These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

Player Features and Ideas Discussion

 
  • Topic is locked indefinitely.
 

Adding Account Security - Authenticators.
Author
Previous Topic Next Topic
Vas Vadum
Draconian Empire
#1 - 2012-05-10 18:25:54 UTC
One of my friends has had his account compromised a few times. It gets bothersome when people can simply use key-loggers or brute force hacks to get into people's accounts. With Battlenet, I use something called an Authenticator. This is a small hand held device that generates a new 8 digit code every 30 seconds that synchronizes with the new code generated on the server. If I enter the code it gives me, 30 seconds later if i hit the button, it will have changed. Keyloggers won't be able to keep up with this, brute force hacks won't work either.

Login example: http://dl.dropbox.com/u/30270697/images/loginscreen.png
Authentication: http://dl.dropbox.com/u/30270697/images/authenticationscreen.png
Images have blurred areas for security reasons with explosion and total variation methods.

The device it's self: http://us.blizzard.com/store/details.xml?id=1100001430

Now what I suggest is, EVE create a small device like this and allow people to add them to their accounts. This way accounts are less hackable, anyone who buys an authenticator can add it to their account and eve will say "Authenticator detected, enter code now" and yea.

There's also mobile authenticators for phones that support it and there is a dial in authenticator, I dunno what that is. My point being there should be enhanced security for a game like this. Authenticators are very basic easy to manufacture pieces of equipment, cheap to build and ship. You can even sell them with nice little stickers for different things too like having a hulk on one or an Amarrian battleship on another or just the symbols of each race. Anyway. I'd like to hear feedback on this idea for enhanced security through Authenticators.
Shandir
EVE University
Ivy League
#2 - 2012-05-10 20:43:40 UTC  |  Edited by: Shandir
2 things, 1 less helpful:

1) They know and it's happening. Soon (tm).

2) Your 'friend' needs to learn proper account security. He/You should not be getting hacked twice (or once) unless he's/you're doing something pretty stupid. Pick from this list:
* Reusing passwords
* Really obvious passwords
* Using a non-trustworthy tool
* No virus scanner
* Sharing account info
* (The only not-stupid option) Hardware keylogger.
Vas Vadum
Draconian Empire
#3 - 2012-05-10 20:57:10 UTC
It does happen, keyloggers are a way a lot of people get hacked. That's what this was about as an Authenticator can't really be keylogged. If it is, it just becomes moot anyway cause the code already changed by the time they get it.
Danika Princip
GoonWaffe
Goonswarm Federation
#4 - 2012-05-10 20:57:11 UTC
Your friend needs a better password.

And these were discussed at fanfest last year. Expect them soon(tm).
Lady Starfire
State War Academy
Caldari State
#5 - 2012-05-11 02:38:57 UTC
The best thing they could do if they were to do them is a smart phone app.
Danika Princip
GoonWaffe
Goonswarm Federation
#6 - 2012-05-11 09:51:55 UTC
Lady Starfire wrote:
The best thing they could do if they were to do them is a smart phone app.


No, it really isn't. What about the people who don't happen to have a smartphone? Or the ones who's phone doesn't get the app? Why shouldn't they get the same security?
Serge Bastana
GWA Corp
#7 - 2012-05-11 11:04:56 UTC
Danika Princip wrote:
Lady Starfire wrote:
The best thing they could do if they were to do them is a smart phone app.


No, it really isn't. What about the people who don't happen to have a smartphone? Or the ones who's phone doesn't get the app? Why shouldn't they get the same security?


I have to agree, if the made an app as well as other means for security that's fine but just making it an app means I wouldn't use it as I don't bother with smartphones. And then you lose your phone...

WoW holds your hand until end game, and gives you a cookie whether you win or lose. EVE not only takes your cookie, but laughs at you for bringing one in the first place...

Jint Hikaru
OffWorld Exploration Inc
#8 - 2012-05-11 11:19:12 UTC
Vas Vadum wrote:
One of my friends has had his account compromised a few times.



While it sounds like these extra security key are a possibility, and would be a great extra layer of security... your friend really needs to step up and take responsibility for his own actions here.

"a few times"... really????

Jint Hikaru - Miner / Salvager / Explorer / SpaceBum In the beginning the Universe was created. This has made a lot of people very angry and been widely regarded as a bad move.
Vas Vadum
Draconian Empire
#9 - 2012-05-11 19:00:03 UTC
Jint Hikaru wrote:
Vas Vadum wrote:
One of my friends has had his account compromised a few times.

While it sounds like these extra security key are a possibility, and would be a great extra layer of security... your friend really needs to step up and take responsibility for his own actions here.

"a few times"... really????


When you run a powerful industry corporation, griefers will do anything they can to destroy you. This game has no rules, so people will hack as much as they can to destroy the enemy if they can do it. It's highly unlikely that I'll ever be hacked, as no key-logger or virus of any kind gets in my system and my account password is just a bunch of random letters and numbers that I have written down and taped to my snake cage. So even a brute force hack wouldn't work. Most hackers use key-loggers though, I know I've already removed a key-logger from his PC, nice little thing, barely detectable by any antivirus software but I sent it to most of the antivirus labs to have them update and kill it.

Point is, it can happen. It doesn't come from not using the right methods, it comes from intuitive hackers using methods that work 90% of the time.
FloppieTheBanjoClown
Arcana Imperii Ltd.
#10 - 2012-05-11 19:16:45 UTC
Vas Vadum wrote:
When you run a powerful industry corporation

...they still don't have the ability to easily compromise your system with keyloggers and such, unless your security is rather bad.

Vas Vadum wrote:
This game has no rules

On the contrary, it has quite a few.

Vas Vadum wrote:
so people will hack as much as they can to destroy the enemy if they can do it.

Regardless of game rules, that can put them in prison. Even if it doesn't, being caught doing such a think in Eve will likely result in a permanent ban. No one takes this stuff lightly.

Vas Vadum wrote:
I've already removed a key-logger from his PC, nice little thing, barely detectable by any antivirus software but I sent it to most of the antivirus labs to have them update and kill it.

This is starting to get pretty thin. "Barely detectable"? Either it's detectable, or it isn't. Keyloggers are detected by signature or by their method of infection, so they are either identified or they aren't. Your "friend" has bad security, or bad judgment.

Founding member of the Belligerent Undesirables movement.
Vas Vadum
Draconian Empire
#11 - 2012-06-09 11:17:14 UTC
FloppieTheBanjoClown wrote:
Vas Vadum wrote:
so people will hack as much as they can to destroy the enemy if they can do it.

Regardless of game rules, that can put them in prison. Even if it doesn't, being caught doing such a think in Eve will likely result in a permanent ban. No one takes this stuff lightly.

If caught. Perma ban doesn't scare most people, they can just make new accounts.

FloppieTheBanjoClown wrote:
Vas Vadum wrote:
I've already removed a key-logger from his PC, nice little thing, barely detectable by any antivirus software but I sent it to most of the antivirus labs to have them update and kill it.

This is starting to get pretty thin. "Barely detectable"? Either it's detectable, or it isn't. Keyloggers are detected by signature or by their method of infection, so they are either identified or they aren't. Your "friend" has bad security, or bad judgment.

2 out of 40 antivirus programs would have detected the keylogger. That's what I meant by barely detectable. Some people arent' very tech savy either.

My point was, this added security method would still be nice, no matter how good your own security is. It can't hurt to add more security that is user choice to opt in on or not.