These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

Player Features and Ideas Discussion

 
  • Topic is locked indefinitely.
 

increased security for eve accounts
Author
Previous Topic Next Topic
Ellon JTC
Quadralien
#1 - 2013-06-25 11:51:36 UTC  |  Edited by: Ellon JTC
Any chance you guys could implement some additional security measures for eve accounts. Some ideas below:

- A 2 step verification for eve accounts like gmail and facebook?

- An account specific application that generates 1 time use codes to enter along with the password upon login.

- Saving trusted computers or laptops. if someone tries to login using an untrusted device, a notification could be sent to that accounts email, for which the player would have to accept the login approval through his/her email.

-physical card reader which produces 1 time use codes (would be nice to be able to purchase using plex)

-physical usb flash that you would have to insert in a usb drive in order to be able to log in (would be nice to be able to purchase using plex)
Azrael Dinn
Imperial Mechanics
#2 - 2013-06-25 11:54:23 UTC  |  Edited by: Azrael Dinn
Or how about not going to porn or torrent or other fishy sites with the same computer you play eve? :P

Edit:
Why can't I say PORN?!?

Stupid censors.

After centuries of debating and justifying... Break Cloaks tm
Kirimeena D'Zbrkesbris
Republic Military Tax Avoiders
#3 - 2013-06-25 13:59:55 UTC  |  Edited by: Kirimeena D'Zbrkesbris
Rather than saving trusted computers/laptops, its better to save trusted IPs/Networks you're usually logging in from with an ability to manage those networks from account manager. should someone attempt to log in from an untrusted network/IP, they will have to enter 1-time code that is sent either to e-mail or phone (if you choose that method). Authenticators (both physical trinkets and software ones) sound good too. Ability to opt out from additional security features should be there too.

Opinions are like assholes. Everybody got one and everyone thinks everyone else's stinks.
Astroniomix
School of Applied Knowledge
Caldari State
#4 - 2013-06-25 18:02:29 UTC
Kirimeena D'Zbrkesbris wrote:
Rather than saving trusted computers/laptops, its better to save trusted IPs/Networks you're usually logging in from with an ability to manage those networks from account manager. should someone attempt to log in from an untrusted network/IP, they will have to enter 1-time code that is sent either to e-mail or phone (if you choose that method). Authenticators (both physical trinkets and software ones) sound good too. Ability to opt out from additional security features should be there too.

I vote for this option.
Nariya Kentaya
Ministry of War
Amarr Empire
#5 - 2013-06-25 19:32:39 UTC
Ellon JTC wrote:
Any chance you guys could implement some additional security measures for eve accounts. Some ideas below:

- A 2 step verification for eve accounts like gmail and facebook?

- An account specific application that generates 1 time use codes to enter along with the password upon login.

- Saving trusted computers or laptops. if someone tries to login using an untrusted device, a notification could be sent to that accounts email, for which the player would have to accept the login approval through his/her email.

The day i try and log in to EVE and it brings up one of those ******-ass "connect your account with facebook, gmail, yahoo, bl blah blah were ****** sellouts on the social bandwagon" is the day i go and make my own space game for me to play in all alone.

I swear too many games all try and jump on this bandwagon, and then offer ingame bonuses to people who allow the site to post advertisements with their name on their wall to cut back advertising budgets, i do not and will not ever have a facebook, if i want to meet one of my friends without going to their freaking house there is Mumble, Teamspeak, EVE, Steam, or any other game i can meet other players in without being subjected to advertising and "pokes" from some no-life in North Africa or Southern Europe.

In short, facebook = pointless to even have and is even less ecure than EVE, so all you would be doing is hooking an even less secure "password" service onto what your assuming is an already compromised EVE account, because lets face it, if they managed to get your EVE info, then its not going to be at all difficult to get your facebook info.
voetius
Grundrisse
#6 - 2013-06-25 19:36:29 UTC

I kinda agree with Nariya.

