Pages: 1 [2] 3 4 :: one page |
|
Author |
Thread Statistics | Show CCP posts - 3 post(s) |
Iroquoiss Pliskin
Hedion University Amarr Empire
437
|
Posted - 2015.04.24 21:45:05 -
[31] - Quote
Excellent feature, long overdue.
Can sometimes get annoying with multiple IP resets, but that's the price. Altho, in this case here I see there is an option to exempt the current machine from this - other MMOs don't provide this option.
Great.
// Turret-Equivalent of the Rapid ML Concept
//
Cruisers Online - [Damage done in PvP by Shiptype]
|
Antihrist Pripravnik
T-AFK and counting
897
|
Posted - 2015.04.24 22:45:19 -
[32] - Quote
CCP Ghostrider wrote:We are aware that having the launcher bypass is not optimal but a lot of bad stuff can take place if someone gets access to account management like changing the registered email address, password changes and character transfers. Two-factor protecting the client login itself requires effort from multiple teams but is on the backlog.
Exactly. The 2FA protection now protects what's critically important. If a bad guy manages to log in to the game and do some in-game damage, I can already log in to the account management page and see who logged in and from where. Fixing the damage is only a GM ticket away. However if someone manages to access the account management page and change e-mail and login credentials, the path to the account recovery might not be so short.
That's all in theory anyway I pretty much trust my randomly generated cryptographically secure password which is periodically changed But then again, one can not be too paranoid about security. |
Steve Ronuken
Fuzzwork Enterprises Vote Steve Ronuken for CSM
5196
|
Posted - 2015.04.24 22:47:43 -
[33] - Quote
Zappity wrote:devblog wrote:This does not prevent people from logging into the game client by circumventing the launcher. Oh. Well that's a pity. Please don't take away exe, though.
I'm curious. What do you use the exe file functionality for?
(I use it myself for 2 accounts, launcher for the third. Always curious to see what other people use it for)
Woo! CSM X!
Fuzzwork Enterprises
Twitter: @fuzzysteve on Twitter
|
Scatim Helicon
GoonWaffe Goonswarm Federation
3220
|
Posted - 2015.04.24 22:53:20 -
[34] - Quote
CCP Ghostrider wrote:We are aware that having the launcher bypass is not optimal but a lot of bad stuff can take place if someone gets access to account management like changing the registered email address, password changes and character transfers. Two-factor protecting the client login itself requires effort from multiple teams but is on the backlog. Why would you even release an account security feature before fixing the ability to bypass it? :psyduck:
Post on the Eve-o forums with a Goonswarm Federation character that drinking bleach is bad for you, and 20 forum warriors will hospitalise themselves trying to prove you wrong.
|
Vincent Athena
V.I.C.E.
3330
|
Posted - 2015.04.24 22:53:47 -
[35] - Quote
Steve Ronuken wrote:Zappity wrote:devblog wrote:This does not prevent people from logging into the game client by circumventing the launcher. Oh. Well that's a pity. Please don't take away exe, though. I'm curious. What do you use the exe file functionality for? (I use it myself for 2 accounts, launcher for the third. Always curious to see what other people use it for) On a Mac, the best way to run multiple clients is to make clones with the Mac clonemaker. The clones go straight to the .exe file.
Know a Frozen fan? Check this out
Frozen fanfiction
|
Primary This Rifter
4S Corporation Goonswarm Federation
799
|
Posted - 2015.04.24 22:55:53 -
[36] - Quote
CCP Ghostrider wrote:We are aware that having the launcher bypass is not optimal but a lot of bad stuff can take place if someone gets access to account management like changing the registered email address, password changes and character transfers. Two-factor protecting the client login itself requires effort from multiple teams but is on the backlog. If you cannot implement 2FA properly, do not ship it until you can.
Delivering a security feature that can be bypassed trivially is incompetence, plain and simple. |
Scatim Helicon
GoonWaffe Goonswarm Federation
3220
|
Posted - 2015.04.24 22:56:21 -
[37] - Quote
On another note, a few years ago at Fanfest we were given key generators as part of our entry, I take it they will not be used for this (I still have mine somewhere)?
