Pages: 1 2 [3] 4 5 :: one page |
|
Author |
Thread Statistics | Show CCP posts - 4 post(s) |
Deviana Sevidon
Jades Falcon Guards
218
|
Posted - 2012.01.11 19:24:00 -
[61] - Quote
Morganta wrote:I'm pretty sure I read that TOR players hate that system
and for the record, you have a very good chance of dieing a horrible death in a car crash every day do you cover your car in protective equipment?
That is a bad example, most cars do indeed have a lot of protective equipment to prevent injuries or death of driver and passengers in case of a car crash.
Maxpie wrote:Yes, I think user id/password is sufficient. I've been playing for around 6 years, have never had a problem. I guess I'd have no problem with an optional authenticator since some people are not so careful/lucky, but for me I'd prefer not to have an extra step in the process of logging on. The problem is an authenticator would start out as optional but eventually become mandatory.
Also, I'm generally against anything in Eve that protects people from their own stupidity.
Even if you did everything right to prevent your computer, you might become victim of a zero-day-exploit that has no fix yet. Computer security has a lot to do with making things harder for the bad guys, while keeping in mind that there is never absolute security.
My main account is also more then 6 years old, was never hacked and other accounts of mine, with or without authenticator, were also never compromised, but that is beside the point. I have been skilled and lucky enough to prevent damage to my accounts so far. A security token, or call it an authenticator would be still much appreciated. If the option is given, I would happily purchase one from CCP.
Besides social darwinism is not only one of the most disgusting, it is also one of the most stupid ideas on the internet, but I guess people will only learn when reality strikes them hard. |
Taedrin
Kushan Industrial
312
|
Posted - 2012.01.11 19:48:00 -
[62] - Quote
Abdiel Kavash wrote:Username/password is enough as long as the users are not idiots.
I.e. never use the same password on multiple sites, don't visit "questionable" sites, scan any programs you download for viruses, never give your PW to anyone, never allow anyone else physical access to your machine.
And then you get hit by an advertisement loaded with malware which exploits a security vulnerability in your favorite browser, loads a keylogger then steals your password that way.
The only "safe" computer is one which is unplugged, immersed in concrete and then thrown into a random location of the ocean. |
Ai Shun
State War Academy Caldari State
123
|
Posted - 2012.01.11 20:18:00 -
[63] - Quote
I would pay for an Authenticator. My first encounter with one was in Project Entropia, later on World of Warcraft added one. So that clone copy TOR has one as well? Cool.
A few different companies have tried different mechanisms.
For example, Perfect World has a clicking keyboard (optional) for password entry. Whilst not 100% proof against keyloggers, it does provide a bit more safety than using manual keystrokes.
RIFT has the much appreciated Coin Lock system. If you login from a different location nothing can be traded or sold or destroyed until you enter the coinlock code emailed to your primary email account. Doesn't help if your email account is compromised as well; but it helps to prevent SOME of the harm if you end up losing your account.
If those features were optional in EVE Online, I would use them. This game represents hours of fun, entertainment and investment. I remain as secure as possible online, but if there are additional measures to help protect myself I'll welcome them. I wouldn't want to lose what I've been enjoying for so long. |
Zowie Powers
Hole in the wall
41
|
Posted - 2012.01.11 20:21:00 -
[64] - Quote
Apparently, there is no such thing as too much security. So let's take Ursula's PC and all associated hardware and lock it in a safe at the bottom of a Volcano. Then nuke the volcano so nobody can get at it, then fire the whole planet into the centre of the sun where literally nobody can get at it. Would that be a secure enough place? After all, there's not thing as too much security, and it's not debatable.
I guess there isn't such a thing as "too much stupidity" either. |
Mangua Desnart
Zervas Aeronautics
5
|
Posted - 2012.01.11 20:30:00 -
[65] - Quote
Zowie Powers wrote:Apparently, there is no such thing as too much security. So let's take Ursula's PC and all associated hardware and lock it in a safe at the bottom of a Volcano. Then nuke the volcano so nobody can get at it, then fire the whole planet into the centre of the sun where literally nobody can get at it. Would that be a secure enough place? After all, there's not thing as too much security, and it's not debatable.
