Player Features and Ideas Discussion

Edit: ability to read = minimal

I look like this in real life.

Check out this beta dude, I bet he doesn't even lift.

1. "What ifs" What if someone is able to get a copy of the used passwords, encrypted, and some breakthrough tomorrow allows them to be easily deciphered?

2. Re-use. I cannot say what others do, but I have separate sets of passwords for differing services. I use 'boogers' for pretty much any crap site I don't care about. Same with games, all my games use the same couple of passwords. However, its my choice to use those same passwords. And as I feel I take enough care with my browsing not to get key logged, I feel there's absolutely no difference between reusing old passwords and someone's silly mention of stringing a couple of random words into a password that's never changed?

Taking 1 and 2 into account, with ALL your old EVE passwords saved... how many of you are screwed if tomorrow some magic fairy quantum computer dust allows some script kiddy to the list of every password everyone in EVE has ever used? Ever.

3. Password reset. Its annoying, but with 30 mackinaw accounts, eventually I do forget a password.. this just means I have to go through the whole retrieval process. And with this "added security enhancement", instead of simply cycling between 2+ passwords.. I have to make up and remember an entirely new one.

Conclusion: Its my account, my choice. You can warn the mouth breathing porn clickers all day, but if I choose of my own free will to reuse an old password, CCP shouldn't be stopping me, nor storing my old ones.

Just want to say EVER one more time.

Might as well stop going to work to enjoy today, because an asteroid may hit tomorrow and kill everyone.

My post makes the assumption CCP is using industry standards.

all of my passwords are written in a tiny notebook with a lock on it, i keep the key around my enck adn the notebook in the bottom of my gun holster, so yeah, getting my passwords would require a fight.

Security procedures for any online company is a serious issue, and responsibility.

Asking them to make their service less secure for your personal convenience is likely not going to happen.

Asking for a more convenient option that is as secure or even more so would be seriously considered.

Taking advice from people basing their information on hearsay, urban myth, or purely personal preference on security issues is generally a bad idea.

safer than that would be to just create an encrypted .txt file. since at least that way, you know that the program accessing it doesn't have any kind of access to the internet.

There will be what is there when we can say it is :)

Internet Security Experts are the new Internet Lawyers. I'm not sure how I feel about that yet.

That's the method I use. Regular text files, where the contents are a GPG/PGP encrypted ASCII text block. One file per site or account.

The primary advantages:

- As long as I don't lose my GPG keys, I'm in pretty good shape.
- Since they are ASCII armored text blocks, they can be printed / faxed / emailed / OCR'd.
- Backups are dead simple (email a copy to yourself, stuff it in a version control system, etc).
- When I decrypt a particular file to get at a password, it only exposes a single account at a time.

The main downside:

- I'm relying on nobody ever stealing my GPG/PGP key and guessing my (lengthy) passphrase.

(But that's the same issue with letting Firefox remember your passwords, using a master passphrase. So it's a bit of a wash.)

For anyone wanting to to make a strong password, I suggest you read through this password haystacks webpage. Additionally I suggest using a mnemonic, such as "My very educated mother just sewed us new pants." obviously Pluto is sad now. Either way, to use one in everyday life, just use what is in it or something you like. For example "Audrey Hepburn is the most elegant Woman I have ever seen." So this becomes, "AHitmeWIhes", as you can see the capital letters are in a logical manner to help remember where they are. Now you need numbers, well 4/5/1929 is her birthday. And so we will go with "529," the month and year she was born. Now we need two or three symbols, and these vary depending on the site/program, but EVE allows almost all of them or at least the least common ones, so little issue there. So let us choose our symbols, and they can be "$" "{" and "}". Let's take all them together, now.

AHitmeWIhes529${}

and this can become, Am{529}eWs$

But we are not done yet, so we don't want to come up with say fifty mnemonics, so we differentiate based on site. So how for EVE, well it can be Evil people who take my money, or "Ep".

Thus our final password can look something like this "Am{E529p}eWs$" so you now have a thirteen character password, with capital and lowercase letters, three numbers, and three symbols, that is the same for all your sites expect for two unique characters before and after "529."

Now saying this is as simple as, "Audery most {Evil 529 people } elegant Woman seen $"

If you use the above password for anything, um just wait a few years to do so.

I must admit I only read the first page about people complaining about the password requirements, and well, this address that.