I'd be happy to purchase (for a nominal fee) a dongle or use one of the RSA type authenticators.
Ellon JTC
Quadralien
#7 - 2013-06-26 13:17:14 UTC
Azrael Dinn wrote:
Or how about not going to **** or torrent or other fishy sites with the same computer you play eve? :P

Edit:
Why can't I say ****?!?

Stupid censors.


Stealing someones password is a lot more simple than you think.
Ellon JTC
Quadralien
#8 - 2013-06-26 13:18:04 UTC
Nariya Kentaya wrote:
Ellon JTC wrote:
Any chance you guys could implement some additional security measures for eve accounts. Some ideas below:

- A 2 step verification for eve accounts like gmail and facebook?

- An account specific application that generates 1 time use codes to enter along with the password upon login.

- Saving trusted computers or laptops. if someone tries to login using an untrusted device, a notification could be sent to that accounts email, for which the player would have to accept the login approval through his/her email.

The day i try and log in to EVE and it brings up one of those ******-ass "connect your account with facebook, gmail, yahoo, bl blah blah were ****** sellouts on the social bandwagon" is the day i go and make my own space game for me to play in all alone.

I swear too many games all try and jump on this bandwagon, and then offer ingame bonuses to people who allow the site to post advertisements with their name on their wall to cut back advertising budgets, i do not and will not ever have a facebook, if i want to meet one of my friends without going to their freaking house there is Mumble, Teamspeak, EVE, Steam, or any other game i can meet other players in without being subjected to advertising and "pokes" from some no-life in North Africa or Southern Europe.

In short, facebook = pointless to even have and is even less ecure than EVE, so all you would be doing is hooking an even less secure "password" service onto what your assuming is an already compromised EVE account, because lets face it, if they managed to get your EVE info, then its not going to be at all difficult to get your facebook info.


I don't think you understand the concept of 2 step verification. It has nothing to do with gmail or facebook. It connects your account to your pc and phone.
Azrael Dinn
Imperial Mechanics
#9 - 2013-06-26 13:32:13 UTC
Ellon JTC wrote:
Azrael Dinn wrote:
Or how about not going to **** or torrent or other fishy sites with the same computer you play eve? :P

Edit:
Why can't I say ****?!?

Stupid censors.


Stealing someones password is a lot more simple than you think.


I'm abit interested in this so could you behaps enlighten me abit.

Lets say that I have only games on my computer, no other program and I use a browser only to access hardware sites to download lates drivers and software and nothing else. I do not have any comminucation program on that computer or anything else. I do not use it to download anything end the computer does not share or otherwise comminucate with other computers. I do not use same passwords never and all games have their own passwords. And emails are different from normals ones that I use on other computers.

So... how do you steal my password and login information and gain access to my account unless I mess up something or share my details to someone?

After centuries of debating and justifying... Break Cloaks tm
Danika Princip
GoonWaffe
Goonswarm Federation
#10 - 2013-06-26 13:35:49 UTC
Azrael Dinn wrote:
Ellon JTC wrote:
Azrael Dinn wrote:
Or how about not going to **** or torrent or other fishy sites with the same computer you play eve? :P

Edit:
Why can't I say ****?!?

Stupid censors.


Stealing someones password is a lot more simple than you think.


I'm abit interested in this so could you behaps enlighten me abit.

Lets say that I have only games on my computer, no other program and I use a browser only to access hardware sites to download lates drivers and software and nothing else. I do not have any comminucation program on that computer or anything else. I do not use it to download anything end the computer does not share or otherwise comminucate with other computers. I do not use same passwords never and all games have their own passwords. And emails are different from normals ones that I use on other computers.

So... how do you steal my password and login information and gain access to my account unless I mess up something or share my details to someone?



You don't, you grab some that are much easier to steal. Fortunatley for the averace account thief, people who claim to use a machine as you do don't actually exist.
Azrael Dinn
Imperial Mechanics
#11 - 2013-06-26 13:49:31 UTC  |  Edited by: Azrael Dinn
Danika Princip wrote:
Azrael Dinn wrote:

...



