These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

Player Features and Ideas Discussion

 
  • Topic is locked indefinitely.
123Next pageLast page
 

Dear CCP, get rid of your cache of old passwords.

First post
Author
Previous Topic Next Topic
Zed Jackelope
Pator Tech School
Minmatar Republic
#1 - 2012-04-26 21:07:58 UTC
It would be nice to re-use old passwords, or just be able to cycle through passwords, if one wants to (which, if you haven't guessed, I do).

So do us a favor and get rid of your weird desire to save our passwords after we are no longer using them.. AFAIC, that's a security risk.
Tanya Powers
Doomheim
#2 - 2012-04-26 21:10:47 UTC
Zed Jackelope wrote:
It would be nice to re-use old passwords, or just be able to cycle through passwords, if one wants to (which, if you haven't guessed, I do).

So do us a favor and get rid of your weird desire to save our passwords after we are no longer using them.. AFAIC, that's a security risk.



Yes (they can)
Tinnin Sylph
Perkone
Caldari State
#3 - 2012-04-26 21:10:54 UTC
Dear CCP

Please remove the security feature you put in place to ensure I don't do something to compromise my account.

Many Thanks

Some Dumb Pubbie

Heh.
Kieron VonDeux
#4 - 2012-04-26 21:15:41 UTC
Zed Jackelope wrote:
AFAIC, that's a security risk.


Actually, it is a security enhancement.
Florestan Bronstein
Ministry of War
Amarr Empire
#5 - 2012-04-26 22:14:06 UTC
Zed Jackelope wrote:
It would be nice to re-use old passwords, or just be able to cycle through passwords, if one wants to (which, if you haven't guessed, I do).

So do us a favor and get rid of your weird desire to save our passwords after we are no longer using them.. AFAIC, that's a security risk.

they probably (hopefully) don't store the password (new or old) but a hash.

and any form of password reuse is bad, mkay?
TWHC Assistant
#6 - 2012-04-26 22:19:28 UTC
Instead of denying the old passwords should they only warn about them.
Voith
Republic Military School
Minmatar Republic
#7 - 2012-04-26 22:36:21 UTC
Tinnin Sylph wrote:
Dear CCP

Please remove the security feature you put in place to ensure I don't do something to compromise my account.

Many Thanks

Some Dumb Pubbie

Given the rate at which MMOs are being hacked I wouldn't call them storing anything a security feature.
supersexysucker
Uber Awesome Fantastico Awesomeness Group
#8 - 2012-04-26 23:05:24 UTC
I do not change my pw BECAUSE of CCPs dumb **** can't put in an old one... need a cap letter now, etc bullshit.

I WILL PICK MY OWN FUCKIN PASSWORD.

Be nice if someone would steal all CCPs stored old passwords rofl...

The mail they would need to send out would be LOL...

"Every password you ever used in eve online has been stolen, please make sure to change any accounts using any of these passwords, we enjoy fuckin you"


Also for the retart tinnin... why not ask CCP for an onscreen in game keyboard to enter log in info... I mean if we need to make PW's a *****... what about keyloggers PLEASE PROTECT ME FROM KEY LOGGERS CCP.

Sounds like a baby that needs someone to protect him... lul.
Jafit
Caldari Provisions
Caldari State
#9 - 2012-04-26 23:11:14 UTC
Shian Yang
#10 - 2012-04-26 23:13:08 UTC
Voith wrote:
Given the rate at which MMOs are being hacked I wouldn't call them storing anything a security feature.


Greetings capsuleer,

As you may know from your pod and ship security systems no passwords are stored in clear-text. They are stored as an (ideally) irreversible hash to prevent them from being discovered. This is safer than allowing the re-use of such passwords where an attacker may obtain an older password which may not currently be valid.

If, however, a capsuleer wishes to tie their nuts to the capsule and initiate a self-destruct sequence I see no reason for CONCORD to prevent them; providing they accept this nulls and voids any claims they may have to reimbursement.

Regards,

Shian Yang
CCP Sreegs
CCP Retirement Home
#11 - 2012-04-26 23:38:48 UTC
This will be reviewed when we institute the two factor option in the next couple of months.

"Sreegs has juuust edged out Soundwave as my favourite dev." - Meita Way 2012
Corina Jarr
en Welle Shipping Inc.
#12 - 2012-04-26 23:40:13 UTC
Shian Yang wrote:
Voith wrote:
Given the rate at which MMOs are being hacked I wouldn't call them storing anything a security feature.


