Pages: [1] 2 3 4 5 6 :: one page |
|
Author |
Thread Statistics | Show CCP posts - 27 post(s) |
|
CCP Zymurgist
Gallente C C P
|
Posted - 2010.11.19 17:10:00 -
[1]
CCP Sreegs is here to help you protect your account. Read all about account security and what you can do to protect yourself here.
Zymurgist Community Representative CCP Hf, EVE Online Contact Us |
|
|
CCP Navigator
C C P C C P Alliance
|
Posted - 2010.11.19 17:17:00 -
[2]
Just a friendly reminder that your replies should be on topic and in relation to the blog. Spam replies will be deleted.
Navigator Senior Community Representative CCP Hf, EVE Online
|
|
Tiruriku
|
Posted - 2010.11.19 17:25:00 -
[3]
Good suggestions. I always enjoy CCP's writing style.
With regards to changing your password regularly one thing I always suggest to people is using a password manager like KeePass. This is especially prudent when advised to use a different password for every website as that becomes impossible to remember everything.
Many EVE players also use multiple accounts and it makes sense to use different passwords for each account. Why use 'eve1' when you could use 'kDFxh56Ur6dqEOOdkpYS'?
|
EdFromHumanResources
Caldari GoonWaffe Goonswarm Federation
|
Posted - 2010.11.19 17:33:00 -
[4]
:condi: to DJ. The "name challenge" method is a direct discouragement for returning players.
Scenario: You talk your friend into picking up Eve again after a few years away(This makes you a bad friend but that's besides the point) Your friend tries to log in to reactive his account, he cannot because he does not remember his character name. Instead of petitioning and waiting a week to get this sorted he says "**** it" and goes to play something else.
Perhaps offering people the OPTION of this name challenge or perhaps an option to email the primary email a list of characters on the account should be in order.
This method also sucks for those of us with ****ty memories and too damn many accounts with similarly named characters on them when we are trying to reactive them.
|
Dav Varan
|
Posted - 2010.11.19 17:36:00 -
[5]
PERMA BAN PEOPLE WHO SUPPORT RMT.
People who buy isk from RMT'rs are the root cause of account theft.
No customers to sell isk too for $ = No point in stealing account info.
Scare people away from RMT by promising them if they are caught ALL there accounts will be deleted and they will be permanently banned from EVE.
|
|
CCP Sreegs
C C P C C P Alliance
|
Posted - 2010.11.19 17:40:00 -
[6]
Originally by: EdFromHumanResources :condi: to DJ. The "name challenge" method is a direct discouragement for returning players.
Scenario: You talk your friend into picking up Eve again after a few years away(This makes you a bad friend but that's besides the point) Your friend tries to log in to reactive his account, he cannot because he does not remember his character name. Instead of petitioning and waiting a week to get this sorted he says "**** it" and goes to play something else.
Perhaps offering people the OPTION of this name challenge or perhaps an option to email the primary email a list of characters on the account should be in order.
This method also sucks for those of us with ****ty memories and too damn many accounts with similarly named characters on them when we are trying to reactive them.
Most security measures bring with them some additional amount of work to gain access to whatever it is you're trying to access. That's just the nature of the beast. The general idea is to try to implement measures that both increase security while minimizing the size of the obstacle. The name challenge, when introduced, was extremely effective in reducing the number of hacked accounts.
While I understand that it can add some complexity for people, I think they'd be a lot more upset if they came back and all their stuff was gone. We're in a constant state of exploring solutions to this particular issue (hacking) and there may come a point in the future where the name challenge isn't necessary any more, but for now it is a necessary evil. |
|
BenjaminBarker
|
Posted - 2010.11.19 17:44:00 -
[7]
Does this mean we're never getting keyfob tokens for account security? |
|
CCP Sreegs
C C P C C P Alliance
|
Posted - 2010.11.19 17:46:00 -
[8]
Originally by: BenjaminBarker Does this mean we're never getting keyfob tokens for account security?
No this does not mean that. |
|
shortspecialbus
GoonWaffe Goonswarm Federation
|
Posted - 2010.11.19 17:47:00 -
[9]
Is it a good idea to set complex passwords based on our favorite consumables such as wasabi and/or soy sauce?
|
Khefron
GoonWaffe Goonswarm Federation
|
Posted - 2010.11.19 17:49:00 -
[10]
Tell us how you arrived at that magical name "CCP Sreegs". |
|
Cid Mutation
|
Posted - 2010.11.19 17:49:00 -
[11]
One thing I would like is to be able to not only change my password but also my ID. I know it's my account ID but I think it should be deferent. Give customer a number and link that number to the current ID.
