Pages: [1] :: one page |
|
Author |
Thread Statistics | Show CCP posts - 0 post(s) |
Rebecha Pucontis
Tribal Liberation Force Minmatar Republic
372
|
Posted - 2013.05.29 11:30:00 -
[1] - Quote
I just wondered if anyone knows of any plans to make it so the launcher saves our passwords? |
Zak Breen
Aliastra
45
|
Posted - 2013.05.29 13:00:00 -
[2] - Quote
Too many security issues imo.
For those of you with many alts I can see how it is a pain, though. (and for those of us, like myself, with random letters and numbers for their passwords ) Maturity, one discovers, has everything to do with the acceptance of not knowing. |
J3ssica Alba
Federal Navy Academy Gallente Federation
780
|
Posted - 2013.05.29 13:08:00 -
[3] - Quote
I would more like to see a right-click -> paste functionality added .. using ctrl-v is annoying This is my signature. There are many others like it, but this one is mine.-á Without me, my signature is useless. Without my signature, I am useless |
|
Chribba
Otherworld Enterprises Otherworld Empire
8451
|
Posted - 2013.05.29 13:12:00 -
[4] - Quote
There's 3rd party launchers that kicks the official ones butt any day (minus patching) they can save pw and such. There's eve-mlp which you can check through the source yourself and use.
I wrote my own to fit my needs, no more typing, and I can be lazy enough to launch my clients from my cellphone
/c
|
|
Sarmatiko
1159
|
Posted - 2013.05.29 13:37:00 -
[5] - Quote
Zak Breen wrote:Too many security issues imo.
So you saying that saving your account login\password in browser (which stores passwords in simple sqlite database) for instant EVE-O forum access is already totally secure? Why do we even have "Keep Me Logged In" checkbox in Evegate if local password storages are so "unsecure"?
I like the part that we need to use 3rd party tools to store our EVE passwords, instead of getting secured solution directly from CCP. -¥ |
Azami Nevinyrall
Carbon Circle Tactical Narcotics Team
875
|
Posted - 2013.05.29 13:41:00 -
[6] - Quote
I'd prefer if the launcher saves my passwords.
Less chance that a key logger will snap it up.
Also, I'm guessing that most of us allows our browsers to save passwords. Even though they have the most security loopholes in any program on your desktop. So there shouldn't be an issue with allowing a secure program saving your passwords that the operator already has. I'm not entirely clear on the point of this, but I do have a sudden urge to jump in a catalyst and blow up a miner. Twitter! - @AzamiNevinyrall I'm half expecting a ban for this post. |
marVLs
163
|
Posted - 2013.05.29 13:47:00 -
[7] - Quote
want it now |
Zak Breen
Aliastra
46
|
Posted - 2013.05.29 13:48:00 -
[8] - Quote
Sarmatiko wrote:Zak Breen wrote:Too many security issues imo. So you saying that saving your account login\password in browser (which stores passwords in simple sqlite database) for instant EVE-O forum access is already totally secure? Why do we even have "Keep Me Logged In" checkbox in Evegate if local password storages are so "unsecure"? I like the part that we need to use 3rd party tools to store our EVE passwords, instead of getting secured solution directly from CCP.
Nope, nothing is totally secure. Saving passwords is a convenience and is not a necessity. Maturity, one discovers, has everything to do with the acceptance of not knowing. |
Sarmatiko
1159
|
Posted - 2013.05.29 13:55:00 -
[9] - Quote
Zak Breen wrote:Saving passwords is a convenience and is not a necessity. Having option to save password is better than having nothing. Security Team washing their hands of problem with phrase "we wont implement this because there is security concerns" will just push players to use 3rd party tools, hence creating even more insecure environment. -¥ |
Ge Hucel-Ge
University of Caille Gallente Federation
7
|
Posted - 2013.05.29 13:57:00 -
[10] - Quote
most people use the same client on the same pc for the most time. it would be nice to register the pc with the eve-account, so that you don't need the password anymore on that pc. |
|
Private Pineapple
Anquer Quare
344
|
Posted - 2013.05.29 15:28:00 -
[11] - Quote
Ge Hucel-Ge wrote:most people use the same client on the same pc for the most time. it would be nice to register the pc with the eve-account, so that you don't need the password anymore on that pc.
This is done in some places, but usually on a networking level. I like this idea though hackers could spoof their PC to seem like yours. This idea is actually less secure on the "save password" option as to hack that part would require some sort of malware on your actual computer to hijack whatever encrypted file is stored with that password (this happens a lot with Internet cookies, cookies are one of the causes of so many facebook account hijackings).
TLDR: Save password requires a hacker to actually get malware on your computer, which can be hard. Registering your PC simply makes them only need to act as if they are you, which requires hacking the modem itself or blocking the connection between the modem and the EVE Online server and then pretending to be you - sort of like packet sniffers.
Source: Educated guesses as a programmer. I am not in computer security. I am the Kingpin of the Crime and Punishment forum.
