EVE Search - Sticky:Dev Blog: Two-Factor Authenticaion... finally!

All Channels

EVE Information Portal

Sticky:Dev Blog: Two-Factor Authenticaion... finally!

» Click here to find additional results for this topic using Google

Monitor this thread via RSS [?]

Pages: 1 2 3 4 :: [one page]
Author	Thread Statistics \| Show CCP posts - 3 post(s)

CCP Logibro C C P C C P Alliance 869	Posted - 2015.04.24 15:49:47 - [1] - Quote After much work from CCP Ghostrider and friends, we are finally able to announce the roll-out of Two-Factor Authentication for Account management and our SSO service. Anyone wanting to keep their account secure should take a look at the latest dev blog for more details on how it works, and how to get it working on your accounts. CCP Logibro // EVE Universe Community Team // Distributor of Nanites // Patron Saint of Logistics @CCP_Logibro


Chribba Otherworld Enterprises Otherworld Empire 14276	Posted - 2015.04.24 16:08:03 - [2] - Quote Man I wish we could have optional IP-restrictions as a choice over 2FA. But this is a good start, and not a day too late. ~~edit/also, what about not using the launcher but the client directly? what will happen there?~~ - Found it by READING! So... no 2FA if you use the client lol not much of security until you get around to fix that then. Do it quickly! /c GÿàGÿàGÿà Secure 3rd party service GÿàGÿàGÿà Visit my in-game channel 'Holy Veldspar' Twitter @Chribba

Aryth GoonWaffe Goonswarm Federation 1717	Posted - 2015.04.24 16:18:33 - [3] - Quote I really want to use this...but being able to bypass it is a deal breaker. ETA on that being fixed? Leader of the Goonswarm Economic Warfare Cabal. Creator of Burn Jita Vile Rat: You're the greatest sociopath that has ever played eve.
Vincent Athena V.I.C.E. 3328	Posted - 2015.04.24 16:21:38 - [4] - Quote Typo: "Where two factors are needed two log in" Know a Frozen fan? Check this out Frozen fanfiction
EvilweaselSA GoonWaffe Goonswarm Federation 1062	Posted - 2015.04.24 16:22:42 - [5] - Quote yeah i gotta say, "two factor authentication, unless you're up to no good and know how to trivially bypass it in which case one factor is fine" is not really doing it for me like, why on earth would i seriously inconvenience myself when anyone stealing my password won't be inconvenienced at all
Abla Tive 94	Posted - 2015.04.24 16:37:31 - [6] - Quote A welcome improvement, even though it is only psuedo two factor authentication.
Literally Space Moses GoonWaffe Goonswarm Federation 166	Posted - 2015.04.24 16:48:27 - [7] - Quote So basically it provides no additional protection, just adds a layer of complexity for suckers who choose to enable it. Jesus Christ. #T2013
Cristl 221	Posted - 2015.04.24 16:48:41 - [8] - Quote EvilweaselSA wrote: yeah i gotta say, "two factor authentication, unless you're up to no good and know how to trivially bypass it in which case one factor is fine" is not really doing it for me like, why on earth would i seriously inconvenience myself when anyone stealing my password won't be inconvenienced at all Well, totally this. It's nice to know things are moving forward here, but...you need to enforce two-factor without any 'unless you're nefarious' loopholes.
March rabbit Federal Defense Union 1607	Posted - 2015.04.24 16:55:17 - [9] - Quote Having Ericsson T29 as main mobile phone device i always hate when people mentions 2FA. Hope this feature will always stay 'optional'. The Mittani: "the inappropriate drunked joke"
Gabriel Karade Noir. No Not Believing 244	Posted - 2015.04.24 16:58:48 - [10] - Quote So, it doesn't actually work? War Machine: http://www.eveonline.com/ingameboard.asp?a=topic&threadID=386293
Airi Cho Dark-Rising 83	Posted - 2015.04.24 17:02:14 - [11] - Quote 2 things: 1. are yubikeys supported? 2. how about an option to deny login via the normal client? i mean that should be easy to implement. I can understand adding that extra roundtrip to the old client might be much work.
Pen Ris Deep Core Mining Inc. Caldari State 9	Posted - 2015.04.24 17:10:45 - [12] - Quote LOL - 2 factor authentication, unless you want to bypass it, isn't actually two factor authentication. Considering the high dependence on 3P app/forums/services and very recent and limited availability of federated identity(SSO); do you think this will stop anyone from improperly accessing accounts who also has the skills to obtain lists of username/passwords from those 3Ps?
Steve Ronuken Fuzzwork Enterprises Vote Steve Ronuken for CSM 5195	Posted - 2015.04.24 17:19:17 - [13] - Quote March rabbit wrote: Having Ericsson T29 as main mobile phone device i always hate when people mentions 2FA. Hope this feature will always stay 'optional'. There are actually windows apps for doing this as well. Which is something, at least. Just the google Authenticator. (there's also the email option) Sure, it's not going to stop someone logging into Eve (yet. I'm hopeful there will be launcher updates to make multi account logins and sets of settings viable. I keep asking for them) it does at least protect the website. Woo! CSM X! Fuzzwork Enterprises Twitter: @fuzzysteve on Twitter
Steve Ronuken Fuzzwork Enterprises Vote Steve Ronuken for CSM 5195	Posted - 2015.04.24 17:20:09 - [14] - Quote Pen Ris wrote: LOL - 2 factor authentication, unless you want to bypass it, isn't actually two factor authentication. Considering the high dependence on 3P app/forums/services and very recent and limited availability of federated identity(SSO); do you think this will stop anyone from improperly accessing accounts who also has the skills to obtain lists of username/passwords from those 3Ps? With any luck, people weren't moronic enough to reuse the passwords. Woo! CSM X! Fuzzwork Enterprises Twitter: @fuzzysteve on Twitter
Altrue Exploration Frontier inc Brave Collective 1708	Posted - 2015.04.24 17:29:56 - [15] - Quote Inb4 instead of fixing the eve.exe problem, they simply disable the possibility for us to use it to log-in. Signature Tanking Best Tanking Exploration Frontier Inc [Ex-F] CEO - BRAVE - Eve-guides.fr
Axhind Eternity INC. Goonswarm Federation 81	Posted - 2015.04.24 17:31:14 - [16] - Quote Any chance of supporting something actually safe like Yubikey? E-mail and mobile apps can be hardly considered secure (better than nothing but that's about it).
Axhind Eternity INC. Goonswarm Federation 81	Posted - 2015.04.24 17:35:07 - [17] - Quote Altrue wrote: Inb4 instead of fixing the eve.exe problem, they simply disable the possibility for us to use it to log-in. We know CCP has been trying to force their launcher on us for ages now, with critical bugs never fixed on it (closing the settings window, anyone?), that kind of stuff... I don't get how making something that makes the login process more painful is any good. That would be terrible considering that the launcher is utterly useless with several screens and different settings for each account.