Also when you guy found out about site being hacks you should post and tell people that if they visited those they should do a scan and change there pw like now.
And thanks for the sandbox thing :D.
|
Tamyris
|
Posted - 2010.11.19 17:50:00 -
[12]
Re: changing passwords and whatnot
Maybe, for simplicity, there should be a "generate random password" or "generate secure password" button in the accounts section? Not everyone will have a link to a secure password generator handy. If you want to hold users hands even more, whip something up that'll take a phrase and turn it in to a secure password ("I suck at eve" -> "1sU(k@3vE") in a pseudo-random fashion (yes, it's predictable if you know the input and algorythm).
|
Virtuozzo
Against ALL Authorities
|
Posted - 2010.11.19 17:51:00 -
[13]
Originally by: Khefron Tell us how you arrived at that magical name "CCP Sreegs".
≡v≡ once was about internet spaceships. Then those became serious business. Now all that's left, serious business, and spaceships are docked for two years till after the Dust of Incarna. |
Niccolado Starwalker
Gallente Shadow Templars
|
Posted - 2010.11.19 17:55:00 -
[14]
Edited by: Niccolado Starwalker on 19/11/2010 17:56:08
Originally by: CCP Zymurgist CCP Sreegs is here to help you protect your account. Read all about account security and what you can do to protect yourself here.
Good post.
But please answer me this question I have been asking for ages with so many others from these forums:
Why dont you offer login tokens?????
It give an extra additional layer, by giving the player a unique login code each time. That way account sharing turns difficult and if a keylogger cathes the login it wont help!
Most players who stay with EVE do so fanatically. Like me, I am 5 years behind me in EVE on 3. of december, and would without hesitation invest in a login token!
The question have gone unanswered from what I can see. Now dear CCP Sreegs! Please tell us if this might be or might not be possible! Tell us you are thinking of it! Or at least give us your toughts about the matter! It have been so quiet about this! But with this devpost and all, please! Share your toughts about this!!!
:BEGS:
Originally by: Dianabolic Your tears are absolutely divine, like a fine fine wine, rolling down your cheeks until they flow down the river of LOL. |
Webb Mordock
GoonWaffe Goonswarm Federation
|
Posted - 2010.11.19 17:58:00 -
[15]
Originally by: CCP Zymurgist CCP Sreegs is here
...
|
Mynxee
|
Posted - 2010.11.19 18:02:00 -
[16]
Good info. The name challenge is a small effort considering its value for enhanced security--glad to hear it has been a big help in cutting down on hacked accounts. I'll keep that in mind the next time I grumble at it being presented when I'm trying to log in to the forums from a mobile device.
Life In Low Sec |
Twigand Berries
Caldari GoonWaffe Goonswarm Federation
|
Posted - 2010.11.19 18:02:00 -
[17]
i left my account open on a public computer in new jersey
what do i do?
|
Arrgthepirate
GoonWaffe Goonswarm Federation
|
Posted - 2010.11.19 18:02:00 -
[18]
Edited by: Arrgthepirate on 19/11/2010 18:03:25 Good blog.
|
Rustpunk
Ghost Festival
|
Posted - 2010.11.19 18:05:00 -
[19]
I'd pay real money (say about equivalent to one month of a full-price sub) for an authentication token like WoW uses. Although my WoW token is free because I have it on my Droid phone rather than a keyfob...
(RL infosec geek and incident responder) ---
|
Makurid
|
Posted - 2010.11.19 18:08:00 -
[20]
Originally by: CCP Sreegs
Most security measures bring with them some additional amount of work to gain access to whatever it is you're trying to access. That's just the nature of the beast. The general idea is to try to implement measures that both increase security while minimizing the size of the obstacle. The name challenge, when introduced, was extremely effective in reducing the number of hacked accounts.
While I understand that it can add some complexity for people, I think they'd be a lot more upset if they came back and all their stuff was gone. We're in a constant state of exploring solutions to this particular issue (hacking) and there may come a point in the future where the name challenge isn't necessary any more, but for now it is a necessary evil.
