blatantly ******ed. And they have no clue what so ever that their actions out of game might compromise their accounts. The issue here is that these people might be so dumb they wouldn't even know how to order an authenticator should they be given the choice.
|
Tio Sakai
|
Posted - 2010.10.05 07:17:00 -
[9]
Originally by: Forum Stuff
They've said it would essentially cost too much to produce/sell for too few people who'd use it to be price effective.
You can produce a smartphone authentication token for much less than the cost of a hardware solution. But then, even if CCP jumped on this tomorrow they'd still be behind the curve.
|
Miss Connolly
Public Relations Corp
|
Posted - 2010.10.05 07:42:00 -
[10]
Originally by: Forum Stuff
They've said it would essentially cost too much to produce/sell for too few people who'd use it to be price effective.
this is simply a lie from CCP because they don't really care about account secirity. It's no problem to provide software based authenticators such as the iPhone app that blizzard uses (or any of the other solutions that don't require any special hardware).
Also instead of selling overprized crap merchandise on their webshop they could simply sell RSA authenticators that way. I really can't see the problem.
In a game like EVE where your account is so important and hard to replace this kind of thing is extra important. Especialky considering that CCP don't have any proper customer support and don't replace anything that was stolen by hackers.
Typical CCP... To lazy to provide decent support, to money-oriented to implement existing solutions... *sigh*
___________________
"It was mentioned by CCP that the data does not seem to support that polished quality sells better than new features."
These are the people you are giving your money to. |
|
|
Cupio Mortem
|
Posted - 2010.10.05 07:54:00 -
[11]
Originally by: Miss Connolly
Originally by: Forum Stuff
They've said it would essentially cost too much to produce/sell for too few people who'd use it to be price effective.
this is simply a lie from CCP because they don't really care about account secirity. It's no problem to provide software based authenticators such as the iPhone app that blizzard uses (or any of the other solutions that don't require any special hardware).
Also instead of selling overprized crap merchandise on their webshop they could simply sell RSA authenticators that way. I really can't see the problem.
In a game like EVE where your account is so important and hard to replace this kind of thing is extra important. Especialky considering that CCP don't have any proper customer support and don't replace anything that was stolen by hackers.
Typical CCP... To lazy to provide decent support, to money-oriented to implement existing solutions... *sigh*
And you continue to show them your rage and frustration by refusing to pay. Oh wait.
|
Mr Kidd
|
Posted - 2010.10.05 09:30:00 -
[12]
Edited by: Mr Kidd on 05/10/2010 09:31:54
Originally by: Lance Fighter
Weird. Ive never had my account hacked.
Ever.
Right. And since you've never had your account hacked...ever....lets not do anything to improve security on an authentication system that was antiquated years before CCP implemented it.
|
Melody Netas
Random Selection.
|
Posted - 2010.10.05 17:38:00 -
[13]
Originally by: Mr Kidd
Edited by: Mr Kidd on 05/10/2010 09:31:54
Originally by: Lance Fighter
Weird. Ive never had my account hacked.
Ever.
Right. And since you've never had your account hacked...ever....lets not do anything to improve security on an authentication system that was antiquated years before CCP implemented it.
Really, if you use just a little bit of smarts with your account data you stand almost 0 chance of getting hacked.
Use an account name that's not something you're known by - or go by in game. Use a secure password. Don't fall for phishing mails. Most importantly, don't click "WII SEX TOY" links, or buy ISK.
|
|
CCP Zymurgist
Gallente
C C P
|
Posted - 2010.10.05 17:53:00 -
[14]
Moved from General Discussion
Zymurgist
Community Representative
CCP Hf, EVE Online
Contact Us |
|
Feilamya
Pain Elemental
|
Posted - 2010.10.05 17:56:00 -
[15]
Accounts don't get hacked.
If all those account *****s who share their passwords with strangers on the internets had the balls to admit that they have broken the EULA and got scammed in return, we would see far less "hacked" accounts.
|
Valandril
Caldari
Ex-Mortis
|
Posted - 2010.10.05 17:58:00 -
[16]
Originally by: Chribba
Additional security features for our accounts, yes please.
It's not real security, only ilussion of it
Recruit me if you dare |
Carine Parnasse
|
Posted - 2010.10.05 19:04:00 -
[17]
Originally by: Valandril
Originally by: Chribba
Additional security features for our accounts, yes please.
