These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE Information Portal

 
  • Topic is locked indefinitely.
2 Pages12Next page
 

Dev Blog: New Security Features With EVE Online: Ascension

First post
Author
#1 - 2016-11-19 02:45:23 UTC  |  Edited by: CCP Phantom
With the release of the Ascension expansion, we introduced some new account security features in order to further safeguard your EVE Online accounts.

Check out this Dev Blog for further information and clarification on the systems that were introduced on Tuesday, November 15th.

CCP Falcon || EVE Universe Community Manager || @CCP_Falcon

Happy Birthday To FAWLTY7! <3

Pandemic Legion
#2 - 2016-11-19 03:25:58 UTC
So, I asked before, but I know a bit more now.....

I travel 200,000 miles a year worldwide for work. I travel with 2 laptops, both play eve.

I have attached authenticator to all relevant accounts

If i go from the US to France for work, will the fact that I have entered an authenticator code on my laptops at home and checked the box do not ask again for this computer, negate any and all further interrogation, or will i have to enter a code for each account?

If I do have to enter a code in France, will I have to re enter a code when I get back to the USA?

What if I am in an airport and connect via wifi or use my phone hotspot, or wifi on the plane during a transatlantic flight. Most of those places bandwidth is limited and extra time to login sometimes makes a difference.

Is there a way to turn all this off?

I KNOW I am an edge case, but you can appreciate the level of frustration I am experiencing at this point. But, if doesn't mean it is any less frustrating for me.

KF
#3 - 2016-11-19 05:01:29 UTC
I really hate CCp for doing this to my accounts.
I have been playing for 8 years and now I have to verify ownership because of this? I have no access to my original email accounts and that means I have 4 accounts I can't even access. So I have to put in tickets for all 4 accounts and then verify each one.
You guys made my life miserable and I will never forgive you for that.
This is so friggin dumb.
Pandemic Horde
#4 - 2016-11-19 05:22:15 UTC
I'm confused by the mention of the Google Authenticator app. I'd this the same as the 2FA I already have active on my accounts or is this a separate validation on top of that? I travel a lot and the 2FA thing is already annoying because of how often it asks for validation.

Zappity's Adventures for a taste of lowsec and nullsec.

#5 - 2016-11-19 06:45:52 UTC
So if someone decides to use this Google App thing so they continue to use 2FA, has Google and CCP solved the exploit that left the Blizzard 2FA codes open and prepped for hacking? Which left an absolute mess of stolen WoW accounts along with needing to re-verify so many accounts in mass numbers?

If so, I salute the app coding crunchers of CCP. You've done the impossible.

Until then, Nah. I'd rather not put anything on my phone so easily snooped into that's connected to my Eve accounts.

>Jeven

Minny boat flyer, unofficial squeaky wheel.

'Game Ethics and Morality Monitor' I remember promises.

Snark at 11-24/7/365.25. Overshare? Yup.

Yes it's my fault. And if you don't staap it I'll do it again. ;-P

No you can't has my stuffs OR my SPs.

#6 - 2016-11-19 08:29:00 UTC
Quote:
Unfortunately, there was some confusion regarding the new system due to the fact that a significant number of pilots received emails that mentioned the optional authenticator service, leading them to believe that we had made this mandatory.


I'm fairly sure that the confusion arose because the launcher popped up a window which said "Your account has 2 factor Authentication enabled", the email itself does not have the word optional on it.

Greetings *******

Since you have Two Factor Authentication enabled, we have sent you this Two factor verification code. You can also enable an authenticator for your smartphone on the Account Management website to make this process easier. Please enter the verification code below to complete login:
#7 - 2016-11-19 09:12:50 UTC
so everyone is moaning over 4 or five five digit code to copy and past out of an email come on its once then all your accounts are ok yes it takes time to receive mail but it gets done and all that time if they're active there training so why the morning moans
Minmatar Republic
#8 - 2016-11-19 10:57:57 UTC
sarah jane fibbonachie wrote:
so everyone is moaning over 4 or five five digit code to copy and past out of an email come on its once then all your accounts are ok yes it takes time to receive mail but it gets done and all that time if they're active there training so why the morning moans


Wow, you really have not been paying attention have you? Check out the various other threads, especially the one discussing Ascension issues in general: https://forums.eveonline.com/default.aspx?g=posts&t=499789

Lots of folks cannot access any of their accounts due to not receiving any verfication codes at all, others experienced delays that were so long the code became invalid, etc. Others have email addresses configured that no longer exist, and they cannot change them since account access is blocked.

