These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE General Discussion

 
  • Topic is locked indefinitely.
12Next page
 

Eve Authenticator
Author
Previous Topic Next Topic
chriz
Deep Core Mining Inc.
Caldari State
#1 - 2013-04-21 09:47:38 UTC
One thing that I feel is missing in Eve is def. an option to have a higher security authentication process like Google Authenticator or Battle.nets Authenticator. 3 minute one time security pins thats unique for every player. And have this as an option to add it to its account to authenticate and download a mobile phone application to hold the software and the authentication generation process on.

if that would be possible it would be awesome as you invest a lot of time and effort into this game and dont want your account to be stolen or taken over. With this type of authenticator it would be really really hard to get thru the regular way.

/chriz
Pak Narhoo
Splinter Foundation
#2 - 2013-04-21 10:01:17 UTC
(Non working) authenticators where once given out to fanfest attendees, if I'm not mistaken that was prior to the incarna riots.
Never read or heard anything about them since.

Cannot say I miss it.
Deladian
The Scope
Gallente Federation
#3 - 2013-04-21 10:01:34 UTC
Ccp gave us one at fastest still waiting for it to be usable.
Dave stark
#4 - 2013-04-21 10:05:29 UTC
there's not really a need for such a thing.

common sense is already enough to stop your account getting "stolen" or whatever.
Klymer
Hedion University
Amarr Empire
#5 - 2013-04-21 10:20:57 UTC
Stop using password as your password.
Tau Cabalander
Retirement Retreat
Working Stiffs
#6 - 2013-04-21 10:39:55 UTC
Klymer wrote:
Stop using password as your password.

http://xkcd.com/936/
James Amril-Kesh
Viziam
Amarr Empire
#7 - 2013-04-21 10:44:36 UTC
I wonder how many people subsequently used "correct horse battery staple" as their actual password.

Enjoying the rain today? ;)
Wodensun
Caldari Provisions
Caldari State
#8 - 2013-04-21 10:46:29 UTC
Dave Stark wrote:
there's not really a need for such a thing.

common sense is already enough to stop your account getting "stolen" or whatever.


Bullshit with signature/heuristic based AV your always running after the facts. This means a virus/trojan/keylogger has to be known for it to be detected.

Do not give me likes them 101 likes arent a accident...
Dave stark
#9 - 2013-04-21 10:51:04 UTC
Wodensun wrote:
Dave Stark wrote:
there's not really a need for such a thing.

common sense is already enough to stop your account getting "stolen" or whatever.


Bullshit with signature/heuristic based AV your always running after the facts. This means a virus/trojan/keylogger has to be known for it to be detected.


enjoying a decade and counting of not having any of my accounts stolen. regardless of what the account is for.

feels good.
Chribba
Otherworld Enterprises
Otherworld Empire
#10 - 2013-04-21 10:55:16 UTC
For myself I'd just be happy if I could lock my accounts to IP (yes won't work for everyone I know)

/c

★★★ Secure 3rd party service ★★★

Visit my in-game channel 'Holy Veldspar'

Twitter @ChribbaVeldspar
Wodensun
Caldari Provisions
Caldari State
#11 - 2013-04-21 11:03:32 UTC  |  Edited by: Wodensun
Dave Stark wrote:
Wodensun wrote:
Dave Stark wrote:
there's not really a need for such a thing.

common sense is already enough to stop your account getting "stolen" or whatever.


Bullshit with signature/heuristic based AV your always running after the facts. This means a virus/trojan/keylogger has to be known for it to be detected.


enjoying a decade and counting of not having any of my accounts stolen. regardless of what the account is for.

feels good.


And thats your counter argument? Haaaahahaahahahaaha no wait for it... Whaaaahaahahahaa now be gone noob.


Chribba wrote:
For myself I'd just be happy if I could lock my accounts to IP (yes won't work for everyone I know)

/c


Chribs that can be defeated as wel the thing with the authenticator is the hacker wont know the next key in sequence and he cant generate it.