I guess there isn't such a thing as "too much stupidity" either.
Sounds like a fine example right there, whilst all the adult, computer savvy 'want to protect me and mine' have a serious discussion someone always has to get silly... remember we are talking about options hereand who is to say that CCP will implement any of them in the end |
Maxpie
Metaphysical Utopian Society Explorations
41
|
Posted - 2012.01.11 21:30:00 -
[66] - Quote
Deviana Sevidon wrote:Morganta wrote:I'm pretty sure I read that TOR players hate that system
and for the record, you have a very good chance of dieing a horrible death in a car crash every day do you cover your car in protective equipment? That is a bad example, most cars do indeed have a lot of protective equipment to prevent injuries or death of driver and passengers in case of a car crash. Maxpie wrote:Yes, I think user id/password is sufficient. I've been playing for around 6 years, have never had a problem. I guess I'd have no problem with an optional authenticator since some people are not so careful/lucky, but for me I'd prefer not to have an extra step in the process of logging on. The problem is an authenticator would start out as optional but eventually become mandatory.
Also, I'm generally against anything in Eve that protects people from their own stupidity. Even if you did everything right to prevent your computer, you might become victim of a zero-day-exploit that has no fix yet. Computer security has a lot to do with making things harder for the bad guys, while keeping in mind that there is never absolute security. My main account is also more then 6 years old, was never hacked and other accounts of mine, with or without authenticator, were also never compromised, but that is beside the point. I have been skilled and lucky enough to prevent damage to my accounts so far. A security token, or call it an authenticator would be still much appreciated. If the option is given, I would happily purchase one from CCP. Besides social darwinism is not only one of the most disgusting, it is also one of the most stupid ideas on the internet, but I guess people will only learn when reality strikes them hard.
True, I could be compromised through no fault of my own, or I could make a stupid mistake, but I'm okay with those risks. I guess we just differ on our level of security-paranoia when it comes to video games. My bank website doesn't even use and authenticator (though it has an extra level of security than Eve). I have no problem with giving people the option for an authenticator, I just don't want one foisted upon me, even if it were free.
As for 'social darwinism', Eve is a game and that is a part of it. I like that part of it even though I don't scam, can-flip, suicide gank, etc. It makes this game different from the SWTOR and WOW's of the world.
|
Famble
Three's a Crowd
257
|
Posted - 2012.01.11 21:47:00 -
[67] - Quote
Maxpie wrote:Deviana Sevidon wrote:Morganta wrote:I'm pretty sure I read that TOR players hate that system
and for the record, you have a very good chance of dieing a horrible death in a car crash every day do you cover your car in protective equipment? That is a bad example, most cars do indeed have a lot of protective equipment to prevent injuries or death of driver and passengers in case of a car crash. Maxpie wrote:Yes, I think user id/password is sufficient. I've been playing for around 6 years, have never had a problem. I guess I'd have no problem with an optional authenticator since some people are not so careful/lucky, but for me I'd prefer not to have an extra step in the process of logging on. The problem is an authenticator would start out as optional but eventually become mandatory.
