| Pages: [1] :: one page |
| Author |
Thread Statistics | Show CCP posts - 0 post(s) |
Zirator
Evoke.
Ev0ke
2
   |
Posted - 2011.11.13 07:20:00 -
[1] - Quote
I've brought this up a long while ago in a blog relating account security and I'm bringing it up again here.
I'm currently looking around for a new character and I've allready spend some time in the character bazaar. However there is one thing that still holds me back from buying. And that is the fact that I have to give up my login name to the seller. To me my login is just as secret as my password and I think it's not smart to hand out one piece of the puzzle to someone that I don't know.
My proposal that under account management an option is created for the buyer to generate a unique code, or as an alternative an unique code that is not your login can be found there. This code will then be passed on to the seller and instead of using the login he will use this unique code to send the character to the buyers account.
I hope that CCP can implement this and that the CSM can put this on their agenda.
With all the fixes CCP is pushing out this is one could use some attention as well. |
uglybass
awejfawejfoiergnsnembrg
5
|
Posted - 2011.11.15 13:58:00 -
[2] - Quote
Yup,
Also emails are broken cos other people can see my email address when i send stuff.
my router ip is shown when I browse the net.
and my Linux admin is called 'root'
thats why you need enough complexity in passwords... |
Lykouleon
Wildly Inappropriate
Goonswarm Federation
330
|
Posted - 2011.11.15 20:47:00 -
[3] - Quote
If you're using an industy-standard password, giving out your login name shouldn't be an issue at all.
Now, if your password is "12345678", you may have a reason to be worried.
Lykouleon > CYNO ME CLOSER SO I CAN HIT THEM WITH MY SWORD
WIdot Director of Quality Control and Ironically Signing My Title to Posts To Make People ~mad~ |
Feligast
GoonWaffe
Goonswarm Federation
369
|
Posted - 2011.11.15 20:59:00 -
[4] - Quote
Lykouleon wrote:If you're using an industy-standard password, giving out your login name shouldn't be an issue at all.
Now, if your password is "12345678", you may have a reason to be worried.
Dammit, now I need to change it. THANKS A LOT ****.
|
Velicitia
Open Designs
91
|
Posted - 2011.11.15 21:01:00 -
[5] - Quote
Lykouleon wrote:If you're using an industy-standard password, giving out your login name shouldn't be an issue at all.
Now, if your password is "12345678", you may have a reason to be worried.
hey ... that's the same combination as my luggage... |
Drake Draconis
Shadow Cadre
Shadow Confederation
115
|
Posted - 2011.11.15 21:18:00 -
[6] - Quote
Velicitia wrote:Lykouleon wrote:If you're using an industy-standard password, giving out your login name shouldn't be an issue at all.
Now, if your password is "12345678", you may have a reason to be worried. hey ... that's the same combination as my luggage...
The Schwartz is weak in this one.....
but agreed.... security for account buying/selling should be buffed. |
FloppieTheBanjoClown
The Skunkworks
Petition Blizzard
319
|
Posted - 2011.11.15 23:24:00 -
[7] - Quote
I can get behind this. I see no reason to compromise security if it can be avoided. |
Mara Rinn
Cosmic Industrial Complex
Cosmic Consortium
290
|
Posted - 2011.11.16 22:24:00 -
[8] - Quote
uglybass wrote:Also emails are broken cos other people can see my email address when i send stuff.
Security is like an onion. No, not because it smells or looks like an ogre, but because it involves layers. One simple layer of security is to ensure that people's email addresses are not the same as their account name.
One principle of security is, "least privilege". That is, don't give people privileges or information they don't need. Since you don't really need the account name to sell someone a character, that information is excess to requirements.
Here's an example of how it could work:
- I want to sell a character, to I start a character sale ticket (or "charter" for short).
- You want to buy my character, so you bid on the charter and nominate an account for the character to be transferred to (this information is held in the charter system, not revealed to the seller)
- I accept your bid (or your bid is the highest above reserve price at the conclusion of the auction period)
- The system transfers the character based on you winning the charter auction
Thus the only information revealed by the system relates exclusively to the character for sale.
At present the risk is minimal, assuming the people involved have decently strong passwords. In the future the risk will be slightly lower due to the use of the token generators. A charter system as described will help smooth out the process though.
|
Shaidar Hussan
Uncontrollable Violence
Rage Alliance
12
|
Posted - 2011.11.17 08:32:00 -
[9] - Quote
Lykouleon wrote:If you're using an industy-standard password.
Industry standard? I sure am, my password is "password" and it's stuck to my screen on a post-it. |
Katarina Reid
Deep Core Mining Inc.
Caldari State
43
|
Posted - 2011.11.17 12:33:00 -
[10] - Quote
what about using account api id's? or generate a unique key. |
| |
|
| Pages: [1] :: one page |
| First page | Previous page | Next page | Last page |