I am the rightful heir to the CSM 8 throne.
|
MailDeadDrop
Rage and Terror Against ALL Authorities
190
|
Posted - 2013.05.29 16:41:00 -
[12] - Quote
Zak Breen wrote:Too many security issues imo.
Sarmatiko wrote:Why do we even have "Keep Me Logged In" checkbox in Evegate if local password storages are so "unsecure"? Security is a deeply complicated subject, and one which people frequently get wrong. For example, Sarmatiko is conflating the "Keep Me Logged In" checkbox with the idea that the browser is keeping your website userid and password. I don't have CCP code in front of me, but having done that exact thing myself (the "Keep Me Logged In" setting) I have some experience.
Usually the browser has an encrypted session cookie which is passed to the website to identify the user. That encrypted cookie is just a long string of random looking characters and doesn't mean anything special to the browser. The website takes the user credentials when they login (userid and password), generates the encrypted cookie, and returns it to the browser. That cookie is then returned to the website with every follow-up action by the browser. Normally the cookie is a "session" cookie, meaning the browser keeps it in memory, but once the browser quits *poof* that cookie is forgotten. The "Keep Me Looged In" setting causes the website to mark the cookie as a "persistent" cookie (with an expiration date in the future) which the browser writes into some local storage area (file, registry, etc.) So when the browser starts in the future, that encrypted cookie is sent back to the website (making you be logged in).
The important part of the above is the browser isn't storing the userid and password. It is storing that encrypted cookie. Hopefully the website developer uses good security practices (like using a strong encryption method), so that if you lose control of that cookie (PC is hacked) the worst possible outcome is that someone could masquerade as you on the website. There are a variety of methods to make even that outcome more limited.
Zak Breen is correct: storing credentials (userid and password) is a very risky process that must be carefully considered. I'm not surprised that CCP is leery of tackling that concept.
MDD |
Sarmatiko
1163
|
Posted - 2013.05.29 17:16:00 -
[13] - Quote
MailDeadDrop wrote:so that if you lose control of that cookie (PC is hacked) the worst possible outcome is that someone could masquerade as you on the website If your PC is hacked, then EVE Online credentials will be the last thing to worry about.
I repeat once again - alternative tools with password storage and AES storage encryption are already here. Now it's only matter of time when new variations will come out to compensate poor implementation of official launcher. So CCP can ignore this, creating stupid situation when users will rely their security on 3rd party, or they can implement official password storage and handle situation properly.
Also "security risks" buzz talk is not very convincing, because EVE Online still don't have standard features like email or mobile\sms authentication. -¥ |
Rebecha Pucontis
Tribal Liberation Force Minmatar Republic
372
|
Posted - 2013.05.29 17:25:00 -
[14] - Quote
Chribba wrote:There's 3rd party launchers that kicks the official ones butt any day (minus patching) they can save pw and such. There's eve-mlp which you can check through the source yourself and use. I wrote my own to fit my needs, no more typing, and I can be lazy enough to launch my clients from my cellphone /c Thanks Chribba, but as others suggested I would only trust my account details to official CCP certified software. Or official Chribba certified software. :) |
Rebecha Pucontis
Tribal Liberation Force Minmatar Republic
372
|
Posted - 2013.05.29 17:30:00 -
[15] - Quote
I don't have much programming knowledge, but it seems you can save password already for many applications. The golden rule is to only save passwords on computers which you know only yourself and other trusted individuals have access too.
To those that are absent minded enough to save their details on a third party public computer, then the motto "eve has consequences" and "deal with it" comes to my mind. :) We shouldn't all be forced to suffer to protect the lowest denominators. |
Mara Villoso
Big Box
89
|
Posted - 2013.05.29 17:32:00 -
[16] - Quote
It almost sounds like no one has noticed the little auto-play checkbox on the launcher. |
Sarmatiko
1164
|
Posted - 2013.05.29 17:42:00 -
[17] - Quote
Mara Villoso wrote:It almost sounds like no one has noticed the little auto-play checkbox on the launcher. It almost sound's like you haven't read the first post at all. -¥ |
Tau Cabalander
Retirement Retreat Working Stiffs
1865
|
Posted - 2013.05.29 18:11:00 -
[18] - Quote
As I suggested in the launcher thread: make the launcher remember all passwords while it is open, and forget them all when it is closed. |
GreenSeed
345
|
Posted - 2013.05.29 18:31:00 -
[19] - Quote
the Planetside 2 launcher saves passwords, but its a different game, where there's no point in having more than one account ( and also that game has a proper character select screen) |
Implying Implications
GoonWaffe Goonswarm Federation
363
|
Posted - 2013.05.29 18:48:00 -
[20] - Quote
I don't use the launcher but I probably would if it would remember passwords.
Other games let you remember passwords and I'm sure a lot of you have your web browser remember your Facebook password or whatever. sÅ»µä¢püòpü»µ¡út+¬püápÇé |
|
|
|
|
Pages: [1] :: one page |
First page | Previous page | Next page | Last page |