Also, I'm generally against anything in Eve that protects people from their own stupidity. Even if you did everything right to prevent your computer, you might become victim of a zero-day-exploit that has no fix yet. Computer security has a lot to do with making things harder for the bad guys, while keeping in mind that there is never absolute security. My main account is also more then 6 years old, was never hacked and other accounts of mine, with or without authenticator, were also never compromised, but that is beside the point. I have been skilled and lucky enough to prevent damage to my accounts so far. A security token, or call it an authenticator would be still much appreciated. If the option is given, I would happily purchase one from CCP. Besides social darwinism is not only one of the most disgusting, it is also one of the most stupid ideas on the internet, but I guess people will only learn when reality strikes them hard. True, I could be compromised through no fault of my own, or I could make a stupid mistake, but I'm okay with those risks. I guess we just differ on our level of security-paranoia when it comes to video games. My bank website doesn't even use and authenticator (though it has an extra level of security than Eve). I have no problem with giving people the option for an authenticator, I just don't want one foisted upon me, even if it were free. As for 'social darwinism', Eve is a game and that is a part of it. I like that part of it even though I don't scam, can-flip, suicide gank, etc. It makes this game different from the SWTOR and WOW's of the world.
The challenge of security is not how hard it is to lock something down. That's easy. The challenge is balancing the locks against ease of use. THAT is the challenge!
Make it a choice indeed. Mandatory authenticators would be silly. It's a moot point as it will never happen.
If anyone ever looks at you and says, "Hold my beer, watch this,"-á you're probably going to want to pay attention. |
Mr Kidd
Center for Advanced Studies Gallente Federation
349
|
Posted - 2012.01.12 00:48:00 -
[68] - Quote
I see a lot of idiocy in this thread pawning itself off as secure practices because "it's never happened to me". The mere fact that anyone here believes that user/passwd is sufficient is proof enough of such idiocy. We want breast augmentations and sluttier clothing in the NeX! |
Ai Shun
State War Academy Caldari State
124
|
Posted - 2012.01.12 00:59:00 -
[69] - Quote
Mr Kidd wrote:I see a lot of idiocy in this thread pawning itself off as secure practices because "it's never happened to me". The mere fact that anyone here believes that user/passwd is sufficient is proof enough of such idiocy.
I think the core concept is:
"It is sufficient for them"
It may not be sufficient for you or me; but they are willing to risk it with that level of security. (Hence optional extras for those of us that are less willing to risk our entertainment to such a degree) |
Vyl Vit
Cambio Enterprises
205
|
Posted - 2012.01.12 01:21:00 -
[70] - Quote
Zowie Powers wrote:How much money do you need to spend on security before you feel secure? Three trillion annually, and we don't have any money to start with. Go figure.
To her it doesn't matter much.-á It's chasms have been leapt, and she leans upon the skepticism of her chosen fate. |
|
Cur
Nova Australis Dark Knights of New Eden
43
|
Posted - 2012.01.12 02:32:00 -
[71] - Quote
IF CCP was to release RSA tokens for Eve, alot of players would adopt it.
They could even take it a step further, and make it profiable for themselves. IE charge $15 for the token, charge another $20 to have one activated/enabled on you're account permnantly.
It gives the players enough added security (having to hold something in you're hand that works like a unique car key, that the car will only accept that 1 key before it'll start up) to feel comfortable. |
Doggy Dogwoofwoof
Doggy Missions
8
|
Posted - 2012.01.12 03:12:00 -
[72] - Quote
ENOUGH, XKCD explained this alreadyhttp://xkcd.com/936/ . now STOP arguing. |
Hainnz
Imperial Academy Amarr Empire
50
|
Posted - 2012.01.12 05:07:00 -
[73] - Quote
Of course it would be a good idea. I'd use one. |
Mangua Desnart
Zervas Aeronautics
5
|
Posted - 2012.01.12 08:31:00 -
[74] - Quote
He does have a point, however most username and password systems do require some level of complexity in the passwords these days so we have to remember complex passwords, I suggest getting used to that idea because I feel it is not going to go away. |
Othran
Brutor Tribe Minmatar Republic
132
|
Posted - 2012.01.12 09:18:00 -
[75] - Quote
Barakkus wrote:Mr Kidd wrote:Abdiel Kavash wrote:Username/password is enough as long as the users are not idiots.