Post on the Eve-o forums with a Goonswarm Federation character that drinking bleach is bad for you, and 20 forum warriors will hospitalise themselves trying to prove you wrong.
|
Tyberius Franklin
Federal Navy Academy Gallente Federation
1404
|
Posted - 2015.04.24 22:59:06 -
[38] - Quote
Thanks for this. Looking forward to getting it set up. |
Hakaari Inkuran
State War Academy Caldari State
225
|
Posted - 2015.04.24 23:25:18 -
[39] - Quote
CCP Logibro wrote:After much work from CCP Ghostrider and friends, we are finally able to announce the roll-out of Two-Factor Authentication for Account management and our SSO service. Anyone wanting to keep their account secure should take a look at the latest dev blog for more details on how it works, and how to get it working on your accounts. Not interested unless it ONLY asks for a code when logging in on an unrecognized system or ip address. This is a hassle that is currently circumventible for legacy code reasons? Effort is appreciated butno thank you. |
Infinite Destruction
Caldari Provisions Caldari State
16
|
Posted - 2015.04.24 23:42:21 -
[40] - Quote
So with this new system (if activated) each and every time I log into one of my 6 accounts I would have to wait for an email with a code, and every time I log out and into one of my 12 alt toons, I would again have to wait for an email with a confirmation code ?
(Or, each and every time I log into one of those 18 different toons I would have to generate a new code on my smartphone and then enter that ?)
Yeah - ain't gonna happen.
And you do realize that this isn't likely to cut down on the number of people who claim they were hacked by the neighbour's dog or by cousin It (who probably of course have access to the "victim's" email on the same computer they have Eve installed on, and looky looky, a smart phone sitting right beside it) ! |
|
Zappity
Stay Frosty. A Band Apart.
1998
|
Posted - 2015.04.24 23:53:49 -
[41] - Quote
Steve Ronuken wrote:Zappity wrote:devblog wrote:This does not prevent people from logging into the game client by circumventing the launcher. Oh. Well that's a pity. Please don't take away exe, though. I'm curious. What do you use the exe file functionality for? (I use it myself for 2 accounts, launcher for the third. Always curious to see what other people use it for) I use it for three accounts. If I am just logging a couple of characters then the launcher would be fine. But if I need to rapidly switch characters then exe is far superior. You can pre-launch a few windows and fill them in with the right passwords, then just hit enter when you want to switch. The launcher is annoying because of the pull down, the fact that it is slower, the fact that you can't pre-launch a window.
Having said that, asking for a key for every single login described above would be very annoying. Having an option for asking only on a new IP would be great.
Zappity's Adventures for a taste of lowsec.
|
Mackenzie Hawkwood
Event Horizon Expeditionaries Apocalypse Now.
31
|
Posted - 2015.04.25 00:50:54 -
[42] - Quote
Steve Ronuken wrote:Zappity wrote:devblog wrote:This does not prevent people from logging into the game client by circumventing the launcher. Oh. Well that's a pity. Please don't take away exe, though. I'm curious. What do you use the exe file functionality for? (I use it myself for 2 accounts, launcher for the third. Always curious to see what other people use it for)
I use the exefile.exe method because the launcher never worked for me upon original release (have CCP fixed it for Win7 64bit issue?) and with the pages of forum posts stating problems with it, why would anyone bother to use it. I have the .exe pinned to my task bar and I just have to click/shift+click to open all the clients I need. No need for the resource hog/ad-fest of a launcher. It just means I dont have access to the spaceship barbies clothes store, but then nothing of value was lost.
Why a switch on/off?
Because the new animation doesn't add anything to gameplay and it's graphically annoying.
In other words, it's worse than bad: it's useless.
Simple as that. - Kina Ayami
|
Masao Kurata
Perkone Caldari State
214
|
Posted - 2015.04.25 01:56:50 -
[43] - Quote
So uh does this require us to enter a code from our e-mail every time we log in to any account even from the same IP? I can't see anyone using that even if it weren't for the fact that you can bypass this by not using the launcher. |
Swidgen
Republic University Minmatar Republic
154
|
Posted - 2015.04.25 03:17:53 -
[44] - Quote
Is there anyone at CCP named Walter? Because if there is I would like to tell him, "No more half measures, Walter." |
Tyberius Franklin
Federal Navy Academy Gallente Federation
1409
|
Posted - 2015.04.25 04:05:26 -
[45] - Quote
Mackenzie Hawkwood wrote:Steve Ronuken wrote:Zappity wrote:devblog wrote:This does not prevent people from logging into the game client by circumventing the launcher. Oh. Well that's a pity. Please don't take away exe, though. I'm curious. What do you use the exe file functionality for? (I use it myself for 2 accounts, launcher for the third. Always curious to see what other people use it for) I use the exefile.exe method because the launcher never worked for me upon original release (have CCP fixed it for Win7 64bit issue?) and with the pages of forum posts stating problems with it, why would anyone bother to use it. I have the .exe pinned to my task bar and I just have to click/shift+click to open all the clients I need. No need for the resource hog/ad-fest of a launcher. It just means I dont have access to the spaceship barbies clothes store, but then nothing of value was lost. What is the Win7 64bit issue? That's the OS I use and I haven't had any issues I had reason to believe were specific to it. Never had any specific recurring issues since it launched either that I am aware of. |
Zappity
Stay Frosty. A Band Apart.
