|
Author |
Thread Statistics | Show CCP posts - 1 post(s) |
De'Veldrin
Minmatar Green-Core The Obsidian Legion
|
Posted - 2010.11.30 14:12:00 -
[1]
Edited by: De''Veldrin on 30/11/2010 14:13:02
Originally by: Mara Rinn Just be aware that RSA tokens are not a silver bullet solution. They are still vulnerable to "man in the middle" attacks: i.e.: a keylogger intercepting your keystrokes and transmitting them to someone else (e.g.: software residing in some zombie network) in real time, so they can log into your account before you can.
While this is true, because of the way Eve's login structure works, you would then immediately log them out because last one with the right password wins (try it - I do this to myself all the time. Log in with your client, then open a second copy and log in the same account - first window goes poof!).
While this is also not a silver bullet (they could send their login after yours should be completed) you would then have a visual cue that something is amiss, and could do something about it much faster. Edit: Remember - they only have a MAX of 60 seconds to use the purloined information - after that the RSA token updates, and the stolen code is no good anymore.
That said, I have always supported optional RSA tokens for eve as a way to cut down on account hacks. Those who want to participate can, those who don't, don't have to. I'd even be willing to pay a $25 or $30 one time fee for the token setup. (PLEX for RSA anyone?) --Vel
|
De'Veldrin
Minmatar Green-Core The Obsidian Legion
|
Posted - 2010.11.30 20:31:00 -
[2]
Originally by: Valandril This provides only false sense of security ...
The same could be said about passwords really. The only form of fool proof computer security is to never use one for anything.
Ever.
This isn't about making accounts unhackable - that's impossible. This is about making them less easily hacked, and that is exactly what it will do.
As for the cost efficiency thing, I'd be curious to know how long ago CCP looked at it and what the relative costs would be now as compared to then given the (presumably) expanding player base. --Vel
|
De'Veldrin
Minmatar Green-Core The Obsidian Legion
|
Posted - 2010.11.30 22:56:00 -
[3]
Originally by: Valandril Not really, external firewall and common sense fills all your security needs (if set up properly).
Because firewalls never get hacked and information stolen.
--Vel
|
De'Veldrin
Minmatar Green-Core The Obsidian Legion
|
Posted - 2010.11.30 23:33:00 -
[4]
Originally by: Valandril
Originally by: De'Veldrin
Originally by: Valandril Not really, external firewall and common sense fills all your security needs (if set up properly).
Because firewalls never get hacked and information stolen.
Keep on talking more bull****. Do you have any idea what resources it would take just to get access to said firewall (in home you don't need public IP) ? Stop watching swordfish
I'm not the one implying that a firewall is some kind of impenetrable forcefield of Internet protection. --Vel
|
De'Veldrin
Minmatar Green-Core The Obsidian Legion
|
Posted - 2010.12.01 16:43:00 -
[5]
Originally by: Medarr Edited by: Medarr on 01/12/2010 15:09:38
Originally by: Valandril Not really, external firewall and common sense fills all your security needs (if set up properly). And using 2nd password doesn't give you ANY protection vs trojans which is the leading cause of hacs.
This is by far the biggest load of bull**** ive ever seen.. carefull you dont drown in it.
Also please refrain from posting such nonsence. You put other less educated people at risk with your false claims.
Originally by: Lorelei Lee
....while the overdedicated among us get professional firewalls and switch to Linux.
And linux doesnt have a ****load of remote exploits? or mac for that mather?
I will reiterate my previous point - and Mara's as well - this is not and should not be considered a bullet proof solution. But it does make your account MORE secure (note, I do not say completely secure, and never have). It's a tool - one tool - that when combined with the other tools we already have (strong passwords, not being a dumbass, etc) help better protect your game account from being hacked.
It is possible to protect your account without the use of an RSA token. Having one just makes it easier. --Vel
|
De'Veldrin
Minmatar Green-Core The Obsidian Legion
|
Posted - 2010.12.02 01:14:00 -
[6]
Originally by: Lorelei Lee I suspect physical tokens don't need to be shipped from the EVE Store, because any RSA office can issue them. Perhaps that's what Enst Smath called drop-shipping.
However, if such a service cost ú150 per year, I would have to pass. I think $75..100 is the most I would be willing to pay.
And that may be what CCP meant by not economically feasible. The price they would have to charge us would be so high, they knew no one would go for it. Because you're right, I damned sure wouldn't pay that much for it. It is just a game after all.
I'd like to see CCP crunch the numbers on this again and give us an honest estimate of the costs we, as players would have to pay, per token per year (under the assumption that you could use one token for multiple accounts). If it's a reasonable number (and I think $35-50 is probably at the upper end of reasonable) or an equivalent number of Plexes I think they'd get a lot of takers. --Vel
I'm more of a care-badger. |
|
|
|