Consider ARP spoofing/poisoning ;-)

Do not give me likes them 101 likes arent a accident...
Turelus
Utassi Security
#12 - 2013-04-21 11:11:45 UTC
I would always support an authenticator, it's another layer of security and they're normally optional. Haters don't have to use them those who want to can.

Turelus CEO Utassi Security
Lord Haur
Star Frontiers
Brotherhood of Spacers
#13 - 2013-04-21 11:12:15 UTC
Deladian wrote:
Ccp gave us one at fastest still waiting for it to be usable.

Here's a pic of mine.

Still got it lying about somewhere.
James Amril-Kesh
Viziam
Amarr Empire
#14 - 2013-04-21 11:17:50 UTC  |  Edited by: James Amril-Kesh
I still don't get how these things actually work, anyway.

It took me a while just to understand the basic concepts behind public key cryptography.

Edit: Oh, nevermind, that was actually not that bad.

Enjoying the rain today? ;)
Wodensun
Caldari Provisions
Caldari State
#15 - 2013-04-21 11:24:12 UTC
James Amril-Kesh wrote:
I still don't get how these things actually work, anyway.

It took me a while just to understand the basic concepts behind public key cryptography.


Okay you login as normal then your prompted to provide a 6 digit key which has been generated with the authenticator the server knows which key to expect if the key matches the expected 6 digit key your login is successfull thats it in a nutshell.

http://en.wikipedia.org/wiki/Multi-factor_authentication

Do not give me likes them 101 likes arent a accident...
chriz
Deep Core Mining Inc.
Caldari State
#16 - 2013-04-21 11:30:47 UTC
Just imagine going to fanfest and sitting down at one of their terminals and login to find out later that for some reason that computer had a keylogger ?

And as I said I would like to be given an option to choose how I want to secure my valuable subscription time.

/chriz
chriz
Deep Core Mining Inc.
Caldari State
#17 - 2013-04-21 11:31:45 UTC
Pak Narhoo wrote:
(Non working) authenticators where once given out to fanfest attendees, if I'm not mistaken that was prior to the incarna riots.
Never read or heard anything about them since.

Cannot say I miss it.



Well maybe you miss it if and when it will happen, but then again then its when it its kinda to late.

/chriz
Lord Haur
Star Frontiers
Brotherhood of Spacers
#18 - 2013-04-21 11:33:26 UTC
James Amril-Kesh wrote:
I still don't get how these things actually work, anyway.

It took me a while just to understand the basic concepts behind public key cryptography.

Long story short, these run an algorithm with two inputs. The first is easy enough, the authenticator's UniqueID. The second is a little more complicated, usually either the current time or the previous result. These inputs are manipulated to produce a auth token. The server can run the same algorithm, using the authenticator's ID associated with the account. If the two results match, then authentication is successful.


The token distributed at FF2011 appears to use the timestamp method - the result only updates every 30s or so.
Obsidian Dagger
Nitrus Nine
#19 - 2013-04-21 12:15:07 UTC
I would support an authenticator. Physical (easy to lose/break, but unique to your account) or an android (or iOS) app, which at least would be easy to get (instead of paying three PLEX and waiting 28 days for delivery).

Blizzard have the right idea (I use my android app version for Starcraft 2), with their authenticators.
James Amril-Kesh
Viziam
Amarr Empire
#20 - 2013-04-21 12:24:58 UTC
Lord Haur wrote:
James Amril-Kesh wrote:
I still don't get how these things actually work, anyway.

It took me a while just to understand the basic concepts behind public key cryptography.

Long story short, these run an algorithm with two inputs. The first is easy enough, the authenticator's UniqueID. The second is a little more complicated, usually either the current time or the previous result. These inputs are manipulated to produce a auth token. The server can run the same algorithm, using the authenticator's ID associated with the account. If the two results match, then authentication is successful.


The token distributed at FF2011 appears to use the timestamp method - the result only updates every 30s or so.

Yeah, the part I was confused about is how the server knows which input to expect. But that makes sense.

Enjoying the rain today? ;)
12Next page