CCP Ghostrider C C P C C P Alliance 0	Posted - 2015.04.24 17:44:26 - [18] - Quote We are aware that having the launcher bypass is not optimal but a lot of bad stuff can take place if someone gets access to account management like changing the registered email address, password changes and character transfers. Two-factor protecting the client login itself requires effort from multiple teams but is on the backlog.

Kale Freeman Dirt 'n' Glitter 42	Posted - 2015.04.24 17:56:32 - [19] - Quote I have multiple accounts, and I typically log in and out of various characters as I move buy materials, haul, start jobs, sell final products etc. I would guess that I log in/out maybe 10-15 times during the course of an evening. The 2-factor auth really needs some sort of "single signon" that allows me to authenticate once and then access all my characters for the duration of the evening.
Aryth GoonWaffe Goonswarm Federation 1717	Posted - 2015.04.24 17:59:38 - [20] - Quote CCP Ghostrider wrote: We are aware that having the launcher bypass is not optimal but a lot of bad stuff can take place if someone gets access to account management like changing the registered email address, password changes and character transfers. Two-factor protecting the client login itself requires effort from multiple teams but is on the backlog. Do you feel it is a this year thing? Leader of the Goonswarm Economic Warfare Cabal. Creator of Burn Jita Vile Rat: You're the greatest sociopath that has ever played eve.
March rabbit Federal Defense Union 1607	Posted - 2015.04.24 18:05:22 - [21] - Quote Steve Ronuken wrote: March rabbit wrote: Having Ericsson T29 as main mobile phone device i always hate when people mentions 2FA. Hope this feature will always stay 'optional'. There are actually windows apps for doing this as well. Which is something, at least. Just the google Authenticator. (there's also the email option) Start the game, enter credentials, switch to browser, visit mailbox, copy something, switch to the game, paste something, enter the game. Not sure if i like new procedure. Steve Ronuken wrote: Sure, it's not going to stop someone logging into Eve (yet. I'm hopeful there will be launcher updates to make multi account logins and sets of settings viable. I keep asking for them) it does at least protect the website. Well. I can survive 2FA on web site.... Visiting it once in a while. So they can put 2FA, 3FA, N-FA with as big N as they want. But making starting the game unnecessarily longer... No support from me. The Mittani: "the inappropriate drunked joke"
virm pasuul Viziam Amarr Empire 282	Posted - 2015.04.24 18:23:35 - [22] - Quote "Go to Account -> GÇ£Two Factor Authentication SettingsGÇ¥ and follow the instructions." I don't have this option :(
Steve Ronuken Fuzzwork Enterprises Vote Steve Ronuken for CSM 5195	Posted - 2015.04.24 18:34:33 - [23] - Quote March rabbit wrote: Steve Ronuken wrote: March rabbit wrote: Having Ericsson T29 as main mobile phone device i always hate when people mentions 2FA. Hope this feature will always stay 'optional'. There are actually windows apps for doing this as well. Which is something, at least. Just the google Authenticator. (there's also the email option) Start the game, enter credentials, switch to browser, visit mailbox, copy something, switch to the game, paste something, enter the game. Not sure if i like new procedure. Steve Ronuken wrote: Sure, it's not going to stop someone logging into Eve (yet. I'm hopeful there will be launcher updates to make multi account logins and sets of settings viable. I keep asking for them) it does at least protect the website. Well. I can survive 2FA on web site.... Visiting it once in a while. So they can put 2FA, 3FA, N-FA with as big N as they want. But making starting the game unnecessarily longer... No support from me. It's optional. And I'd be really surprised if that changes Woo! CSM X! Fuzzwork Enterprises Twitter: @fuzzysteve on Twitter
thowlimer Roprocor Ltd 24	Posted - 2015.04.24 18:37:02 - [24] - Quote Steve Ronuken wrote: Pen Ris wrote: LOL - 2 factor authentication, unless you want to bypass it, isn't actually two factor authentication. Considering the high dependence on 3P app/forums/services and very recent and limited availability of federated identity(SSO); do you think this will stop anyone from improperly accessing accounts who also has the skills to obtain lists of username/passwords from those 3Ps? With any luck, people weren't moronic enough to reuse the passwords. https://www.youtube.com/watch?v=a6iW-8xPw3k

CCP Ghostrider C C P C C P Alliance 0	Posted - 2015.04.24 18:52:39 - [25] - Quote virm pasuul wrote: "Go to Account -> GÇ£Two Factor Authentication SettingsGÇ¥ and follow the instructions." I don't have this option :( It should be available next Tuesday, April 28th :)

