| Pages: [1] :: one page |
|
|
| Author |
Thread Statistics | Show CCP posts - 0 post(s) |
Kaya Divine
Gallente
Kittens Factory
   |
Posted - 2010.11.26 08:09:00 -
[1]
The more value of stuff player have in EvE the longer his or hers password is, sometimes its so long and tricky that you need written reminder on what is it... but there are also exceptions.
Password is the only thing which is implemented as precaution against accounts hacks.
I propose another one,
Easy to implement, CCP dudes not need to work hard to implement it, and it would make many, many players happy.
Before I start with explanations, I believe that this shouldn't be mandatory option for all players, you could "attach pin" or not.
If you do it will limit access of you, or someone else to yours assets.
Further elaboration:
PIN protection will cover all your station assets, preventing anyone who is logged as you to:
Transfer ISK from your wallets, personal or corp...
To cancel or put contracts, private or public..
To poke yours science tab.
To even modify your market orders.
To trash, sell, reprocess your items, or ships.
To see your contacts, or notes.
To do any corp stuff which you could do.
Etc...
This prevention will only work for station based resources that you have.
So if evil hacker doesn't know your pin, he will not be able to sniff yours stuff, excluding your ship in space if you did for example log off in space.
You will need to REMEMBER IT.
It will not be secret questions, or answer to you retract your pin,
it can be inserted only 3 times per login, if you made mistake tree times, you will not be able to type it for 24hr period.
You will still be able to train your skills as you wish. Without need to type it in.
It will be based on session, one time entry of your pin, will last as long as you logged in game.
Your pin could be:
A3A4e not only numbers, but also letters and CAPS, so it greatly reduces risk.
And there will be pop-up window for you to insert it, or someone else, when that person wish to do something of above, for example, modify market orders.
Of course risk will always exist, and nothing is perfect defense, but it will hopefully prevent at least some headaches, which sometimes takes ages and wast resources on yours and CCP part to be relieved.
Shoot your shot... |
Kaya Divine
Kittens Factory
|
Posted - 2010.11.26 08:17:00 -
[2]
reserved
Shoot your shot... |
Black Dranzer
|
Posted - 2010.11.26 08:32:00 -
[3]
I'm supporting this because, believe it or not, "stolen account issues" take up a great deal of CS time in most MMOs, and I doubt Eve is any exception. It'd probably save CCP money in the long run because of this.
|
shinaide
|
Posted - 2010.11.26 09:57:00 -
[4]
I think it would be best to just implement a security token ala WoW/FFXI/and many asian MMOs.
|
Davelantor
Caldari
The Hunt
United Front Alliance
|
Posted - 2010.11.26 14:06:00 -
[5]
while we are at it, why not put a extra password that is send to our cellphones, which we have to enter in 60 seconds, every time we perform a transaction ..
Just keep a complex password with a username something other than your character name, or your real name .. and you will be just fine
add a couple of !@#$%^&*() to your password :P
The Hunt |
KurnKuku
|
Posted - 2010.11.26 14:59:00 -
[6]
Edited by: KurnKuku on 26/11/2010 15:03:20
If the hacker got the username and password from a keylogger, they will likely know the pin also.
If they got it from phishing, they would probably as easy convince the user to enter their station pin.
Sorry not supported as it is, but yes account security is a big problem, and perhaps you could expand it into something else.
|
Kaya Divine
Gallente
Kittens Factory
|
Posted - 2010.11.26 15:55:00 -
[7]
 Originally by: shinaide
I think it would be best to just implement a security token ala WoW/FFXI/and many asian MMOs.
Paying extra for additional security!? Why if you can get it for free?
Originally by: KurnKuku
Edited by: KurnKuku on 26/11/2010 15:19:21
If the hacker got the username and password from a keylogger, they will know the pin also.
If they got it from phishing, they would as easy convince the user to enter their station pin.
Sorry not supported as it is, but yes account security is a big problem, and perhaps you could expand it into something else.
I like the Full Tilt Poker image select option, where you have to choose 3 cards you have previously selected from the pack to enter the game...stops keyloggers, however unless the images were generated from a users own PC, would not stop phishing. It also would not stop any recording/remote access software. Perhaps if the biggest hack access is keylogging, something like this might be worth an investment.
Not if you have calculator like box, with numbers and letters moving after each digit clicked (something like on screen keyboard)... Did you clicked on a number, or a letter...no program would be able to detect. Because even if there is programs which can remember position of click (not sure) on that position would be different number or later every time...
Shoot your shot... |
Drake Draconis
Minmatar
Shadow Cadre
Shadow Confederation
|
Posted - 2010.11.26 19:25:00 -
[8]
Edited by: Drake Draconis on 26/11/2010 19:26:19
Add an another password is not going to make it any better or any worse.
Keyloggers still crack that with no problem at all.
Seriously... do you people ever put any effort into thinking about your ideas or do you just toss them around like candy?
As it's been said...physical token would be appropriate but only if its not forced on you.