1999
|
Posted - 2015.04.25 04:58:22 -
[46] - Quote
Actually, now that I think about it, if I would be required to use two factor authentication each time I log a new character in then leaving the exe out of the loop is pretty good. Protecting my account is pretty good even if the character isn't protected.
Zappity's Adventures for a taste of lowsec.
|
Airi Cho
Dark-Rising
83
|
Posted - 2015.04.25 05:49:09 -
[47] - Quote
Mara Rinn wrote:Axhind wrote:Any chance of supporting something actually safe like Yubikey? E-mail and mobile apps can be hardly considered secure (better than nothing but that's about it). I am a security noob: how is Yubikey safer than a TOTP app like 1Password or Google Authenticator?
you need to get hold of the device and not just seed of the TOTP app. |
Axhind
Eternity INC. Goonswarm Federation
82
|
Posted - 2015.04.25 07:56:05 -
[48] - Quote
Mara Rinn wrote:Axhind wrote:Any chance of supporting something actually safe like Yubikey? E-mail and mobile apps can be hardly considered secure (better than nothing but that's about it). I am a security noob: how is Yubikey safer than a TOTP app like 1Password or Google Authenticator?
It's separate hardware key (FOB) making it far less likely to get compromised. Something that can not be said for e-mail or phones that are probably the most insecure devices people use (well except smart TVs and co). |
Torgeir Hekard
I MYSELF AND ME
145
|
Posted - 2015.04.25 10:32:11 -
[49] - Quote
Is there an option to only enable it for the account management page. Because, seriously, checking e-mail each time you log into the game? |
Sabriz Adoudel
Glorious Revolutionary Armed Forces of Highsec CODE.
5023
|
Posted - 2015.04.25 11:09:34 -
[50] - Quote
Does anyone actually use the launcher? I bypass it as often as possible because it loads in 'Offline Mode' about 50-60% of the time.
I'd be willing to put effort into getting the launcher to work if 2FA actually provided some serious protection, but this does not.
Put it on hiatus, and come back to us when it is ready.
Shoot everyone. Let the Saviour sort it out.
I enforce the New Haliama Code of Conduct via wardec ops. Ignorance of the law is no excuse - read about requirements for highsec miners at www.minerbumping.com
|
|
Memphis Baas
320
|
Posted - 2015.04.25 12:33:37 -
[51] - Quote
It sounds like quite a few people would use the second factor for Account Management protection but don't want to be inconvenienced when logging into the client.
You also show the option "don't ask for codes again on this computer" in your dev blog but no one seems to have noticed that.
Also, it's a to do list, not a backlog. |
Iroquoiss Pliskin
Hedion University Amarr Empire
446
|
Posted - 2015.04.25 14:47:24 -
[52] - Quote
Memphis Baas wrote:It sounds like quite a few people would use the second factor for Account Management protection but don't want to be inconvenienced when logging into the client.
You also show the option "don't ask for codes again on this computer" in your dev blog but no one seems to have noticed that.
Also, it's a to do list, not a backlog.
Ahem,
Iroquoiss Pliskin wrote:Can sometimes get annoying with multiple IP resets, but that's the price. Altho, in this case here I see there is an option to exempt the current machine from this - other MMOs don't provide this option. Great.
// Turret-Equivalent of the Rapid ML Concept
//
Cruisers Online - [Damage done in PvP by Shiptype]
|
Sturmwolke
641
|
Posted - 2015.04.26 23:17:10 -
[53] - Quote
GA? No thanks.
|
helana Tsero
Science and Trade Institute Caldari State
113
|
Posted - 2015.04.27 01:11:17 -
[54] - Quote
What If I want two factor authentication on the account managment page only ???
Having it on the launcher is pointless currently as its easily bypassed. All it does not is add extra work for the user while providing no extra security for the game client log on.
I would use it if I could select it to apply to the account mangement page only. (as that is actually a working two factor Auth)
"... ppl need to get out of caves and they will see something new... thats where is eve placed... not in cave..."-á | zoonr-Korsairs |-á QFT !
|
Steve Ronuken
Fuzzwork Enterprises Vote Steve Ronuken for CSM
5201
|
Posted - 2015.04.27 04:25:45 -
[55] - Quote
Sabriz Adoudel wrote:Does anyone actually use the launcher? I bypass it as often as possible because it loads in 'Offline Mode' about 50-60% of the time.
