These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE General Discussion

 
  • Topic is locked indefinitely.
12Next page
 

EVE Authenticator?
Author
Previous Topic Next Topic
realdognose
Caldari Provisions
Caldari State
#1 - 2012-06-09 13:26:56 UTC  |  Edited by: realdognose
Hello,

long time ago, CCP talked about the Authenticator to protect EVE-Accounts. Until the present day, nothing happened.

In the last days there have been some password-leaks and hacking attempts on varous services.

LinkedIN:
http://www.cbsnews.com/8301-501465_162-57448443-501465/linkedin-confirms-password-leak-encourages-users-to-update-passwords/

LOL:
http://www.pcgamer.com/2012/06/09/league-of-legends-database-hacked-riot-games-appreciate-your-immediate-attention/

Diablo 3:
http://www.eurogamer.net/articles/2012-05-21-diablo-3-accounts-hacked-gold-and-items-stolen

So my question is: What about the Authenticator thing?
I'm not convinced that these things are secure and unhackable - but i'm sure, they make it a bit harder. They at least can help against phishing, keyloggers and (depending on implementation) against database leaks.

Are there any news on that?
Jamagh
Grand Violations
#2 - 2012-06-09 13:47:29 UTC
As annoying as having the authenticator for my WoW account is, I would LOVE to have one for EVE. Have all my accounts linked into one so I can bind the authenticator to them.

Another thing, when I log off, put me back to the character select screen... so annoying to have to retype the password to get back in.

"Please stop reopening silly rumor threads."  CCP Navigator.
Kurfin
Kippers and Jam Developments
#3 - 2012-06-09 13:54:26 UTC
Would be good, though I'd be worried about losing it. Can you get them to work as an app on a phone? Or from a security point of view does that defeat the whole point?
Lin-Young Borovskova
Doomheim
#4 - 2012-06-09 14:00:33 UTC
Jamagh wrote:
As annoying as having the authenticator for my WoW account is, I would LOVE to have one for EVE. Have all my accounts linked into one so I can bind the authenticator to them.

Another thing, when I log off, put me back to the character select screen... so annoying to have to retype the password to get back in.



This is one of the little things that annoys me the most, type re type and re re type dam PW because it's too hard to make it so you can switch character without leaving the game... silly stuff is silly.

brb
Mme Pinkerton
#5 - 2012-06-09 14:08:34 UTC  |  Edited by: Mme Pinkerton
Adding to the OP - apparently relatively recent databases of password hashes for last.fm, eHarmony and LinkedIn accounts are circulating on the web (more info).

All three services stored password hashes unsalted which means they are very vulnerable against dictionary attacks (and also makes other attacks more efficient as many people are going to use the same password and without salt the same password will always result in the same hash).

If you were registered for one of these services and used the same password on any other website, you should probably change it asap.

An authenticator (either as a physical device or as a mobile phone app) is an effective means to ensure that your account stays secure even if your username/password got compromised (excluding elaborate man-in-the-middle attacks).
I would very much like the option to secure our eve accounts this way.

An IPO guide (David H'Levi) | Towards a Positive Argument For Investing (RAW23) | Freighter Operations 101 (Kazuo Ishiguro) | Dominion market analysis (Akita T)
Mallak Azaria
Caldari Provisions
Caldari State
#6 - 2012-06-09 14:10:32 UTC
Just make a 64 character password containing random combinations of letters, numbers & special characters like intelligent people already do. And change it every few weeks.

This post was lovingly crafted by a member of the Goonwaffe Posting Cabal, proud member of the popular gay hookup site somethingawful.com, Spelling Bee, Grammar Gestapo & #1 Official Gevlon Goblin Fanclub member.
Kurfin
Kippers and Jam Developments
#7 - 2012-06-09 14:13:03 UTC
Mallak Azaria wrote:
Just make a 64 character password containing random combinations of letters, numbers & special characters like intelligent people already do. And change it every few weeks.