SilentAsTheGrave Brave Newbies Inc. Brave Collective 203	Posted - 2015.04.24 19:19:18 - [26] - Quote CCP Ghostrider wrote: We are aware that having the launcher bypass is not optimal but a lot of bad stuff can take place if someone gets access to account management like changing the registered email address, password changes and character transfers. Two-factor protecting the client login itself requires effort from multiple teams but is on the backlog. Shouldn't that be on the frontlog or whatever is a high priority? That's like bragging about a new door lock when the window is left wide open. Buddy Program: If you sign up with my buddy invite link and subscribe with a valid payment method - I will give you 95% of the going rate for PLEX!
Aleida Aldeland Eyes in the Skies I.N.F.A.M.Y 0	Posted - 2015.04.24 21:06:05 - [27] - Quote Does this have to be done every time? Would be a lot more convenient if the second factor was only needed after a change of IP address / client. Or if there was an optional "secure logout" which forced the use of second factor next login (for use in internet cafes).
Mara Rinn Cosmic Goo Convertor 5789	Posted - 2015.04.24 21:19:17 - [28] - Quote Axhind wrote: Any chance of supporting something actually safe like Yubikey? E-mail and mobile apps can be hardly considered secure (better than nothing but that's about it). I am a security noob: how is Yubikey safer than a TOTP app like 1Password or Google Authenticator? Day 0 Advice for New Players
Mara Rinn Cosmic Goo Convertor 5789	Posted - 2015.04.24 21:23:09 - [29] - Quote SilentAsTheGrave wrote: CCP Ghostrider wrote: We are aware that having the launcher bypass is not optimal but a lot of bad stuff can take place if someone gets access to account management like changing the registered email address, password changes and character transfers. Two-factor protecting the client login itself requires effort from multiple teams but is on the backlog. Shouldn't that be on the frontlog or whatever is a high priority? That's like bragging about a new door lock when the window is left wide open. Thus TOTP update is about keeping the title deeds for the house under lock and key. Sure, nefarious people can steal everything in your house, but they can't take your house. Day 0 Advice for New Players
Zappity Stay Frosty. A Band Apart. 1996	Posted - 2015.04.24 21:34:45 - [30] - Quote devblog wrote: This does not prevent people from logging into the game client by circumventing the launcher. Oh. Well that's a pity. Please don't take away exe, though. Zappity's Adventures for a taste of lowsec.
Iroquoiss Pliskin Hedion University Amarr Empire 437	Posted - 2015.04.24 21:45:05 - [31] - Quote Excellent feature, long overdue. Can sometimes get annoying with multiple IP resets, but that's the price. Altho, in this case here I see there is an option to exempt the current machine from this - other MMOs don't provide this option. Great. // Turret-Equivalent of the Rapid ML Concept // Cruisers Online - [Damage done in PvP by Shiptype]
Antihrist Pripravnik T-AFK and counting 897	Posted - 2015.04.24 22:45:19 - [32] - Quote CCP Ghostrider wrote: We are aware that having the launcher bypass is not optimal but a lot of bad stuff can take place if someone gets access to account management like changing the registered email address, password changes and character transfers. Two-factor protecting the client login itself requires effort from multiple teams but is on the backlog. Exactly. The 2FA protection now protects what's critically important. If a bad guy manages to log in to the game and do some in-game damage, I can already log in to the account management page and see who logged in and from where. Fixing the damage is only a GM ticket away. However if someone manages to access the account management page and change e-mail and login credentials, the path to the account recovery might not be so short. That's all in theory anyway I pretty much trust my randomly generated cryptographically secure password which is periodically changed But then again, one can not be too paranoid about security.
Steve Ronuken Fuzzwork Enterprises Vote Steve Ronuken for CSM 5196	Posted - 2015.04.24 22:47:43 - [33] - Quote Zappity wrote: devblog wrote: This does not prevent people from logging into the game client by circumventing the launcher. Oh. Well that's a pity. Please don't take away exe, though. I'm curious. What do you use the exe file functionality for? (I use it myself for 2 accounts, launcher for the third. Always curious to see what other people use it for) Woo! CSM X! Fuzzwork Enterprises Twitter: @fuzzysteve on Twitter
Scatim Helicon GoonWaffe Goonswarm Federation 3220	Posted - 2015.04.24 22:53:20 - [34] - Quote CCP Ghostrider wrote: We are aware that having the launcher bypass is not optimal but a lot of bad stuff can take place if someone gets access to account management like changing the registered email address, password changes and character transfers. Two-factor protecting the client login itself requires effort from multiple teams but is on the backlog. Why would you even release an account security feature before fixing the ability to bypass it? :psyduck: Post on the Eve-o forums with a Goonswarm Federation character that drinking bleach is bad for you, and 20 forum warriors will hospitalise themselves trying to prove you wrong.
Vincent Athena V.I.C.E. 3330	Posted - 2015.04.24 22:53:47 - [35] - Quote Steve Ronuken wrote: Zappity wrote: devblog wrote: This does not prevent people from logging into the game client by circumventing the launcher. Oh. Well that's a pity. Please don't take away exe, though. I'm curious. What do you use the exe file functionality for? (I use it myself for 2 accounts, launcher for the third. Always curious to see what other people use it for) On a Mac, the best way to run multiple clients is to make clones with the Mac clonemaker. The clones go straight to the .exe file. Know a Frozen fan? Check this out Frozen fanfiction
Primary This Rifter 4S Corporation Goonswarm Federation 799	Posted - 2015.04.24 22:55:53 - [36] - Quote CCP Ghostrider wrote: We are aware that having the launcher bypass is not optimal but a lot of bad stuff can take place if someone gets access to account management like changing the registered email address, password changes and character transfers. Two-factor protecting the client login itself requires effort from multiple teams but is on the backlog. If you cannot implement 2FA properly, do not ship it until you can. Delivering a security feature that can be bypassed trivially is incompetence, plain and simple.
Scatim Helicon GoonWaffe Goonswarm Federation 3220	Posted - 2015.04.24 22:56:21 - [37] - Quote On another note, a few years ago at Fanfest we were given key generators as part of our entry, I take it they will not be used for this (I still have mine somewhere)? Post on the Eve-o forums with a Goonswarm Federation character that drinking bleach is bad for you, and 20 forum warriors will hospitalise themselves trying to prove you wrong.
