Pages: [1] 2 3 4 :: one page |
|
Author |
Thread Statistics | Show CCP posts - 3 post(s) |
|
CCP Logibro
C C P C C P Alliance
869
|
Posted - 2015.04.24 15:49:47 -
[1] - Quote
After much work from CCP Ghostrider and friends, we are finally able to announce the roll-out of Two-Factor Authentication for Account management and our SSO service. Anyone wanting to keep their account secure should take a look at the latest dev blog for more details on how it works, and how to get it working on your accounts.
CCP Logibro // EVE Universe Community Team // Distributor of Nanites // Patron Saint of Logistics
@CCP_Logibro
|
|
|
Chribba
Otherworld Enterprises Otherworld Empire
14276
|
Posted - 2015.04.24 16:08:03 -
[2] - Quote
Man I wish we could have optional IP-restrictions as a choice over 2FA. But this is a good start, and not a day too late.
edit/also, what about not using the launcher but the client directly? what will happen there? - Found it by READING!
So... no 2FA if you use the client lol not much of security until you get around to fix that then. Do it quickly!
/c
GÿàGÿàGÿà Secure 3rd party service GÿàGÿàGÿà
Visit my in-game channel 'Holy Veldspar'
Twitter @Chribba
|
|
Aryth
GoonWaffe Goonswarm Federation
1717
|
Posted - 2015.04.24 16:18:33 -
[3] - Quote
I really want to use this...but being able to bypass it is a deal breaker. ETA on that being fixed?
Leader of the Goonswarm Economic Warfare Cabal.
Creator of Burn Jita
Vile Rat: You're the greatest sociopath that has ever played eve.
|
Vincent Athena
V.I.C.E.
3328
|
Posted - 2015.04.24 16:21:38 -
[4] - Quote
Typo:
"Where two factors are needed two log in"
Know a Frozen fan? Check this out
Frozen fanfiction
|
EvilweaselSA
GoonWaffe Goonswarm Federation
1062
|
Posted - 2015.04.24 16:22:42 -
[5] - Quote
yeah i gotta say, "two factor authentication, unless you're up to no good and know how to trivially bypass it in which case one factor is fine" is not really doing it for me
like, why on earth would i seriously inconvenience myself when anyone stealing my password won't be inconvenienced at all |
Abla Tive
94
|
Posted - 2015.04.24 16:37:31 -
[6] - Quote
A welcome improvement, even though it is only psuedo two factor authentication.
|
Literally Space Moses
GoonWaffe Goonswarm Federation
166
|
Posted - 2015.04.24 16:48:27 -
[7] - Quote
So basically it provides no additional protection, just adds a layer of complexity for suckers who choose to enable it.
Jesus Christ.
#T2013
|
Cristl
221
|
Posted - 2015.04.24 16:48:41 -
[8] - Quote
EvilweaselSA wrote:yeah i gotta say, "two factor authentication, unless you're up to no good and know how to trivially bypass it in which case one factor is fine" is not really doing it for me
like, why on earth would i seriously inconvenience myself when anyone stealing my password won't be inconvenienced at all
Well, totally this. It's nice to know things are moving forward here, but...you need to enforce two-factor without any 'unless you're nefarious' loopholes. |
March rabbit
Federal Defense Union
1607
|
Posted - 2015.04.24 16:55:17 -
[9] - Quote
Having Ericsson T29 as main mobile phone device i always hate when people mentions 2FA. Hope this feature will always stay 'optional'.
The Mittani: "the inappropriate drunked joke"
|
Gabriel Karade
Noir. No Not Believing
244
|
Posted - 2015.04.24 16:58:48 -
[10] - Quote
So, it doesn't actually work?
War Machine: http://www.eveonline.com/ingameboard.asp?a=topic&threadID=386293
|
|
Airi Cho
Dark-Rising
83
|
Posted - 2015.04.24 17:02:14 -
[11] - Quote
2 things:
1. are yubikeys supported? 2. how about an option to deny login via the normal client? i mean that should be easy to implement. I can understand adding that extra roundtrip to the old client might be much work. |
Pen Ris
Deep Core Mining Inc. Caldari State
9
|
Posted - 2015.04.24 17:10:45 -
[12] - Quote
LOL - 2 factor authentication, unless you want to bypass it, isn't actually two factor authentication.
Considering the high dependence on 3P app/forums/services and very recent and limited availability of federated identity(SSO); do you think this will stop anyone from improperly accessing accounts who also has the skills to obtain lists of username/passwords from those 3Ps?
|
Steve Ronuken
Fuzzwork Enterprises Vote Steve Ronuken for CSM
5195
|
Posted - 2015.04.24 17:19:17 -
[13] - Quote
March rabbit wrote:Having Ericsson T29 as main mobile phone device i always hate when people mentions 2FA. Hope this feature will always stay 'optional'.