And have it written on a bit of paper stuck to your monitor?
Mme Pinkerton
#8 - 2012-06-09 14:13:07 UTC  |  Edited by: Mme Pinkerton
Mallak Azaria wrote:
Just make a 64 character password containing random combinations of letters, numbers & special characters like intelligent people already do. And change it every few weeks.

oops, there was a vulnerability in the PNG processing library used by your webbrowser (actually happened for Firefox & Chrome in February this year) and while you loaded a maliciously crafted lolcat picture I installed a keylogger on your computer.

bad luck.

An IPO guide (David H'Levi) | Towards a Positive Argument For Investing (RAW23) | Freighter Operations 101 (Kazuo Ishiguro) | Dominion market analysis (Akita T)
Kijo Rikki
Killboard Padding Services
#9 - 2012-06-09 14:23:41 UTC  |  Edited by: Kijo Rikki
Kurfin wrote:
Would be good, though I'd be worried about losing it. Can you get them to work as an app on a phone? Or from a security point of view does that defeat the whole point?


I don't see why not, they did the same for SWTOR. OF course, I hate cellphones so I have the keyring thingy which sits in a drawer collecting dust.

You make a valid point, good Sir or Madam. 
Natsett Amuinn
Caldari Provisions
Caldari State
#10 - 2012-06-09 14:24:51 UTC
I have nothing against authenticators.

I support anything that would make accounts more secure.

BUT
The authenticators could actually cost CCP money. I don't think that their playerbase is large enough to warrant the need for them to spend money on something that they wouldn't make anything off of and could potentially cost them a good amount of money in the long run.
Suvari Khashour
24th Imperial Crusade
Amarr Empire
#11 - 2012-06-09 14:29:00 UTC
having an authenticator would imo be a very good idea, im really surprised there isnt an option for that already.. Blizzard accounts get hacked all the time, but they have said that there has not yet been a single instance of an account being hacked that had an authenticator attached to it prior to the hacking. i would opt for the physical key generator one personally rather than one for a mobile phone, but thats mostly because i hate mobiles and don't have one :D
Kijo Rikki
Killboard Padding Services
#12 - 2012-06-09 14:32:30 UTC
Natsett Amuinn wrote:
I have nothing against authenticators.

I support anything that would make accounts more secure.

BUT
The authenticators could actually cost CCP money. I don't think that their playerbase is large enough to warrant the need for them to spend money on something that they wouldn't make anything off of and could potentially cost them a good amount of money in the long run.


Yeah, I think the size of our playerbase makes us a far less likely target.

You make a valid point, good Sir or Madam. 
Suvari Khashour
24th Imperial Crusade
Amarr Empire
#13 - 2012-06-09 14:39:21 UTC
Kijo Rikki wrote:
Natsett Amuinn wrote:
I have nothing against authenticators.

I support anything that would make accounts more secure.

BUT
The authenticators could actually cost CCP money. I don't think that their playerbase is large enough to warrant the need for them to spend money on something that they wouldn't make anything off of and could potentially cost them a good amount of money in the long run.


Yeah, I think the size of our playerbase makes us a far less likely target.


Well yes, there arent really that many Eve players, but even so, its a very well known game, so i think its only a matter of time..Sad
AFK Hauler
State War Academy
#14 - 2012-06-09 14:43:42 UTC  |  Edited by: AFK Hauler
IIRC-


Julyish

@ 28:45
Onyx Nyx
Trillium Invariant
Honorable Third Party
#15 - 2012-06-09 14:45:24 UTC
Like above speaker, I support increased security for my accounts but as a owner of multiple accounts, it is going to be a ******* nightmare...

I kill kittens, and puppies and bunnies. I maim toddlers and teens and then more.