Tyberius Franklin Federal Navy Academy Gallente Federation 1404	Posted - 2015.04.24 22:59:06 - [38] - Quote Thanks for this. Looking forward to getting it set up.
Hakaari Inkuran State War Academy Caldari State 225	Posted - 2015.04.24 23:25:18 - [39] - Quote CCP Logibro wrote: After much work from CCP Ghostrider and friends, we are finally able to announce the roll-out of Two-Factor Authentication for Account management and our SSO service. Anyone wanting to keep their account secure should take a look at the latest dev blog for more details on how it works, and how to get it working on your accounts. Not interested unless it ONLY asks for a code when logging in on an unrecognized system or ip address. This is a hassle that is currently circumventible for legacy code reasons? Effort is appreciated butno thank you.
Infinite Destruction Caldari Provisions Caldari State 16	Posted - 2015.04.24 23:42:21 - [40] - Quote So with this new system (if activated) each and every time I log into one of my 6 accounts I would have to wait for an email with a code, and every time I log out and into one of my 12 alt toons, I would again have to wait for an email with a confirmation code ? (Or, each and every time I log into one of those 18 different toons I would have to generate a new code on my smartphone and then enter that ?) Yeah - ain't gonna happen. And you do realize that this isn't likely to cut down on the number of people who claim they were hacked by the neighbour's dog or by cousin It (who probably of course have access to the "victim's" email on the same computer they have Eve installed on, and looky looky, a smart phone sitting right beside it) !
Zappity Stay Frosty. A Band Apart. 1998	Posted - 2015.04.24 23:53:49 - [41] - Quote Steve Ronuken wrote: Zappity wrote: devblog wrote: This does not prevent people from logging into the game client by circumventing the launcher. Oh. Well that's a pity. Please don't take away exe, though. I'm curious. What do you use the exe file functionality for? (I use it myself for 2 accounts, launcher for the third. Always curious to see what other people use it for) I use it for three accounts. If I am just logging a couple of characters then the launcher would be fine. But if I need to rapidly switch characters then exe is far superior. You can pre-launch a few windows and fill them in with the right passwords, then just hit enter when you want to switch. The launcher is annoying because of the pull down, the fact that it is slower, the fact that you can't pre-launch a window. Having said that, asking for a key for every single login described above would be very annoying. Having an option for asking only on a new IP would be great. Zappity's Adventures for a taste of lowsec.
Mackenzie Hawkwood Event Horizon Expeditionaries Apocalypse Now. 31	Posted - 2015.04.25 00:50:54 - [42] - Quote Steve Ronuken wrote: Zappity wrote: devblog wrote: This does not prevent people from logging into the game client by circumventing the launcher. Oh. Well that's a pity. Please don't take away exe, though. I'm curious. What do you use the exe file functionality for? (I use it myself for 2 accounts, launcher for the third. Always curious to see what other people use it for) I use the exefile.exe method because the launcher never worked for me upon original release (have CCP fixed it for Win7 64bit issue?) and with the pages of forum posts stating problems with it, why would anyone bother to use it. I have the .exe pinned to my task bar and I just have to click/shift+click to open all the clients I need. No need for the resource hog/ad-fest of a launcher. It just means I dont have access to the spaceship barbies clothes store, but then nothing of value was lost. Why a switch on/off? Because the new animation doesn't add anything to gameplay and it's graphically annoying. In other words, it's worse than bad: it's useless. Simple as that. - Kina Ayami
Masao Kurata Perkone Caldari State 214	Posted - 2015.04.25 01:56:50 - [43] - Quote So uh does this require us to enter a code from our e-mail every time we log in to any account even from the same IP? I can't see anyone using that even if it weren't for the fact that you can bypass this by not using the launcher.
Swidgen Republic University Minmatar Republic 154	Posted - 2015.04.25 03:17:53 - [44] - Quote Is there anyone at CCP named Walter? Because if there is I would like to tell him, "No more half measures, Walter."
Tyberius Franklin Federal Navy Academy Gallente Federation 1409	Posted - 2015.04.25 04:05:26 - [45] - Quote Mackenzie Hawkwood wrote: Steve Ronuken wrote: Zappity wrote: devblog wrote: This does not prevent people from logging into the game client by circumventing the launcher. Oh. Well that's a pity. Please don't take away exe, though. I'm curious. What do you use the exe file functionality for? (I use it myself for 2 accounts, launcher for the third. Always curious to see what other people use it for) I use the exefile.exe method because the launcher never worked for me upon original release (have CCP fixed it for Win7 64bit issue?) and with the pages of forum posts stating problems with it, why would anyone bother to use it. I have the .exe pinned to my task bar and I just have to click/shift+click to open all the clients I need. No need for the resource hog/ad-fest of a launcher. It just means I dont have access to the spaceship barbies clothes store, but then nothing of value was lost. What is the Win7 64bit issue? That's the OS I use and I haven't had any issues I had reason to believe were specific to it. Never had any specific recurring issues since it launched either that I am aware of.
Zappity Stay Frosty. A Band Apart. 1999	Posted - 2015.04.25 04:58:22 - [46] - Quote Actually, now that I think about it, if I would be required to use two factor authentication each time I log a new character in then leaving the exe out of the loop is pretty good. Protecting my account is pretty good even if the character isn't protected. Zappity's Adventures for a taste of lowsec.
Airi Cho Dark-Rising 83	Posted - 2015.04.25 05:49:09 - [47] - Quote Mara Rinn wrote: Axhind wrote: Any chance of supporting something actually safe like Yubikey? E-mail and mobile apps can be hardly considered secure (better than nothing but that's about it). I am a security noob: how is Yubikey safer than a TOTP app like 1Password or Google Authenticator? you need to get hold of the device and not just seed of the TOTP app.
Axhind Eternity INC. Goonswarm Federation 82	Posted - 2015.04.25 07:56:05 - [48] - Quote Mara Rinn wrote: Axhind wrote: Any chance of supporting something actually safe like Yubikey? E-mail and mobile apps can be hardly considered secure (better than nothing but that's about it). I am a security noob: how is Yubikey safer than a TOTP app like 1Password or Google Authenticator? It's separate hardware key (FOB) making it far less likely to get compromised. Something that can not be said for e-mail or phones that are probably the most insecure devices people use (well except smart TVs and co).