There are actually windows apps for doing this as well. Which is something, at least.
Just the google Authenticator.
(there's also the email option)
Sure, it's not going to stop someone logging into Eve (yet. I'm hopeful there will be launcher updates to make multi account logins and sets of settings viable. I keep asking for them) it does at least protect the website.
Woo! CSM X!
Fuzzwork Enterprises
Twitter: @fuzzysteve on Twitter
|
Steve Ronuken
Fuzzwork Enterprises Vote Steve Ronuken for CSM
5195
|
Posted - 2015.04.24 17:20:09 -
[14] - Quote
Pen Ris wrote:LOL - 2 factor authentication, unless you want to bypass it, isn't actually two factor authentication.
Considering the high dependence on 3P app/forums/services and very recent and limited availability of federated identity(SSO); do you think this will stop anyone from improperly accessing accounts who also has the skills to obtain lists of username/passwords from those 3Ps?
With any luck, people weren't moronic enough to reuse the passwords.
Woo! CSM X!
Fuzzwork Enterprises
Twitter: @fuzzysteve on Twitter
|
Altrue
Exploration Frontier inc Brave Collective
1708
|
Posted - 2015.04.24 17:29:56 -
[15] - Quote
Inb4 instead of fixing the eve.exe problem, they simply disable the possibility for us to use it to log-in.
Signature Tanking Best Tanking
Exploration Frontier Inc [Ex-F] CEO - BRAVE - Eve-guides.fr
|
Axhind
Eternity INC. Goonswarm Federation
81
|
Posted - 2015.04.24 17:31:14 -
[16] - Quote
Any chance of supporting something actually safe like Yubikey? E-mail and mobile apps can be hardly considered secure (better than nothing but that's about it). |
Axhind
Eternity INC. Goonswarm Federation
81
|
Posted - 2015.04.24 17:35:07 -
[17] - Quote
Altrue wrote:Inb4 instead of fixing the eve.exe problem, they simply disable the possibility for us to use it to log-in. We know CCP has been trying to force their launcher on us for ages now, with critical bugs never fixed on it (closing the settings window, anyone?), that kind of stuff... I don't get how making something that makes the login process more painful is any good.
That would be terrible considering that the launcher is utterly useless with several screens and different settings for each account. |
|
CCP Ghostrider
C C P C C P Alliance
0
|
Posted - 2015.04.24 17:44:26 -
[18] - Quote
We are aware that having the launcher bypass is not optimal but a lot of bad stuff can take place if someone gets access to account management like changing the registered email address, password changes and character transfers. Two-factor protecting the client login itself requires effort from multiple teams but is on the backlog. |
|
Kale Freeman
Dirt 'n' Glitter
42
|
Posted - 2015.04.24 17:56:32 -
[19] - Quote
I have multiple accounts, and I typically log in and out of various characters as I move buy materials, haul, start jobs, sell final products etc. I would guess that I log in/out maybe 10-15 times during the course of an evening.
The 2-factor auth really needs some sort of "single signon" that allows me to authenticate once and then access all my characters for the duration of the evening.
|
Aryth
GoonWaffe Goonswarm Federation
1717
|
Posted - 2015.04.24 17:59:38 -
[20] - Quote
CCP Ghostrider wrote:We are aware that having the launcher bypass is not optimal but a lot of bad stuff can take place if someone gets access to account management like changing the registered email address, password changes and character transfers. Two-factor protecting the client login itself requires effort from multiple teams but is on the backlog.
Do you feel it is a this year thing?
Leader of the Goonswarm Economic Warfare Cabal.
Creator of Burn Jita
Vile Rat: You're the greatest sociopath that has ever played eve.
|
|
March rabbit
Federal Defense Union
1607
|
Posted - 2015.04.24 18:05:22 -
[21] - Quote
Steve Ronuken wrote:March rabbit wrote:Having Ericsson T29 as main mobile phone device i always hate when people mentions 2FA. Hope this feature will always stay 'optional'. There are actually windows apps for doing this as well. Which is something, at least. Just the google Authenticator. (there's also the email option) Start the game, enter credentials, switch to browser, visit mailbox, copy something, switch to the game, paste something, enter the game.
Not sure if i like new procedure.
Steve Ronuken wrote: Sure, it's not going to stop someone logging into Eve (yet. I'm hopeful there will be launcher updates to make multi account logins and sets of settings viable. I keep asking for them) it does at least protect the website.
Well. I can survive 2FA on web site.... Visiting it once in a while. So they can put 2FA, 3FA, N-FA with as big N as they want. But making starting the game unnecessarily longer... No support from me.