Please read before trying to shift blame onto players. And shifting blame to the paying customers isn't really going to work here. This is a major screw-up by CCP, and people are rightly pissed. They've manufactured a problem that doesn't need to exist, and it's going to hurt them directly since it blocks many players from resubscribing, buying PLEX, etc.
#9 - 2016-11-19 12:53:04 UTC
Dear CCP, can you please make your terminology a little more distinct:


  • use "Two Factor Authentication" only for "Google Authenticator" style authentication (this actually allows any implementation of RFC 6238 TOTP to be used, I've been happily using 1Password)
  • use "Email Token" for email-based verification


#10 - 2016-11-19 13:11:24 UTC
Kenneth Feld wrote:
So, I asked before, but I know a bit more now.....

I travel 200,000 miles a year worldwide for work. I travel with 2 laptops, both play eve.

I have attached authenticator to all relevant accounts

If i go from the US to France for work, will the fact that I have entered an authenticator code on my laptops at home and checked the box do not ask again for this computer, negate any and all further interrogation, or will i have to enter a code for each account?

If I do have to enter a code in France, will I have to re enter a code when I get back to the USA?

What if I am in an airport and connect via wifi or use my phone hotspot, or wifi on the plane during a transatlantic flight. Most of those places bandwidth is limited and extra time to login sometimes makes a difference.

Is there a way to turn all this off?

I KNOW I am an edge case, but you can appreciate the level of frustration I am experiencing at this point. But, if doesn't mean it is any less frustrating for me.

KF


If you've attached the authenticator to your accounts, it overrides the location based verification codes.

All you need to do is check the "“Don’t ask for codes again on this computer” checkbox, and won't get constantly asked for a verification code because it'll mark the device as safe.

I travel a lot for work too, and I play EVE on the move, this is how the authenticator works for me.

CCP Falcon || EVE Universe Community Manager || @CCP_Falcon

Happy Birthday To FAWLTY7! <3

#11 - 2016-11-19 13:12:15 UTC
Zappity wrote:
I'm confused by the mention of the Google Authenticator app. I'd this the same as the 2FA I already have active on my accounts or is this a separate validation on top of that? I travel a lot and the 2FA thing is already annoying because of how often it asks for validation.


Hit the “Don’t ask for codes again on this computer” checkbox, and it wont' bother you for codes while you're travelling.

CCP Falcon || EVE Universe Community Manager || @CCP_Falcon

Happy Birthday To FAWLTY7! <3

#12 - 2016-11-19 13:13:48 UTC
Jeven HouseBenyo wrote:
So if someone decides to use this Google App thing so they continue to use 2FA, has Google and CCP solved the exploit that left the Blizzard 2FA codes open and prepped for hacking? Which left an absolute mess of stolen WoW accounts along with needing to re-verify so many accounts in mass numbers?

If so, I salute the app coding crunchers of CCP. You've done the impossible.

Until then, Nah. I'd rather not put anything on my phone so easily snooped into that's connected to my Eve accounts.

>Jeven


If you have any security concerns, please contact security@ccpgames.com and they'll be able to answer your queries.

CCP Falcon || EVE Universe Community Manager || @CCP_Falcon

Happy Birthday To FAWLTY7! <3

#13 - 2016-11-19 13:15:38 UTC
Caterpil wrote:
Quote:
Unfortunately, there was some confusion regarding the new system due to the fact that a significant number of pilots received emails that mentioned the optional authenticator service, leading them to believe that we had made this mandatory.


I'm fairly sure that the confusion arose because the launcher popped up a window which said "Your account has 2 factor Authentication enabled", the email itself does not have the word optional on it.

Greetings *******

Since you have Two Factor Authentication enabled, we have sent you this Two factor verification code. You can also enable an authenticator for your smartphone on the Account Management website to make this process easier. Please enter the verification code below to complete login:


Partially correct, initially the emails we were sending out that weren't related to the authenticator mentioned it initially too, but this was rectified pretty quickly when we realized the mistake.