I'd be willing to put effort into getting the launcher to work if 2FA actually provided some serious protection, but this does not.
Put it on hiatus, and come back to us when it is ready.
I use the launcher, and it's rare I have a problem. (as in, when I have a problem, it tends to be because there's a ddos happening)
Woo! CSM X!
Fuzzwork Enterprises
Twitter: @fuzzysteve on Twitter
|
Eria Quint
Republic University Minmatar Republic
1
|
Posted - 2015.04.27 07:17:21 -
[56] - Quote
Hi,
I quickly read to the thread and couldn't find a answer (if it should be answered though, sorry for asking again)
I love and support the idea! Good work !
Anyhow one remark/question:
Has the launcher an option (per pc) to remember the computer and only ask once for the authentication code. This is really important. For a pc you trust eg desktop pc running multiple clients this is a burden to have to enter a code for each account.
I hope the launcher is implemented (or get implemented) like eg gmail. There you have the option to mark a checkbox to say that the code shouldn't asked anymore for this pc
Attached the a link on how this is implemented in gmail, it is this option that should be included in the launcher:
http://tinypic.com/r/2j4wug6/8 |
Steve Ronuken
Fuzzwork Enterprises Vote Steve Ronuken for CSM
5201
|
Posted - 2015.04.27 11:56:10 -
[57] - Quote
Eria Quint wrote:Hi, I quickly read to the thread and couldn't find a answer (if it should be answered though, sorry for asking again) I love and support the idea! Good work ! Anyhow one remark/question: Has the launcher an option (per pc) to remember the computer and only ask once for the authentication code. This is really important. For a pc you trust eg desktop pc running multiple clients this is a burden to have to enter a code for each account. I hope the launcher is implemented (or get implemented) like eg gmail. There you have the option to mark a checkbox to say that the code shouldn't asked anymore for this pc Attached the a link on how this is implemented in gmail, it is this option that should be included in the launcher: http://tinypic.com/r/2j4wug6/8
Go back and look at the included pictures in the devblog.
Woo! CSM X!
Fuzzwork Enterprises
Twitter: @fuzzysteve on Twitter
|
Eria Quint
Republic University Minmatar Republic
1
|
Posted - 2015.04.27 12:13:44 -
[58] - Quote
Tnx a lot for the feedback Steve.
I saw the screenshot but wasn't immediately clear if this applied as well to the launcher. (Since it's already in place in the screenshot I suppose it's just a matter of adding a checkbox to the launcher)
Can this already be tested on Sisi?
Steve Ronuken wrote:Eria Quint wrote:Hi, I quickly read to the thread and couldn't find a answer (if it should be answered though, sorry for asking again) I love and support the idea! Good work ! Anyhow one remark/question: Has the launcher an option (per pc) to remember the computer and only ask once for the authentication code. This is really important. For a pc you trust eg desktop pc running multiple clients this is a burden to have to enter a code for each account. I hope the launcher is implemented (or get implemented) like eg gmail. There you have the option to mark a checkbox to say that the code shouldn't asked anymore for this pc Attached the a link on how this is implemented in gmail, it is this option that should be included in the launcher: http://tinypic.com/r/2j4wug6/8 Go back and look at the included pictures in the devblog.
|
Angmar Udate
18
|
Posted - 2015.04.27 23:01:05 -
[59] - Quote
The launcher bypass is kind of a big deal. Also would really like the ability to white list a client, so it only challenges for 2 factor when I log in on a new client.
(PS. while you are at it, please add meta-accounts to manage our different accounts in one place and make it easier to switch between accounts :)) |
Mara Rinn
Cosmic Goo Convertor
5790
|
Posted - 2015.04.28 03:51:59 -
[60] - Quote
Angmar Udate wrote:The launcher bypass is kind of a big deal. Also would really like the ability to white list a client, so it only challenges for 2 factor when I log in on a new client.
(PS. while you are at it, please add meta-accounts to manage our different accounts in one place and make it easier to switch between accounts :))
I would go so far as to say, give us one account with subscriptions for login slots and skill queues. Thus I could pay $5/month for one login slot and $5/month for one skill queue, or $10/month for two login slots since I have no further skill training of interest.
Day 0 Advice for New Players
|
|
|
|
|
Pages: 1 [2] 3 4 :: one page |
First page | Previous page | Next page | Last page |