It's not real security, only ilussion of it
Care to explain how authenticators don't offer real security? Or do you just like inserting random assertions?
|
Nuts Nougat
Perkone
|
Posted - 2010.10.05 19:09:00 -
[18]
Edited by: Nuts Nougat on 05/10/2010 19:10:35
Confirming that people generally don't get "hacked". They give away their password to someone by either clicking on fishy links, or just blatantly logging in to some phishing site.
Also, what I find funny is, I don't even get any spam mails about eve. I get tons of spam about my "wow beta" and "wow accounts" and "battlenet accounts", even though I don't have any of those. But no spam about EVE, whatsoever. I'm confused.
Edit: Still want passwordless login a la SSH, though.
---
|
Valandril
Caldari
Ex-Mortis
|
Posted - 2010.10.05 20:16:00 -
[19]
Originally by: Carine Parnasse
Originally by: Valandril
Originally by: Chribba
Additional security features for our accounts, yes please.
It's not real security, only ilussion of it
Care to explain how authenticators don't offer real security? Or do you just like inserting random assertions?
Maybe because most of account stolen are via worm attacks which have no issue to hijack your session, login with it you your account and remove the authenticator and then hook up their own (just like it happends in wow) so in order to react you have to wait for support ?
Recruit me if you dare |
Carine Parnasse
|
Posted - 2010.10.05 21:02:00 -
[20]
Originally by: Valandril
Maybe because most of account stolen are via worm attacks which have no issue to hijack your session, login with it you your account and remove the authenticator and then hook up their own (just like it happends in wow) so in order to react you have to wait for support ?
Ahhh i see. You're a moron. How about a link to any evidence for any of that? You think the majority of account hijackings are worms taking over your session? Which somehow also gives them access to account management? And you can't remove an authenticator from a wow account without either using the authenticator twice, or calling Blizz.
Most account hijackings are keyloggers, to steal an authenticated account you need to do a man in the middle attack, which means any theft has to be targeted, you can't just release a keylogger.
|
|
|
Valandril
Caldari
Ex-Mortis
|
Posted - 2010.10.05 21:19:00 -
[21]
Originally by: Carine Parnasse
Originally by: Valandril
Maybe because most of account stolen are via worm attacks which have no issue to hijack your session, login with it you your account and remove the authenticator and then hook up their own (just like it happends in wow) so in order to react you have to wait for support ?
Ahhh i see. You're a moron. How about a link to any evidence for any of that? You think the majority of account hijackings are worms taking over your session? Which somehow also gives them access to account management? And you can't remove an authenticator from a wow account without either using the authenticator twice, or calling Blizz.
Most account hijackings are keyloggers, to steal an authenticated account you need to do a man in the middle attack, which means any theft has to be targeted, you can't just release a keylogger.
Go get a clue you ****** about worms. That was all.
Recruit me if you dare |
Luthair StoneDog
Gallente
Wormhole XXXtreme
|
Posted - 2010.10.05 23:21:00 -
[22]
Edited by: Luthair StoneDog on 05/10/2010 23:22:17
Originally by: ThrashPower
The issue here is that these people might be so dumb they wouldn't even know how to order an authenticator should they be given the choice.
WoW players seem to manage... and they're morons...
|
|
Chribba
Otherworld Enterprises
Otherworld Empire
|
Posted - 2010.10.06 06:50:00 -
[23]
Originally by: Valandril
Originally by: Chribba
Additional security features for our accounts, yes please.
It's not real security, only ilussion of it
If they implement my idea of restricting your accounts via IP-addresses, I wouldn't count my restriction as illusion at least.
Secure 3rd party service | my in-game channel 'Holy Veldspar' |
|
Valandril
Caldari
Ex-Mortis
|
Posted - 2010.10.06 07:00:00 -
[24]
Originally by: Chribba
Originally by: Valandril
Originally by: Chribba
Additional security features for our accounts, yes please.
It's not real security, only ilussion of it
If they implement my idea of restricting your accounts via IP-addresses, I wouldn't count my restriction as illusion at least.
As neat this idea is, most people play from multiple places (and on top of that have dynamic IP numbers) so this would receive very small audience. To be frank if we want to improve security, we are looking in wrong direction. Instead of another mechanisms (that won't stop idiots from getting hacked anyway) we should simply educate people more so they will know that downloading "hotlesbianaction.avi.exe" is not a good idea.