Torgeir Hekard I MYSELF AND ME 145	Posted - 2015.04.25 10:32:11 - [49] - Quote Is there an option to only enable it for the account management page. Because, seriously, checking e-mail each time you log into the game?
Sabriz Adoudel Glorious Revolutionary Armed Forces of Highsec CODE. 5023	Posted - 2015.04.25 11:09:34 - [50] - Quote Does anyone actually use the launcher? I bypass it as often as possible because it loads in 'Offline Mode' about 50-60% of the time. I'd be willing to put effort into getting the launcher to work if 2FA actually provided some serious protection, but this does not. Put it on hiatus, and come back to us when it is ready. Shoot everyone. Let the Saviour sort it out. I enforce the New Haliama Code of Conduct via wardec ops. Ignorance of the law is no excuse - read about requirements for highsec miners at www.minerbumping.com
Memphis Baas 320	Posted - 2015.04.25 12:33:37 - [51] - Quote It sounds like quite a few people would use the second factor for Account Management protection but don't want to be inconvenienced when logging into the client. You also show the option "don't ask for codes again on this computer" in your dev blog but no one seems to have noticed that. Also, it's a to do list, not a backlog.
Iroquoiss Pliskin Hedion University Amarr Empire 446	Posted - 2015.04.25 14:47:24 - [52] - Quote Memphis Baas wrote: It sounds like quite a few people would use the second factor for Account Management protection but don't want to be inconvenienced when logging into the client. You also show the option "don't ask for codes again on this computer" in your dev blog but no one seems to have noticed that. Also, it's a to do list, not a backlog. Ahem, Iroquoiss Pliskin wrote: Can sometimes get annoying with multiple IP resets, but that's the price. Altho, in this case here I see there is an option to exempt the current machine from this - other MMOs don't provide this option. Great. // Turret-Equivalent of the Rapid ML Concept // Cruisers Online - [Damage done in PvP by Shiptype]
Sturmwolke 641	Posted - 2015.04.26 23:17:10 - [53] - Quote GA? No thanks.
helana Tsero Science and Trade Institute Caldari State 113	Posted - 2015.04.27 01:11:17 - [54] - Quote What If I want two factor authentication on the account managment page only ??? Having it on the launcher is pointless currently as its easily bypassed. All it does not is add extra work for the user while providing no extra security for the game client log on. I would use it if I could select it to apply to the account mangement page only. (as that is actually a working two factor Auth) "... ppl need to get out of caves and they will see something new... thats where is eve placed... not in cave..."-á \| zoonr-Korsairs \|-á QFT !
Steve Ronuken Fuzzwork Enterprises Vote Steve Ronuken for CSM 5201	Posted - 2015.04.27 04:25:45 - [55] - Quote Sabriz Adoudel wrote: Does anyone actually use the launcher? I bypass it as often as possible because it loads in 'Offline Mode' about 50-60% of the time. I'd be willing to put effort into getting the launcher to work if 2FA actually provided some serious protection, but this does not. Put it on hiatus, and come back to us when it is ready. I use the launcher, and it's rare I have a problem. (as in, when I have a problem, it tends to be because there's a ddos happening) Woo! CSM X! Fuzzwork Enterprises Twitter: @fuzzysteve on Twitter
Eria Quint Republic University Minmatar Republic 1	Posted - 2015.04.27 07:17:21 - [56] - Quote Hi, I quickly read to the thread and couldn't find a answer (if it should be answered though, sorry for asking again) I love and support the idea! Good work ! Anyhow one remark/question: Has the launcher an option (per pc) to remember the computer and only ask once for the authentication code. This is really important. For a pc you trust eg desktop pc running multiple clients this is a burden to have to enter a code for each account. I hope the launcher is implemented (or get implemented) like eg gmail. There you have the option to mark a checkbox to say that the code shouldn't asked anymore for this pc Attached the a link on how this is implemented in gmail, it is this option that should be included in the launcher: http://tinypic.com/r/2j4wug6/8
Steve Ronuken Fuzzwork Enterprises Vote Steve Ronuken for CSM 5201	Posted - 2015.04.27 11:56:10 - [57] - Quote Eria Quint wrote: Hi, I quickly read to the thread and couldn't find a answer (if it should be answered though, sorry for asking again) I love and support the idea! Good work ! Anyhow one remark/question: Has the launcher an option (per pc) to remember the computer and only ask once for the authentication code. This is really important. For a pc you trust eg desktop pc running multiple clients this is a burden to have to enter a code for each account. I hope the launcher is implemented (or get implemented) like eg gmail. There you have the option to mark a checkbox to say that the code shouldn't asked anymore for this pc Attached the a link on how this is implemented in gmail, it is this option that should be included in the launcher: http://tinypic.com/r/2j4wug6/8 Go back and look at the included pictures in the devblog. Woo! CSM X! Fuzzwork Enterprises Twitter: @fuzzysteve on Twitter
Eria Quint Republic University Minmatar Republic 1	Posted - 2015.04.27 12:13:44 - [58] - Quote Tnx a lot for the feedback Steve. I saw the screenshot but wasn't immediately clear if this applied as well to the launcher. (Since it's already in place in the screenshot I suppose it's just a matter of adding a checkbox to the launcher) Can this already be tested on Sisi? Steve Ronuken wrote: Eria Quint wrote: Hi, I quickly read to the thread and couldn't find a answer (if it should be answered though, sorry for asking again) I love and support the idea! Good work ! Anyhow one remark/question: Has the launcher an option (per pc) to remember the computer and only ask once for the authentication code. This is really important. For a pc you trust eg desktop pc running multiple clients this is a burden to have to enter a code for each account. I hope the launcher is implemented (or get implemented) like eg gmail. There you have the option to mark a checkbox to say that the code shouldn't asked anymore for this pc Attached the a link on how this is implemented in gmail, it is this option that should be included in the launcher: http://tinypic.com/r/2j4wug6/8 Go back and look at the included pictures in the devblog.
Angmar Udate 18	Posted - 2015.04.27 23:01:05 - [59] - Quote The launcher bypass is kind of a big deal. Also would really like the ability to white list a client, so it only challenges for 2 factor when I log in on a new client. (PS. while you are at it, please add meta-accounts to manage our different accounts in one place and make it easier to switch between accounts :))