  • Richard (http://www.lfgcomic.com/)
Natsett Amuinn
Caldari Provisions
Caldari State
#16 - 2012-06-09 14:48:34 UTC
Suvari Khashour wrote:


Well yes, there arent really that many Eve players, but even so, its a very well known game, so i think its only a matter of time..Sad


We have to keep in mind that people don't get hacked because the server for the game gets hacked, it's most often due to other sites being hacked. Even if someone got a bunch of user names and passwords from another site and used them to try and force their way into EVE accounts, the number of incidences isn't going to be that large.

Plus those authenticators cost the company money. The only company that makes money off of them is the company that actually makes them, everyone else loses money.

They're great if you're blizzard or bioware, but for a company like CCP it's just going be a red value in the books that could be better spent on game development.

I'd rather be responcible for my own account security and see CCP make every penny possible, then have them spending money on authenticators at this point.


We could also look at it this way. If CCP could afford to support a smart phone authenticator, they probably would have create and EVE online app by now.
jason hill
Red vs Blue Flight Academy
#17 - 2012-06-09 14:49:52 UTC
ccp issued out autheniticators at the fanfest last year ... and we are still waiting to find out when we can use them Roll
Kijo Rikki
Killboard Padding Services
#18 - 2012-06-09 14:50:09 UTC
Suvari Khashour wrote:
Kijo Rikki wrote:
Natsett Amuinn wrote:
I have nothing against authenticators.

I support anything that would make accounts more secure.

BUT
The authenticators could actually cost CCP money. I don't think that their playerbase is large enough to warrant the need for them to spend money on something that they wouldn't make anything off of and could potentially cost them a good amount of money in the long run.


Yeah, I think the size of our playerbase makes us a far less likely target.


Well yes, there arent really that many Eve players, but even so, its a very well known game, so i think its only a matter of time..Sad


Apple is a very well known product too! Big smile I am one of these that firmly believe the reason Apple doesn't have many viruses is not because of the security of Apple software but rather the extremely low percentage of users.

That being said, with the extremely long time and effort it takes to build and acquire ships, space, and isk, and this being one of those games where general douchebaggery is encouraged....perhaps some of us at the top are vulnerable to a dedicated few within our own playerbase. Lol

You make a valid point, good Sir or Madam. 
Suvari Khashour
24th Imperial Crusade
Amarr Empire
#19 - 2012-06-09 14:53:33 UTC
Kijo Rikki wrote:
Suvari Khashour wrote:
Kijo Rikki wrote:
Natsett Amuinn wrote:
I have nothing against authenticators.

I support anything that would make accounts more secure.

BUT
The authenticators could actually cost CCP money. I don't think that their playerbase is large enough to warrant the need for them to spend money on something that they wouldn't make anything off of and could potentially cost them a good amount of money in the long run.


Yeah, I think the size of our playerbase makes us a far less likely target.


Well yes, there arent really that many Eve players, but even so, its a very well known game, so i think its only a matter of time..Sad


Apple is a very well known product too! Big smile I am one of these that firmly believe the reason Apple doesn't have many viruses is not because of the security of Apple software but rather the extremely low percentage of users.

That being said, with the extremely long time and effort it takes to build and acquire ships, space, and isk, and this being one of those games where general douchebaggery is encouraged....perhaps some of us at the top are vulnerable to a dedicated few within our own playerbase. Lol


used to be that apple didnt have to worry about viruses but thats no longer the case, there was a recent botnet problem that involved over 500k mac users computers, oddly enough, they didnt have antivirus programs installed etc, which just highlights the fact that over time, things change.. and mac's need protection now as much as windoze machines do.Oops
Kijo Rikki
Killboard Padding Services
#20 - 2012-06-09 15:02:52 UTC
Yeah, well hopefully it wakes mac users up from their little daydream about how uber safe apple products are. Any willing hacker and programmer will find a weakness. As apple picks up more fanboys, this will only become more of a reality.

You make a valid point, good Sir or Madam. 
12Next page