| Pages: [1] :: one page |
| Author |
Thread Statistics | Show CCP posts - 0 post(s) |

Biron Soringard
THE SARCASTIC BASTARDS. The Enheduanni
0
|
Posted - 2013.04.26 12:40:00 -
[1] - Quote
After watching the Fanfest presentation on 3rd Party application development, there was a lot of suggestions and ideas about the embedded browser controls in returns to phishing attempt.
Instead of having the user use their actual account password, allow the user to set a 3rd party password that is the password used for 3rd party apps to authenticate the user. The account holder must still enter his/her password on the EVE Online Account Management site to set this password, but the account password is not passed into the application in any way.
Thoughts?
(If this is in the wrong section, my apologies, I'm not one who usually posts in these parts of towns.) |

Steve Ronuken
Fuzzwork Enterprises
1328
|
Posted - 2013.04.26 12:52:00 -
[2] - Quote
That's one way to handle it.
The /proper/ way to do it is to register a custom protocol handler, and use a native browser. The custom protocol handler will throw you back to your own application.
At that point, a remembered password works.
But the ability to have multiple passwords assigned to an account isn't a /bad/ idea
Steve Ronuken for CSM 8 Handy tools and SDE conversions Twitter: @fuzzysteve on Twitter |

Manhim
Cyan Ventures
2
|
Posted - 2013.04.26 19:02:00 -
[3] - Quote
Whilst it's a good way and of good means, I think that most users will just forget about this password since you don't have to use it this often.
The best way to protect yourself against that it's not to use shady applications and only look/install applications you can trust. 2-steps verification are another thing to protect yourself against, but again, even that wouldn't protect you against phishing since they can just use that code you gave them and use a bot or something to grab all your stuff from eve.
Another thing I've had seen done in times before OAuth was to go on the website, generate a token and send the username and token to the app yourself. But that's just getting back to the XML api. |
| |
|
| Pages: [1] :: one page |
| First page | Previous page | Next page | Last page |