Mara Rinn Cosmic Goo Convertor 5790	Posted - 2015.04.28 03:51:59 - [60] - Quote Angmar Udate wrote: The launcher bypass is kind of a big deal. Also would really like the ability to white list a client, so it only challenges for 2 factor when I log in on a new client. (PS. while you are at it, please add meta-accounts to manage our different accounts in one place and make it easier to switch between accounts :)) I would go so far as to say, give us one account with subscriptions for login slots and skill queues. Thus I could pay $5/month for one login slot and $5/month for one skill queue, or $10/month for two login slots since I have no further skill training of interest. Day 0 Advice for New Players
Mara Rinn Cosmic Goo Convertor 5790	Posted - 2015.04.28 03:55:36 - [61] - Quote Sturmwolke wrote: GA? No thanks. There are many authenticator applications out there which allow you to enter a new authentication code through QR as displayed by EVE 2FA. I use "1Password" on iOS and OS X for example. https://agilebits.com/onepassword Day 0 Advice for New Players
Mara Rinn Cosmic Goo Convertor 5790	Posted - 2015.04.28 04:38:34 - [62] - Quote Axhind wrote: Mara Rinn wrote: Axhind wrote: Any chance of supporting something actually safe like Yubikey? E-mail and mobile apps can be hardly considered secure (better than nothing but that's about it). I am a security noob: how is Yubikey safer than a TOTP app like 1Password or Google Authenticator? It's separate hardware key (FOB) making it far less likely to get compromised. Something that can not be said for e-mail or phones that are probably the most insecure devices people use (well except smart TVs and co). The most insecure device in this mode, is the Windows PC USB port the YubiKey is being plugged in to. Given the choice of offering TOTP to customers using an existing toolset, or having to deliver Yubikeys to customers, I would go for the TOTP solution, especially since it is the easier technical implementation. No point investing in a security system the customers (as a group) are not going to actually use. I still have two RSA keyfobs from the last 2FA plans that CCP had. That RSA-based system went nowhere in a hurry! If I lose my phone, I still have the TOTP seed on my iPad and desktop. This makes disabling the 2FA much easier for me and CCP, since we don't have to engage in telephone calls at odd hours of the day. I just log in, reset the TOTP seed, and continue on my way (along with the usual remote bricking of the phone). Risk = Probability of event x Damage caused by event The cost of a "lost my Yubikey" event is significantly higher to all parties than a "lost my TOTP device" event. The probability of TOTP seed being compromised is significantly lower than losing the physical token (both per individual and statistically over the population). Even with the phone being stolen by a malicious third party, they still have to decrypt the storage and then decrypt the key locker. If I was trying to steal an account from, say, an alliance financial officer or someone else in charge of significant in-game resources, I would hope that they have a Yubikey since it is not protected from my using it in the same way a TOTP key might be. In addition the time it will take the victim to address the loss is significantly higher, meaning I have far more time to plunder the account both ingame and through any stored credit card details. The only downside to the password locker on my phone is that loss of one token (the phone) means I have to process lost keys for almost a thousand accounts. Then again, I don't fancy carrying a thousand Yubikeys in my pocket. Day 0 Advice for New Players
Daniel Jackson Liandri Sanctuary Corps Liandri Covenant 186	Posted - 2015.04.28 17:31:12 - [63] - Quote the "dont ask codes for this computer" option dosent do anything for client and the website i have to retype in the email code even when i check the box I Vote YES! for Downloadable HI-RES Textures!!!!
Steve Ronuken Fuzzwork Enterprises Vote Steve Ronuken for CSM 5209	Posted - 2015.04.28 18:31:16 - [64] - Quote Daniel Jackson wrote: the "dont ask codes for this computer" option dosent do anything for client and the website i have to retype in the email code even when i check the box Did you log out, then log in with a different account? (it was working for me when I just stayed on one) Woo! CSM X! Fuzzwork Enterprises Twitter: @fuzzysteve on Twitter
Eria Quint Republic University Minmatar Republic 1	Posted - 2015.04.28 19:06:56 - [65] - Quote Hi, Same issue here but I have the same thought it might have to do with multiple accounts and switching between them
Daniel Jackson Liandri Sanctuary Corps Liandri Covenant 186	Posted - 2015.04.28 19:48:21 - [66] - Quote Steve Ronuken wrote: Daniel Jackson wrote: the "dont ask codes for this computer" option dosent do anything for client and the website i have to retype in the email code even when i check the box Did you log out, then log in with a different account? (it was working for me when I just stayed on one) i tried both ways logging out and sign in with differnt account, i also tried logging out and logging in with same account. ~~i think it fixed the website issue~~ but not with the actual game client nvm i just logged out the website and tried logging back in and it asked me to put in a code again note these are with the email codes as i do not have a smartphone to use an authenticator I Vote YES! for Downloadable HI-RES Textures!!!!
Eria Quint Republic University Minmatar Republic 1	Posted - 2015.04.28 20:10:13 - [67] - Quote It happens as well with the authenticator
Raging Beaver Wildly Inappropriate Goonswarm Federation 44	Posted - 2015.04.28 23:23:26 - [68] - Quote I happily enabled the feature on all accounts like 2 hours ago. Found out that I need to re-enter the authenticator code when logging different accounts in through the launcher despite the "Remember..." option being selected. The way I want this to work is: 1. Login through the launcher 2. Enter the code once and "Remember on this computer" 3. Never ever see this prompt for this account on this computer again. Doesn't matter if the IP, CPU, mobo, ram, country, account, weather, whatever changes. Something like the "Authorize this device" in iTunes. Currently it doesn't work that way. Try again. Let me know when it does. Disabled on all accounts.