Recruit me if you dare |
Nuts Nougat
Perkone
|
Posted - 2010.10.06 07:22:00 -
[25]
They should just do what they did on the forum. If you log in from an unknown IP, it asks you for a character on your account. This wouldn't hinder a targeted attack but would add some security for people downloading random keyloggers.
That said, I'm probably one of the rare people that only plays from 1-2 different IPs (home, + work ip to change skills), most people have dynamic ones. Suckers 
---
|
Valandril
Caldari
Ex-Mortis
|
Posted - 2010.10.06 07:43:00 -
[26]
Originally by: Nuts Nougat
They should just do what they did on the forum. If you log in from an unknown IP, it asks you for a character on your account. This wouldn't hinder a targeted attack but would add some security for people downloading random keyloggers.
That said, I'm probably one of the rare people that only plays from 1-2 different IPs (home, + work ip to change skills), most people have dynamic ones. Suckers
You may not realize but those "suckers" are a lot more secure thanks to it. Honestly most of people who got static public IP don't need it and it's only causing more security risks.
Recruit me if you dare |
|
Chribba
Otherworld Enterprises
Otherworld Empire
|
Posted - 2010.10.06 08:25:00 -
[27]
Originally by: Valandril
As neat this idea is, most people play from multiple places (and on top of that have dynamic IP numbers) so this would receive very small audience. To be frank if we want to improve security, we are looking in wrong direction. Instead of another mechanisms (that won't stop idiots from getting hacked anyway) we should simply educate people more so they will know that downloading "hotlesbianaction.avi.exe" is not a good idea.
Of course this idea is directed a bit more towards the 'advanced' users than the everyday mass - and as such the idea was suggested as an optional feature for increased security when I first posted it in assembly hall (some years ago).
The basic "do not click hotchick.exe" obviously would need to be a part of the general education, but that just won't cut it - nor will it stop brute force attacks or random attemtps of trying passwords. Hence some sort of external dongle/device/stuff would indeed be a good option, and/or additionally features like IP-restrictions.
I'd say an external device generating numbers in some way would be a smart solution - as long as you somehow can link multiple accounts to the same device - for those of us that do not wish to have double-digit number of devices lying next to our keyboard 
/c
Secure 3rd party service | my in-game channel 'Holy Veldspar' |
|
Valandril
Caldari
Ex-Mortis
|
Posted - 2010.10.06 08:33:00 -
[28]
Originally by: Chribba
Originally by: Valandril
As neat this idea is, most people play from multiple places (and on top of that have dynamic IP numbers) so this would receive very small audience. To be frank if we want to improve security, we are looking in wrong direction. Instead of another mechanisms (that won't stop idiots from getting hacked anyway) we should simply educate people more so they will know that downloading "hotlesbianaction.avi.exe" is not a good idea.
Of course this idea is directed a bit more towards the 'advanced' users than the everyday mass - and as such the idea was suggested as an optional feature for increased security when I first posted it in assembly hall (some years ago).
The basic "do not click hotchick.exe" obviously would need to be a part of the general education, but that just won't cut it - nor will it stop brute force attacks or random attemtps of trying passwords. Hence some sort of external dongle/device/stuff would indeed be a good option, and/or additionally features like IP-restrictions.
I'd say an external device generating numbers in some way would be a smart solution - as long as you somehow can link multiple accounts to the same device - for those of us that do not wish to have double-digit number of devices lying next to our keyboard
/c
Now you are swordfishing me. bruteforce is ineffective in online attacks (and easily countered by simple iptables rule) so let's not make this people think that it's an actual threat. And problem with authenticator is that when people get it they think that they are safe and they get less alert and care less coz they think "**** it, i got token - i'm safe!".
Recruit me if you dare |
Private Langvann
|
Posted - 2010.10.25 10:07:00 -
[29]
I am bumping this thread in the name of security.
A few minutes ago, i read on facebook that CCP was STILL having problems with hacked accounts.
if CCP is able to create a GAME, they should be able to create an app for smartphones that can function as an authenticator.
And with all the PLEX that i'm buying, they should be able to afford authenticator devices too.
So WHY havent they started implementating this yet?
All hail the mighty fluffy. The destroyer of worlds! |
HeliosGal
Caldari
|
Posted - 2010.10.25 10:13:00 -
[30]
guess its another layer of programming change passwords often dont visit dodgy sites and youll be fine
|
|
|
|
|
| |
|
| Pages: [1] 2 :: one page |
| First page | Previous page | Next page | Last page |