But IMHO... the only source of the security problem is the human factor... not the computer *not denying that there are some serious flaws but honestly its the user who refuses to take them with any amount of respect of that fear*
Where you go...how you use your computer... your habits... those are what makes you prone to being attacked.
That and making foolish mistakes that people will NEVER admit to doing... such as isk buying... going to sites without checking for validity... using the same user-name/pass on an another area of Internets. List goes on and on and on.
Adding a PIN number won't fix it... its just an another way to get hacked once again.
=========================
CEO of Shadow Cadre
http://www.shadowcadre.com
========================= |
Aineko Macx
|
Posted - 2010.11.26 20:29:00 -
[9]
With that many restriction you would always have to use that extra pin. But since its basically just another password, it would just mean extra inconvenience for the user with little extra protection, because if someone can get your password, also getting your pin is a small step. What you want is authentication by another method or over another channel.
Besides, password and the like are actually a bad security mechanism: You have to reveal the secret every time you use it.
________________________
CCP: Where fixing bugs is a luxury, not an obligation. |
shinaide
|
Posted - 2010.11.27 04:35:00 -
[10]
Originally by: Kaya Divine
Paying extra for additional security!? Why if you can get it for free?
http://us.blizzard.com/support/article.xml?locale=en_US&articleId=31126
There are plenty of ways to implement it. They are dirt cheap to manufacture, enough they could toss them in with boxed copies of the game. Have a mobile option available and there would be no issue.
|
|
|
klyeme
Soft War
|
Posted - 2010.11.27 06:59:00 -
[11]
Originally by: Kaya Divine
Not if you have calculator like box, with numbers and letters moving after each digit clicked (something like on screen keyboard)... Did you clicked on a number, or a letter...no program would be able to detect. Because even if there is programs which can remember position of click (not sure) on that position would be different number or later every time...
Where have I seen that before...
Oh, and I am sure someone could build a program to detect it.
Maybe they could give you an account key that you load onto a flash drive (everyone has one). The key would be different for each account (duh?) and it would be optional to supplement your password. You could load multiple keys onto the same flash drive, but you would need to specify which key is for the account.
|
Monkey M3n
The Wretched.
|
Posted - 2010.11.27 07:18:00 -
[12]
ccp should just ban anyone who's account gets hacked because they got hacked trying to download hacks that were infected by hacks that hackers made.
tl;dr
People who's account's get 'hacked' are ******ed
|
Werawulf
|
Posted - 2010.11.27 20:02:00 -
[13]
I have neough trouble remembering the passwords for all my accounts...please dont make me remember another |
Kaya Divine
Gallente
Kittens Factory
|
Posted - 2010.12.05 02:06:00 -
[14]
Originally by: klyeme
Originally by: Kaya Divine
Not if you have calculator like box, with numbers and letters moving after each digit clicked (something like on screen keyboard)... Did you clicked on a number, or a letter...no program would be able to detect. Because even if there is programs which can remember position of click (not sure) on that position would be different number or later every time...
Where have I seen that before...
Oh, and I am sure someone could build a program to detect it.
Maybe they could give you an account key that you load onto a flash drive (everyone has one). The key would be different for each account (duh?) and it would be optional to supplement your password. You could load multiple keys onto the same flash drive, but you would need to specify which key is for the account.
You could see in many online games, to name only few RuneScape and Maplestory.
Also that WoW option is also implementable...why not have as many safety precatutions as we could? Hmmm...
For those who dont read, you dont need, or to say more exactly, you will not need to use any of extra safety functions, but if you wanted you could.
Shoot your shot... |
Kaya Divine
Gallente
Kittens Factory
|
Posted - 2010.12.05 17:37:00 -
[15]
Originally by: Werawulf
I have neough trouble remembering the passwords for all my accounts...please dont make me remember another
As I said before, you wouldn't need to implement any of extra safety functions if you dont want.
Shoot your shot... |
Kaya Divine
Gallente
Kittens Factory
|
Posted - 2010.12.06 01:53:00 -
[16]
Originally by: Monkey M3n
ccp should just ban anyone who's account gets hacked because they got hacked trying to download hacks that were infected by hacks that hackers made.
tl;dr
People who's account's get 'hacked' are ******ed
Or maybe they are well known people, with resources and affluence in EvE which are targeted by more hackers, not to mention that when you know something about person in RL you can possibly deduct what would they put as password, which was used and abused in EvE.
Shoot your shot... |
IceWolfDW
|
Posted - 2011.01.02 03:15:00 -
[17]
I support the implementation of the authenticator assuming that you can register it with multiple accounts. I have used these in the past and it helps a lot. The main issue that i can foresee is a lot of us create our accounts here on the Eve Online site and thus don't have a hard printout of anything that is individualistic (ex. a product key) so that if you loose your authenticator (or misplace it) where CCP would be able to verify that you are the appropriate individual that has legal custody of the account.
IceWolfDW
Mining and Support Operations
|
|
|
| |
|
| Pages: [1] :: one page |
| First page | Previous page | Next page | Last page |