I.e. never use the same password on multiple sites, don't visit "questionable" sites, scan any programs you download for viruses, never give your PW to anyone, never allow anyone else physical access to your machine. While your ideas are sound, they're sound for 1994. Placed in today's world, allow me to rephrase this for you. Username/password is enough as long as you disconnect your computer from the internet. Idiocy is not a requisite anymore. The lone act of having your system connected to a world wide network with modern computing capabilities is enough to render username/password inadequate. One can't insure that browsing even reputable webtsites is safe since those websites generally have advertising which is dependent upon several providers for that content some of which are further dependent on networks of contributors. The end result is that one's system can be compromised at any time. The sum effect is a lottery fashioned chance of being compromised that no amount of foresight, planning and implementation on client's side alone can overcome other than to pull the plug. If you believe this to be incorrect then you will be sorely disappointed. Yup, there have been a few instances in the last couple years of google ads exploiting browser vulnerabilities and compromising systems.
Which is why you should be running NoScript and Adblock Plus - I can't remember the last time I saw an advert for anything, and these days its verging on stupidity visiting unknown websites with scripting enabled. |
Othran
Brutor Tribe Minmatar Republic
132
|
Posted - 2012.01.12 09:25:00 -
[76] - Quote
Cur wrote:IF CCP was to release RSA tokens for Eve, alot of players would adopt it.
I wouldn't. RSA have still to tell the truth about what was taken when their site was broken into last year.
Its pretty obvious after the Lockheed Martin hack that SecurID tokens were completely compromised. L3 have had to withdraw all the SecurID tokens they had in use, and Northrop Grumman suspended all remote access. I could go on (and on) with the list of companies and govts compromised by the lying scum at RSA.
When RSA tell the truth - ie the seeds and mappings were ALL stolen and EVERY SINGLE token (50 million+ of them!) needs to be replaced - then I'll consider using them again. In the meantime you'd have to be utterly delusional to use anything from RSA. |
Avensys
United Highsec Front The 99 Percent
84
|
Posted - 2012.01.12 09:43:00 -
[77] - Quote
Mangua Desnart wrote:Avensys wrote:How do you link the authenticator to your account?
seems to me that this would have to be done over a separate communications channel with credentials that a hacker wouldn't have access to even if he had compromised your PC at the time you want to set up the link.
(paper) mail or fax with a copy of your passport?
otherwise it's mostly security theater. The way SWTOR do it is when you tie the authenticator to your account then you input the code that is on the fob / app at the time of setting it up and then I presume there is some back end magic and trickery that knows what the next numbers will be from that starting point
Deviana Sevidon wrote:There is no magic involved and no communication between authenticator and server. The authenticator has a serial number that is added to the account . If you press the button on your authenticator/mobile phone app, the software generates the authenticator key from the serial number and the time set in the mobile phone. Since the auth. serial number is registered on the account the login servers also knows which authenticator code is currently the correct one. Edit: Here is some additional information about how the process of the two factor authentication works: http://en.wikipedia.org/wiki/Two-factor_authentication
you missed the point of my post.
I'll try an analogy: let's say we decide to write each other encrypted emails for extra security (in a world without asymmetric encryption for argument's sake). If I send you the encryption key via email, the whole security precaution is moot. I have to send you the key out-of-band (e.g. via paper mail) for the encryption to be useful.
The authenticator app has to be deterministic, it will always produce the same outputs given the same serial number (and time of the day, number of times the button has been pressed, ...). The algorithm used for this can be reverse-engineered and should not be considered secret.
The real secret is the serial number of your authenticator. Transmitting this secret via your computer (by entering your authenticator serial number on some website) while you want to protect yourself against someone who might already have access to your computer (e.g. via a keylogger) is extremely stupid. With the logged serial number an attacker could simply clone your authenticator.
For the security measure to be effective the authenticator's serial number has to be transferred out-of-band - which is possible by either linking auth & account before it is sent to you/you download it or by having you transfer the auth serial number via SMS, paper mail, ...