Greetings capsuleer,
...
If, however, a capsuleer wishes to tie their nuts to the capsule and initiate a self-destruct sequence I see no reason for CONCORD to prevent them; providing they accept this nulls and voids any claims they may have to reimbursement.

Regards,

Shian Yang



I have both null and void in my cargo hold... how does this effect things?
TWHC Assistant
#13 - 2012-04-26 23:43:20 UTC
CCP Sreegs wrote:
This will be reviewed when we institute the two factor option in the next couple of months.


Kill moar bots!! \o/
Beekeeper Bob
Beekeepers Anonymous
#14 - 2012-04-27 00:12:48 UTC
Tinnin Sylph wrote:
Dear CCP

Please remove the security feature you put in place to ensure I don't do something to compromise my account.

Many Thanks

Some Dumb Pubbie



Well, I guess being a Drone your used to being led by the nose....Other people prefer to make their own choices. Shocked

Signature removed - CCP Eterne
supersexysucker
Uber Awesome Fantastico Awesomeness Group
#15 - 2012-04-27 00:16:10 UTC
CCP Sreegs wrote:
This will be reviewed when we institute the two factor option in the next couple of months.


Or you could just give us a ******* warning and let us do WHAT we want.
Beekeeper Bob
Beekeepers Anonymous
#16 - 2012-04-27 00:17:57 UTC
Shian Yang wrote:
Voith wrote:
Given the rate at which MMOs are being hacked I wouldn't call them storing anything a security feature.


Greetings capsuleer,

As you may know from your pod and ship security systems no passwords are stored in clear-text. They are stored as an (ideally) irreversible hash to prevent them from being discovered. This is safer than allowing the re-use of such passwords where an attacker may obtain an older password which may not currently be valid.

If, however, a capsuleer wishes to tie their nuts to the capsule and initiate a self-destruct sequence I see no reason for CONCORD to prevent them; providing they accept this nulls and voids any claims they may have to reimbursement.

Regards,

Shian Yang





Congratulations on giving CCP the benefit of the doubt on their handling of passwords.
Certainly their attention to detail in the past is cause for such fiath in their coding skills. Roll

Signature removed - CCP Eterne
Jonas Xiamon
#17 - 2012-04-27 00:48:01 UTC  |  Edited by: Jonas Xiamon
The reason this is a security feature is simple, they aren't storing your password. (Unless they're actually that ********, which I doubt.)

They're storing an encrypted version of your password, which is virtually useless.

They're are ways of cracking these things, however, your concerns would be very misplaced to worry about that. Especially if you're the type of person who reuses passwords.

I usally write one of these and then change it a month later when I reread it and decide it sounds stupid.
Grumpymunky
Monkey Steals The Peach
#18 - 2012-04-27 01:22:24 UTC
supersexysucker wrote:
Or you could just give us a ******* warning and let us do WHAT we want.
When I read this post, the voice in my head shouted the "WHAT" ... I don't know why it did that. It sounds weird. What?

Post with your monkey.

Thread locked due to lack of pants.
Shian Yang
#19 - 2012-04-27 01:42:33 UTC
Grumpymunky wrote:
supersexysucker wrote:
Or you could just give us a ******* warning and let us do WHAT we want.
When I read this post, the voice in my head shouted the "WHAT" ... I don't know why it did that. It sounds weird. What?


Greetings capsuleer,

I believe it sounds weird if you do not have any human offspring. Those with 2 - 5 year old children will understand why WHAT is emphasised in such a fashion as it is a common tantrum response.

Regards,

Shian Yang
Barakach
Caldari Provisions
Caldari State
#20 - 2012-04-27 02:58:44 UTC  |  Edited by: Barakach
Voith wrote:
Tinnin Sylph wrote:
Dear CCP

Please remove the security feature you put in place to ensure I don't do something to compromise my account.

Many Thanks

Some Dumb Pubbie

Given the rate at which MMOs are being hacked I wouldn't call them storing anything a security feature.


MMOs aren't being hacked, computers are getting infected from people clicking "yes" on everything that pops-up.

Storing an old hash isn't really a security issue, but I don't agree with forcing the end user to not use an old password. That should be up to the user.

Personally, I like to use SHA512(Password+Salt), where and password is the byte array of the password string and the salt is a 16byte crypto strength random value. Maybe I should use a 32byte salt?... hmmm... So much CPU power these days.
123Next pageLast page