Leon Razor Agony Unleashed Agony Empire 33	Posted - 2015.04.29 04:12:28 - [69] - Quote Raging Beaver wrote: I happily enabled the feature on all accounts like 2 hours ago. Found out that I need to re-enter the authenticator code when logging different accounts in through the launcher despite the "Remember..." option being selected. The way I want this to work is: 1. Login through the launcher 2. Enter the code once and "Remember on this computer" 3. Never ever see this prompt for this account on this computer again. Doesn't matter if the IP, CPU, mobo, ram, country, account, weather, whatever changes. Something like the "Authorize this device" in iTunes. Currently it doesn't work that way. Try again. Let me know when it does. Disabled on all accounts. How is the Auth supposed to know it's the same computer (vs. an attacker) if any of these can change and still not prompt for the code: "the IP, CPU, mobo, ram, country, account, weather, whatever." Think about if what you are asking is a reasonable or logical demand for a minute and then get back to us.
Daniel Jackson Liandri Sanctuary Corps Liandri Covenant 186	Posted - 2015.04.29 04:36:32 - [70] - Quote i have the issue where its not remembered it on the same computer same everything I Vote YES! for Downloadable HI-RES Textures!!!!
Leon Razor Agony Unleashed Agony Empire 33	Posted - 2015.04.29 07:52:11 - [71] - Quote Daniel Jackson wrote: i have the issue where its not remembered it on the same computer same everything Same issue. I'm assuming this is a bug as I have to enter a code on the launcher every time even though I check "Don't ask for codes again on this computer."
Rachael Tyrelll Dynatech Intergalactical Trading Ltd. 7	Posted - 2015.04.29 10:00:57 - [72] - Quote Guys, so glad you did this. Just activated for all acounts ... feeling so much safer now. Thanks!!!!!
Qual Infinity Engine Sleeping Dragons 64	Posted - 2015.04.30 12:09:17 - [73] - Quote Yeah, I am having the issue with Launcher not respecting the "Do not ask again on this computer" flag as well.
Blinky3J Two Nuts 4	Posted - 2015.04.30 12:33:17 - [74] - Quote Daniel Jackson wrote: the "dont ask codes for this computer" option dosent do anything for client and the website i have to retype in the email code even when i check the box CCPlease. It's also, instead of it remembering the last account to log in, staying focused on one - not a huge problem, but an annoyance. Is anyone not having this issue? Is it being worked on?
Eria Quint Republic University Minmatar Republic 1	Posted - 2015.04.30 12:53:43 - [75] - Quote This issue has been reported at CCP Customer support and they acknowledged the issue for a group of users (but not for all). So guess they will work on it and publish a fix when the problem is identified and they found a solution
Oddsodz The Ministry of Ungentlemanly Warfare. 152	Posted - 2015.04.30 19:35:01 - [76] - Quote Just posting to to say I have the same issue also. Things to note is that I have 2 accounts. Hope this little bug is fix in good time. As for having 2fA, I am very happy to have it. Thank you for filling my request ;-) https://forums.eveonline.com/default.aspx?g=posts&t=304921
Daniel Jackson Liandri Sanctuary Corps Liandri Covenant 187	Posted - 2015.05.01 04:02:40 - [77] - Quote i have 2 accouns as well but only really log on 1 most the time and even my 2 accounts are 2 different client installs, but still using just 1 just dosent remeber I Vote YES! for Downloadable HI-RES Textures!!!!
Saisin State War Academy Caldari State 245	Posted - 2015.05.02 16:03:20 - [78] - Quote Reporting that the "remember this computer" does not work either, on two different machines with the client/launcher installed. It does seem to wok on one machine where I only logs to the web site and not use the client. It is really painful to have to get the codes every time I log into the game from my own machines. Looking forward to a fix soon, else I am going to be disabling two-step authentification... "surrender your ego, be free". innuendo. solo? There is a new hope...
Arkumord Churhee Bavarian Unstressed Mining Mob Synergy of Steel 27	Posted - 2015.05.03 08:14:37 - [79] - Quote Same issue here. I use 3 different accounts regularly, and it's annoying that i have to re-authenticate every account every time despite me clicking the "Don't ask for codes again on this computer" checkbox. In general, I'm very happy they finally did this. Edit: It's be nice if the account name you are asked to authenticate for would be displayed when the code is asked for.
Dyner Midgard Protectorate 129	Posted - 2015.05.03 16:43:57 - [80] - Quote While I appreciate the effort. This isn't of much use. "Yes. This does not prevent people from logging into the game client by circumventing the launcher. That is a legacy issue that we were unable to fix this time around." So, how about doing what Trion did with RIFT and have a "Coin Lock", but have it extend beyond the currency and go into items. Make it so if the server doesn't recognize the IP it boots you out of the ship and prevents you from getting into a ship or access the Hanger Inventory until you unlock. The server has already shown that it can boot people out of ships. All of my alts are in Capsules, even the ones that were in Rookie Ships (one of the major expansions did this). --- Or Add a third field to the game's login field: One-Time Password -or- One-Time Code There. Done. --- OR! Probably the easiest to do of all these... For a quick fix. If the login server doesn't recognize the IP, have the game fail to login. Just pass it the same response you'd get if you entered the wrong password for a valid Login Name. And fire off an email to the verified email address for said account. With a validation link to authorize the new IP En Masse does this for their accounts, Steam does it, Origin (EA) does this, YOUR WEBSITE does it.
Steve Ronuken Fuzzwork Enterprises Vote Steve Ronuken for CSM 5217	Posted - 2015.05.03 17:28:31 - [81] - Quote Dyner wrote: While I appreciate the effort. This isn't of much use. "Yes. This does not prevent people from logging into the game client by circumventing the launcher. That is a legacy issue that we were unable to fix this time around." So, how about doing what Trion did with RIFT and have a "Coin Lock", but have it extend beyond the currency and go into items. Make it so if the server doesn't recognize the IP it boots you out of the ship and prevents you from getting into a ship or access the Hanger Inventory until you unlock. The server has already shown that it can boot people out of ships. All of my alts are in Capsules, even the ones that were in Rookie Ships (one of the major expansions did this). --- Or Add a third field to the game's login field: One-Time Password -or- One-Time Code There. Done. --- OR! Probably the easiest to do of all these... For a quick fix. If the login server doesn't recognize the IP, have the game fail to login. Just pass it the same response you'd get if you entered the wrong password for a valid Login Name. And fire off an email to the verified email address for said account. With a validation link to authorize the new IP En Masse does this for their accounts, Steam does it, Origin (EA) does this, YOUR WEBSITE does it. People like you, are one of the reasons developers and support staff drink. Quote: Add a third field to the game's login field: One-Time Password -or- One-Time Code There. Done. Then write the code behind it, to tie it into the authentication system. Because it doesn't use the same auth all the sites do. Woo! CSM X! Fuzzwork Enterprises Twitter: @fuzzysteve on Twitter