Note that an authenticator application on your PC would be a very bad idea for the same reason - the authenticator's strength is that once set up somebody controlling your PC would not have access to it and would be limited to (hopefully complex) Man in the Middle attacks (e.g. logging the auth code you entered in the application, displaying you a "login failed" notice without passing the auth code to the server, then using the auth code to log in to your account within the next few minutes).
Then there is the problem how to verify that the person linking authenticator and account is really the account holder. Username and password are not sufficient as they are entered on the compromised system all the time and as such probably known to any attacker (remember that you want sth stronger than username/password for a reason). So you would have to send some identity verification like a copy of your passport (again out-of-band, so probably via mail or fax) when linking the authenticator to your account. |
seany1212
eXceed Inc. No Holes Barred
67
|
Posted - 2012.01.12 09:53:00 -
[78] - Quote
Ursula LeGuinn wrote:Zowie Powers wrote:How much money do you need to spend on security before you feel secure? Give it a rest, this is actually a sensible and highly effective security measure. World of Warcraft calls them "Authenticators." You can download a little app onto your Steve Jobs Hipster Phone, synchronize it with your account somehow (not sure exactly how that works), and from then on you have to enter the code when you log in. No one can log into your account(s) unless they physically have that little device sitting right there in front of them. Also comes in the form of a cheap fob if you don't have a Hipster Phone or Robot-Themed Totally Not a Hipster Phone. I think it's a great system and would be a fantastic feature for EVE.
Give it a rest... This discussion has raged ever since wow got that authentication system, and probably time before that,this is not wow, stupid is as stupid does, make sure your password is relatively long alphanumeric and the keyloggers that are on your computer from all the isk buying are deleted and you won't have a problem. I don't understand when people complain about ramping up the security on accounts, it is determined by how difficult you make your password, I've been playing eve for 4 years and either someone hasn't guessed my password yet or I'm so eve poor nobody cares |
Deviana Sevidon
Jades Falcon Guards
221
|
Posted - 2012.01.12 10:30:00 -
[79] - Quote
The authenticator serial number is typed in only once, when the authenticator is added to the account and never again, so if you added the authenticator to the account, then your system might be infected with a keylogger, or you are logging in from a public PC to check your EVE mail etc.. your system is still safe.
Someone might get the account name and PW, which is bad enough, but the authenticator will prevent him from logging into the account to get the tokens serial number. Deterministic or not, without the serial number of the authenticator and the key to generate a code he is still locked out and attempts to brute force access can be prevented by other means.
As I wrote earlier, nothing will give me complete security, but it will give me a lot more security since I am still a lot more secure then all the people thinking a long alphanumeric password is enough.
Since the bad persons usually go for the low hanging fruit I can be confident in the knowledge that the persons thinking a long alphanumeric password is enough are the first ones being targeted and those will also be the much easier prey. |
Mangua Desnart
Zervas Aeronautics
5
|
Posted - 2012.01.12 10:33:00 -
[80] - Quote
Deviana Sevidon wrote:The authenticator serial number is typed in only once, when the authenticator is added to the account and never again, so if you added the authenticator to the account, then your system might be infected with a keylogger, or you are logging in from a public PC to check your EVE mail etc.. your system is still safe.
Someone might get the account name and PW, which is bad enough, but the authenticator will prevent him from logging into the account to get the tokens serial number. Deterministic or not, without the serial number of the authenticator and the key to generate a code he is still locked out and attempts to brute force access can be prevented by other means.
As I wrote earlier, nothing will give me complete security, but it will give me a lot more security since I am still a lot more secure then all the people thinking a long alphanumeric password is enough.
Since the bad persons usually go for the low hanging fruit I can be confident in the knowledge that the persons thinking a long alphanumeric password is enough are the first ones being targeted and those will also be the much easier prey.