The Mittani: "the inappropriate drunked joke"
|
virm pasuul
Viziam Amarr Empire
282
|
Posted - 2015.04.24 18:23:35 -
[22] - Quote
"Go to Account -> GÇ£Two Factor Authentication SettingsGÇ¥ and follow the instructions." I don't have this option :(
|
Steve Ronuken
Fuzzwork Enterprises Vote Steve Ronuken for CSM
5195
|
Posted - 2015.04.24 18:34:33 -
[23] - Quote
March rabbit wrote:Steve Ronuken wrote:March rabbit wrote:Having Ericsson T29 as main mobile phone device i always hate when people mentions 2FA. Hope this feature will always stay 'optional'. There are actually windows apps for doing this as well. Which is something, at least. Just the google Authenticator. (there's also the email option) Start the game, enter credentials, switch to browser, visit mailbox, copy something, switch to the game, paste something, enter the game. Not sure if i like new procedure. Steve Ronuken wrote: Sure, it's not going to stop someone logging into Eve (yet. I'm hopeful there will be launcher updates to make multi account logins and sets of settings viable. I keep asking for them) it does at least protect the website.
Well. I can survive 2FA on web site.... Visiting it once in a while. So they can put 2FA, 3FA, N-FA with as big N as they want. But making starting the game unnecessarily longer... No support from me.
It's optional. And I'd be really surprised if that changes
Woo! CSM X!
Fuzzwork Enterprises
Twitter: @fuzzysteve on Twitter
|
thowlimer
Roprocor Ltd
24
|
Posted - 2015.04.24 18:37:02 -
[24] - Quote
Steve Ronuken wrote:Pen Ris wrote:LOL - 2 factor authentication, unless you want to bypass it, isn't actually two factor authentication.
Considering the high dependence on 3P app/forums/services and very recent and limited availability of federated identity(SSO); do you think this will stop anyone from improperly accessing accounts who also has the skills to obtain lists of username/passwords from those 3Ps?
With any luck, people weren't moronic enough to reuse the passwords.
https://www.youtube.com/watch?v=a6iW-8xPw3k
|
|
CCP Ghostrider
C C P C C P Alliance
0
|
Posted - 2015.04.24 18:52:39 -
[25] - Quote
virm pasuul wrote:"Go to Account -> GÇ£Two Factor Authentication SettingsGÇ¥ and follow the instructions." I don't have this option :(
It should be available next Tuesday, April 28th :) |
|
SilentAsTheGrave
Brave Newbies Inc. Brave Collective
203
|
Posted - 2015.04.24 19:19:18 -
[26] - Quote
CCP Ghostrider wrote:We are aware that having the launcher bypass is not optimal but a lot of bad stuff can take place if someone gets access to account management like changing the registered email address, password changes and character transfers. Two-factor protecting the client login itself requires effort from multiple teams but is on the backlog. Shouldn't that be on the frontlog or whatever is a high priority? That's like bragging about a new door lock when the window is left wide open.
Buddy Program: If you sign up with my buddy invite link and subscribe with a valid payment method - I will give you 95% of the going rate for PLEX!
|
Aleida Aldeland
Eyes in the Skies I.N.F.A.M.Y
0
|
Posted - 2015.04.24 21:06:05 -
[27] - Quote
Does this have to be done every time?
Would be a lot more convenient if the second factor was only needed after a change of IP address / client.
Or if there was an optional "secure logout" which forced the use of second factor next login (for use in internet cafes). |
Mara Rinn
Cosmic Goo Convertor
5789
|
Posted - 2015.04.24 21:19:17 -
[28] - Quote
Axhind wrote:Any chance of supporting something actually safe like Yubikey? E-mail and mobile apps can be hardly considered secure (better than nothing but that's about it).
I am a security noob: how is Yubikey safer than a TOTP app like 1Password or Google Authenticator?
Day 0 Advice for New Players
|
Mara Rinn
Cosmic Goo Convertor
5789
|
Posted - 2015.04.24 21:23:09 -
[29] - Quote
SilentAsTheGrave wrote:CCP Ghostrider wrote:We are aware that having the launcher bypass is not optimal but a lot of bad stuff can take place if someone gets access to account management like changing the registered email address, password changes and character transfers. Two-factor protecting the client login itself requires effort from multiple teams but is on the backlog. Shouldn't that be on the frontlog or whatever is a high priority? That's like bragging about a new door lock when the window is left wide open.
Thus TOTP update is about keeping the title deeds for the house under lock and key. Sure, nefarious people can steal everything in your house, but they can't take your house.
Day 0 Advice for New Players
|
Zappity
Stay Frosty. A Band Apart.
1996
|
Posted - 2015.04.24 21:34:45 -
[30] - Quote
devblog wrote:This does not prevent people from logging into the game client by circumventing the launcher. Oh. Well that's a pity. Please don't take away exe, though.
Zappity's Adventures for a taste of lowsec.
|
|
|
|
|
Pages: [1] 2 3 4 :: one page |
First page | Previous page | Next page | Last page |