Just wondering how this helps the security if I can just log into EVE Gate and get a list of my characters without having to answer the challenge.
|
|
EdFromHumanResources
Caldari GoonWaffe Goonswarm Federation
|
Posted - 2010.11.19 18:12:00 -
[21]
Originally by: Makurid
Originally by: CCP Sreegs
Most security measures bring with them some additional amount of work to gain access to whatever it is you're trying to access. That's just the nature of the beast. The general idea is to try to implement measures that both increase security while minimizing the size of the obstacle. The name challenge, when introduced, was extremely effective in reducing the number of hacked accounts.
While I understand that it can add some complexity for people, I think they'd be a lot more upset if they came back and all their stuff was gone. We're in a constant state of exploring solutions to this particular issue (hacking) and there may come a point in the future where the name challenge isn't necessary any more, but for now it is a necessary evil.
Just wondering how this helps the security if I can just log into EVE Gate and get a list of my characters without having to answer the challenge.
Haha, this actually works but only for subbed accounts.
|
Ci Seepy
Amarr
|
Posted - 2010.11.19 18:13:00 -
[22]
So I'm guessing its a bad thing that I've never once changed my passwords since I started playing. |
Vincent Athena
|
Posted - 2010.11.19 18:19:00 -
[23]
Originally by: Twigand Berries i left my account open on a public computer in new jersey
what do i do?
The client? Log in on another computer. That will force log out the one you forgot to log out.
|
Breaker77
Gallente Reclamation Industries
|
Posted - 2010.11.19 18:21:00 -
[24]
We still need seperate ID's for the forums.
Hey look I have a wireless signal here, checks the forums, oh I should reply to this, oh wait my account ID/PW was sniffed
|
Jengi Gotsen
Gallente BlackSite Prophecy
|
Posted - 2010.11.19 18:25:00 -
[25]
Is EvE looking into external tools (authenticating keyfobs) to keep players more secure? Are there any excessive technical hurdles that would need to be overcome to make their use a reality? WoW currently has two separate tools for authenticating and verifying identities when logging in, the authenticator keyfobs / mobile authenticators available on smart phones, as the new system whereby a phone call is made when your account is logged in from an unusual place to verify you are the one logging in.
Do you feel that EvE is falling behind the industry in that way? I understand it's hard to place WoW and EvE in the same light in terms of game play, but in security measures aren't all games equal? I would say that a single-shard system where in-game currency can be converted into actual game time, security is paramount.
You mention the name challenge feature. That's great, except for the part where I don't recall seeing that on the login screen. I'm a little more nervous about someone stealing my isk than ****posting in C&P or checking out my easily changeable API key. Are there any plans to make the name challenge show up on the login screen?
|
Cid Mutation
|
Posted - 2010.11.19 18:25:00 -
[26]
^^^^ this
|
Ariz Black
|
Posted - 2010.11.19 18:27:00 -
[27]
i tried to change my password and it wouldn't let me because it said i don't have capital letters in it. ironically i was trying to make it more secure by adding numbers to an already random collection of letters. stuff like this is taking it 'too far' because you shouldn't *force* people to explicitly have to hit extra keystrokes to log in when it's something they likely do 2000+ times a year (think about eve website, ingame, evegate, etc)
|
Kragaar
|
Posted - 2010.11.19 18:30:00 -
[28]
Is there going to be a new way to transfer characters between accounts aside from providing your email and account name so that "bad people" don't have a starting point to compromise your account?
|
|
CCP Sreegs
C C P C C P Alliance
|
Posted - 2010.11.19 18:35:00 -
[29]
Originally by: Cid Mutation One thing I would like is to be able to not only change my password but also my ID. I know it's my account ID but I think it should be deferent. Give customer a number and link that number to the current ID.
Also when you guy found out about site being hacks you should post and tell people that if they visited those they should do a scan and change there pw like now.
And thanks for the sandbox thing :D.
I can't really speak to our capability to change usernames, though it will go on the list of items to consider. I CAN however speak to your second point. The Community Team actually DOES keep a running list of known bad sites in a sticky at the top of General Discussion which I will link HERE.
Also, you're welcome |
|
Squizz Caphinator
Executive Intervention Controlled Chaos
|
Posted - 2010.11.19 18:40:00 -
[30]
This blog post should be required reading for all new accounts. Then followed by a test that's fill in the blank. Should they fail the test or opt out, they can still register but have their subscription rate tripled. This way, when they inevitably give out their account information CCP's cost to recoup the account to it's former status is covered.
Hey, one can dream right? :) -- ESAM: SMF API Integration
EDK3 Augmented Banner Mod |
|
|
|
|
Pages: [1] 2 3 4 5 6 :: one page |
First page | Previous page | Next page | Last page |