Here, here agree entirely! |
|
|
Chribba
Otherworld Enterprises Otherworld Empire
1995
|
Posted - 2012.01.12 10:44:00 -
[81] - Quote
I for one would still love to see me being able to lock my accounts to IP's. I suggested this in like 2007 and am still waiting
|
|
Mangua Desnart
Zervas Aeronautics
5
|
Posted - 2012.01.12 10:49:00 -
[82] - Quote
Chribba wrote:I for one would still love to see me being able to lock my accounts to IP's. I suggested this in like 2007 and am still waiting
This would again be a good idea for some but I do access my Eve accounts when traveling so wouldn't work for me personally... not a bad idea though. |
Othran
Brutor Tribe Minmatar Republic
133
|
Posted - 2012.01.12 11:03:00 -
[83] - Quote
Chribba wrote:I for one would still love to see me being able to lock my accounts to IP's. I suggested this in like 2007 and am still waiting
The main problem with that is the static IP addresses are assigned to you, not allocated to you*. As such they can (and do) change when the LIR requires or when the RIR gets sufficiently pissed-off with a rogue LIR.
I'm in just such a process now and this machine will soon effectively have two IP addresses (switchover period) with the new address routed to the old address. My LIR (ISP in this case) cannot give me a precise switchover time, all I have is an 8 hour overnight "window".
I'm certain this wouldn't end well if CCP locked the accounts to IP addresses;
*I'm assuming you're not a LIR |
RubyPorto
Profoundly Disturbed RED.Legion
1196
|
Posted - 2012.01.12 11:30:00 -
[84] - Quote
Ursula LeGuinn wrote:Abdiel Kavash wrote:Username/password is enough as long as the users are not idiots. Incorrect. It is impossible to have too much account security. That's not debatable, sorry. I'm not saying this is a NECESSARY FEATURE AND IT MUST BE IMPLEMENTED IMMEDIATELY, but it would be purely beneficial. Edit: Authenticator codes are typically optional by the way, I doubt CCP would force cranky contrarians or forum warriors to use them.
Ok, so you're willing to Call CCP on a telephone and give them a detailed personal history every time you want to log in?
Security is about a Cost/Benefit analysis. My bank uses a username/password system on a secured server. That's certainly good enough when combined with basic common sense/virus protection.
Beyond Username/Password, the costs start outweighing the benefits when you're talking about Banking. WoW implemented the key fobs because Hacking is absurdly prevalent, to the point where the benefit began to outweigh the cost. EvE doesn't, to my knowledge, have that problem. |
Deviana Sevidon
Jades Falcon Guards
221
|
Posted - 2012.01.12 11:37:00 -
[85] - Quote
Then you missed the time when spammers posted links to websites containing keyloggers about 2 years ago. Despite what you might think about the intelligence level of an average eve player, a lot of people were clicking on these links. You also missed the threads that pop up every once in a while about a player having his/her account stolen and CCP taking weeks to investigate the issue. |
Mangua Desnart
Zervas Aeronautics
5
|
Posted - 2012.01.12 11:39:00 -
[86] - Quote
RubyPorto wrote:
EvE doesn't, to my knowledge, have that problem.
Two things spring to mind here; Why did SW:TOR implement the system from the outset then? Also would you really wait on getting a smoke detector until AFTER your house burns down? What I am trying to say is, from your example WoW bolted the door after the horse had ran, would you really leave it until after your account had been hacked before you demanded better security. As for the banks, mine requests characters from a chosen pass phrase on top of my user-name and password, its an extra step, sure - its hassle, I'm sure some customers see it as such - its more secure, most definitely. |
|
Chribba
Otherworld Enterprises Otherworld Empire
1995
|
Posted - 2012.01.12 12:52:00 -
[87] - Quote
Othran wrote:Chribba wrote:I for one would still love to see me being able to lock my accounts to IP's. I suggested this in like 2007 and am still waiting The main problem with that is the static IP addresses are assigned to you, not allocated to you*. As such they can (and do) change when the LIR requires or when the RIR gets sufficiently pissed-off with a rogue LIR. I'm in just such a process now and this machine will soon effectively have two IP addresses (switchover period) with the new address routed to the old address. My LIR (ISP in this case) cannot give me a precise switchover time, all I have is an 8 hour overnight "window". I'm certain this wouldn't end well if CCP locked the accounts to IP addresses; *I'm assuming you're not a LIR ofc IP locking would be OPTIONAL, you could just as easily add multiple IP's/ranges/masks for access or just allow all.