Altirius Saldiaro Royal Amarr Institute Amarr Empire 326	Posted - 2015.05.03 19:00:29 - [82] - Quote They really need to fix the bug with the option to not use authentication on this pc.
Dyner Midgard Protectorate 129	Posted - 2015.05.03 20:01:11 - [83] - Quote Steve Ronuken wrote: People like you, are one of the reasons developers and support staff drink. Why secure the website entry if you can still get into other peoples' game account? CCP's website offers even less information about the person than most other Video Game account pages. Most give partial Billing/Shipping Addresses and partial Payment Option information. CCP gives you the person's name, DOB, and email. That's it. --You get more from Facebook or other Social Media site (assuming you didn't make up a fake identity ) ...What they've said is: "We locked the front door, but left all the windows on the first floor open." If my post came as cold. Then I apologize. I bluntly stated this does not do any good, because players can still easily have their accounts hijacked. Steve Ronuken wrote: Then write the code behind it, to tie it into the authentication system. Because it doesn't use the same auth all the sites do. I don't have access to their login server. I don't have their source code. I did, however, offer several methods to accomplish the much-needed feature in the game client. The last one, I don't see requiring client-side changes. Because it would receive the same 'invalid login' response until the new IP address was validated.
Azahar Ortenegro Astromechanica Maxima Astromechanica Federatis 39	Posted - 2015.05.04 19:59:25 - [84] - Quote I was going to give it a try, and then saw that you rely solely on third-party authenticators. It makes the whole thing kinda useless.
Ereshgikal Strange Energy The Bastion 48	Posted - 2015.05.05 18:19:11 - [85] - Quote +1 on the "remember this computer" bug. On top of it all, the launcher has started to ask me for a character's name on the account "since I haven't used this computer before". WTF? I have neither changed IP, nor changed anything on my computer. And if I provide a correct answer I am booted back to username/password. Provide a wrong character name, I at least get a nice red text stating what went wrong... please...please...fix this Security that inconveniences the proper user more than the attacker is of...uhm, very....limited use. I'll give 2FA one more week, then I am killing it off.
Ereshgikal Strange Energy The Bastion 48	Posted - 2015.05.05 18:26:45 - [86] - Quote Dyner wrote: I did, however, offer several methods to accomplish the much-needed feature in the game client. The last one, I don't see requiring client-side changes. Because it would receive the same 'invalid login' response until the new IP address was validated. Locking it down if a new IP-address if used is very bad design in the age of mobile data. Some users are sitting on connections that rotate IP-addresses like they are part of a minigun. They would be fed up quite quickly and leave (which is bad).
Steve Ronuken Fuzzwork Enterprises Vote Steve Ronuken for CSM 5219	Posted - 2015.05.05 21:25:30 - [87] - Quote Azahar Ortenegro wrote: I was going to give it a try, and then saw that you rely solely on third-party authenticators. It makes the whole thing kinda useless. How so? They're using an industry standard Timed One Time Pass. As far as I'm aware, there aren't any cryptographic weaknesses with it. Woo! CSM X! Fuzzwork Enterprises Twitter: @fuzzysteve on Twitter
Tipper Trix Dutch East Querious Company Phoebe Freeport Republic 1	Posted - 2015.05.07 01:48:45 - [88] - Quote Authenticator not remembering this PC bug here as well. First world problems....
Dyner Midgard Protectorate 129	Posted - 2015.05.11 17:10:32 - [89] - Quote Ereshgikal wrote: Dyner wrote: I did, however, offer several methods to accomplish the much-needed feature in the game client. The last one, I don't see requiring client-side changes. Because it would receive the same 'invalid login' response until the new IP address was validated. Locking it down if a new IP-address if used is very bad design in the age of mobile data. Some users are sitting on connections that rotate IP-addresses like they are part of a minigun. They would be fed up quite quickly and leave (which is bad). It's a temporary solution until the EVE exe can be patched to also require authentication. Why wouldn't people want to be slightly inconvienced if it meant the likely hood of logging in to find you stuff missing is barely past 0%. Plus, if they didn't want it. They don't have to enable it.
Porucznik Borewicz Love Squad Confederation of xXPIZZAXx 27	Posted - 2015.05.12 21:31:11 - [90] - Quote So CCP, when?
Arbor Wattle Federal Defense Union Gallente Federation 0	Posted - 2015.05.13 07:32:09 - [91] - Quote How do I turn it off? I have to enter a character's name every time I login because my IP address keeps changing. It's just another annoyance that adds to the 10-15 min wait, for the launcher to be ready, so I can login and play the game.
Masao Kurata Perkone Caldari State 231	Posted - 2015.05.13 14:40:02 - [92] - Quote Arbor Wattle wrote: How do I turn it off? I have to enter a character's name every time I login because my IP address keeps changing. It's just another annoyance that adds to the 10-15 min wait, for the launcher to be ready, so I can login and play the game. That actually happens a) without two factor authentication turned on and b) without your IP address changing. Yes it's annoying.
Axhind Eternity INC. Goonswarm Federation 84	Posted - 2015.05.21 04:16:34 - [93] - Quote While we are talking about online security how about moving the forums to TLS 1.2 instead of broken TLS 1.0?

Pages: 1 2 3 4 :: [one page]

COPYRIGHT NOTICE
EVE Online, the EVE logo, EVE and all associated logos and designs are the intellectual property of CCP hf. All artwork, screenshots, characters, vehicles, storylines, world facts or other recognizable features of the intellectual property relating to these trademarks are likewise the intellectual property of CCP hf. EVE Online and the EVE logo are the registered trademarks of CCP hf. All rights are reserved worldwide. All other trademarks are the property of their respective owners. CCP hf. has granted permission to EVE-Search.com to use EVE Online and all associated logos and designs for promotional and information purposes on its website but does not endorse, and is not in any way affiliated with, EVE-Search.com. CCP is in no way responsible for the content on or functioning of this website, nor can it be liable for any damage arising from the use of this website.