The launcher and our secure website is a little more complex to update and takes longer Smile

CCP Falcon || EVE Universe Community Manager || @CCP_Falcon

Happy Birthday To FAWLTY7! <3

Brave Collective
#14 - 2016-11-19 17:21:15 UTC
seems your accont recovery email sender having some problems, because i can contact on my email with the support team, but verification code or accont recovery stuff never arrives to the same email adress...
#15 - 2016-11-19 19:21:37 UTC
This is a flat face flop.
Changes such as these MUST be announced well ahead of the time.
And definitely NOT stealthily implemented right at the start of a major expansion.

Two most common elements in the universe are hydrogen and stupidity. -- Harlan Ellison

Pandemic Horde
#16 - 2016-11-19 19:49:50 UTC
CCP Falcon wrote:
Zappity wrote:
I'm confused by the mention of the Google Authenticator app. I'd this the same as the 2FA I already have active on my accounts or is this a separate validation on top of that? I travel a lot and the 2FA thing is already annoying because of how often it asks for validation.


Hit the “Don’t ask for codes again on this computer” checkbox, and it wont' bother you for codes while you're travelling.

That definitely does not work, no matter how hard I click that wretched button. I'll submit a bug report next time it asks me.

Zappity's Adventures for a taste of lowsec and nullsec.

RAZOR Alliance
#17 - 2016-11-20 03:02:54 UTC
Most of Eve-Players having login-problems due not reading help-articles like the english-client-setting thing.

But there where some of us, which could not loging in and to you ISD Max Trix not could verifiy email-adresses, because CCP does setup new E-Mail-Adress-limitations which until yesterday where not communicated.

We discussed this here: https://forums.eveonline.com/default.aspx?g=posts&m=6718516#post6718516

Iam absolutly frustrated that ISD Max Trix first pointing at our vauld to not use verification since it was announced one month ago.

Dear Max Trix, i did the verification before patch-day with no e-mail answer. So i thought i easily do it again after patch-day. No one said its not possible. That the verification and further no login to ANY Eve-Service, does not works with some emails was not said.

Iam waiting for reimbursement of the lost days (like it was guaranteed) and ISD Max Trix, please inform your self about what was going on in your IT-section. Because iam a friendly person, im not post any abusive words thats going on in my mind about you EvilEvil

#18 - 2016-11-20 11:17:19 UTC
I ve asked this in another thread

1. What is the eta on resolving the email validation issues caused by the latest upgrades?? It been 4 days now

2. At what point are you going to go to disaster recovery and roll back the changes made so people don't have to deal with it anymore?

Goonswarm Federation
#19 - 2016-11-20 21:05:31 UTC
Yeah, this situation really is totally unacceptable for all involved: your paying customers are being left to blow in the wind for a week. Your customer service staff have got to be ready to eat their guns after a week straight of overtime doing what's presumably a long and complicated override process over and over again. How many people's weekends are you going to ruin before you go back to the people who could actually fix the software?

I've been locked out of half my accounts (naturally, the half with all my science + industry activity) for almost a week now. Like half the people in this situation, I'm here entirely due to your screw-ups-- I have access to the email account in question and there's no reason this process should need to be done manually.

Why, oh why don't you just correct the software issue so that emails actually get sent, or at least allow people to log into account management to click a re-send link using their usernames and passwords? If this had happened to a small number of users and could've been remedied by hand in a day or two, that would be one thing. But it's been a solid week now and the only thing I've seen from you guys is a c/p form email and some smug ISD rep locking all the threads about the issue.

Please consider a fix rather than a workaround that's going to take weeks. Adding game time to affected accounts after the fact is not a good way to "compensate" people who are missing out on the entire gold-rush period following a major expansion solely because your security team neglected to use a flow chart when designing the auth system.
Pandemic Legion
#20 - 2016-11-20 22:23:11 UTC
OK, this is now OFFICIALLY beyond stupid

I had to RE VERIFY my email address for EVERY account when I tried to get on SISI on the same computer I am already logged into

On top of that it did NOT ask me for an authenticator code once I verified my email account again.

I mean it is the SAME freaking launcher, same launcher, same computer....................
2 Pages12Next page
Forum Jump