obviously it would be able to unlock it via petition like anything else should it come to you losing your IP's. And while static IP's do at times get changed, that's pretty rare and hardly anything I would worry about. Obviously someone with a dynamic IP might not want to use the option, same if you go travel - turn it off if you know you will need to log on from other places.
I personally would love to have it on as no matter where I go I always connect through my own VPN, so locking down everything for me would be a great value to the security - regardless if I am at home, work or the jungle
|
|
Othran
Brutor Tribe Minmatar Republic
133
|
Posted - 2012.01.12 13:07:00 -
[88] - Quote
If it was IPv6 addresses I'd agree with you.
The IPv4 address space is rapidly becoming more bloody in RIPE/ARIN regions and I can see RIPE making it a matter of policy to require LIRs to remove assignments greater than a /29 from individuals over the next 3-5 years. ISPs (UK anyway) are already noticeably less keen to hand out static addresses unless you have a real reason for needing one.
Hell I may get to use my IPv6 Essentials book again - haven't opened that in nearly ten years |
|
CCP Sreegs
C C P C C P Alliance
220
|
Posted - 2012.01.12 13:34:00 -
[89] - Quote
Ok, let's see what we can do here...
1) Username/Password combinations as sole authenticating factors are basically yesterday's news. We need to catch up with the times on that.
2) I'm pushing to have us catch up with the times on that.
3) I will race to the forums with a dev blog and multiple joyous posts when I get to a point where I'm confident an additional factor is being delivered in some way.
The real problem here is that there are some dependencies which must be met first that are getting finalized right now. Once they're finalized we'll communicate them and I'll make certain you understand that they're a pre-requisite for additional authentication factors.
This is a topic that has rightfully come up continuously and while it may sound a bit droll I'm fairly confident on seeing some progress on it in some way fairly soon.
I apologize for some vagueness but I have to play a bit of a dance here with what can be communicated right this second without leaving you all completely in the dark. |
|
Neo Agricola
BLACK-MARK
185
|
Posted - 2012.01.12 14:12:00 -
[90] - Quote
CCP Sreegs wrote:Ok, let's see what we can do here...
1) Username/Password combinations as sole authenticating factors are basically yesterday's news. We need to catch up with the times on that.
2) I'm pushing to have us catch up with the times on that.
3) I will race to the forums with a dev blog and multiple joyous posts when I get to a point where I'm confident an additional factor is being delivered in some way.
The real problem here is that there are some dependencies which must be met first that are getting finalized right now. Once they're finalized we'll communicate them and I'll make certain you understand that they're a pre-requisite for additional authentication factors.
This is a topic that has rightfully come up continuously and while it may sound a bit droll I'm fairly confident on seeing some progress on it in some way fairly soon.
I apologize for some vagueness but I have to play a bit of a dance here with what can be communicated right this second without leaving you all completely in the dark. Thx for the info.
Just for your information: There are people out there, which have 3,4,5 or even 23 Accounts. And some of them are using different computers on a regular base. Please keep that in mind when you create a new "security" feature.
E.g. I dont want to run around with 4 dongles for each of my accounts every day. (ok, which dongle was for which Account)... or have to connect a "dongle" to each computer I regular use for playing eve...
DISSONANCE is recruiting Members: https://forums.eveonline.com/default.aspx?g=posts&m=70361#post70361 Black-Mark Alliance Recruitment: https://forums.eveonline.com/default.aspx?g=posts&t=6710 |
|
|
|
|
Pages: 1 2 [3] 4 5 :: one page |
First page | Previous page | Next page | Last page |