You don't, you grab some that are much easier to steal. Fortunatley for the averace account thief, people who claim to use a machine as you do don't actually exist.


I know and I don't have one either at this moment but it would be good machine to have cause they always work better when playing... so this was just an example and I tried to prove my point that it's usualy you your self who messes up and does something that gets your account details gets stolen.

After centuries of debating and justifying... Break Cloaks tm
Danika Princip
GoonWaffe
Goonswarm Federation
#12 - 2013-06-26 14:01:52 UTC
Azrael Dinn wrote:
Danika Princip wrote:
Azrael Dinn wrote:

...



You don't, you grab some that are much easier to steal. Fortunatley for the averace account thief, people who claim to use a machine as you do don't actually exist.


I know and I don't have one either at this moment but it would be good machine to have cause they always work better when playing... so this was just an example and I tried to prove my point that it's usualy you your self who messes up and does something that gets your account details gets stolen.



Yes, and the point I was making is that everyone makes mistakes, and your perfect anti-hacker system doesn't actually exist.
Ellon JTC
Quadralien
#13 - 2013-06-27 07:36:51 UTC
Azrael Dinn wrote:
Ellon JTC wrote:
Azrael Dinn wrote:
Or how about not going to **** or torrent or other fishy sites with the same computer you play eve? :P

Edit:
Why can't I say ****?!?

Stupid censors.


Stealing someones password is a lot more simple than you think.


I'm abit interested in this so could you behaps enlighten me abit.

Lets say that I have only games on my computer, no other program and I use a browser only to access hardware sites to download lates drivers and software and nothing else. I do not have any comminucation program on that computer or anything else. I do not use it to download anything end the computer does not share or otherwise comminucate with other computers. I do not use same passwords never and all games have their own passwords. And emails are different from normals ones that I use on other computers.

So... how do you steal my password and login information and gain access to my account unless I mess up something or share my details to someone?

There is no such thing as being 100% safe in IT. Its all about reducing the chance of getting hacked. Even though you are very careful with your pc, there is always a chance that you might make a mistake. Forgetting to update a certain driver, software, clicking on a wrong link, opening the wrong email . . . if a hacker wants your pass they will get it.

And besides that i highly doubt the average player is willing to pay for a separate pc just to use for gaming.
Azrael Dinn
Imperial Mechanics
#14 - 2013-06-27 07:41:17 UTC
No they would propably not but as you said it's about redusing the risk of getting hacked.

So instead of giving people items that rise their sense of security is worse than just telling people how they should behave in internet and how to use computers wisely.

I'm not saying that a seperate security measure is bad but I personaly think that safe using of your computer is way better than giving more feel of security cause that just leads to false assubtions that the new security feature would be unbreakable.

After centuries of debating and justifying... Break Cloaks tm
TheSkeptic
Federal Navy Academy
Gallente Federation
#15 - 2013-06-27 07:47:01 UTC
tbh this should be done and should be optional... those who want 2 step auth enabled can have it, those who don't can keep going as they currently are.

It shouldn't even need discussion or argument really. Same as with google, if you don't want 2step don't turn it on.

...

Nariya Kentaya
Ministry of War
Amarr Empire
#16 - 2013-06-27 13:27:31 UTC
Ellon JTC wrote:
Nariya Kentaya wrote:
Ellon JTC wrote:
Any chance you guys could implement some additional security measures for eve accounts. Some ideas below:

- A 2 step verification for eve accounts like gmail and facebook?

- An account specific application that generates 1 time use codes to enter along with the password upon login.

- Saving trusted computers or laptops. if someone tries to login using an untrusted device, a notification could be sent to that accounts email, for which the player would have to accept the login approval through his/her email.

The day i try and log in to EVE and it brings up one of those ******-ass "connect your account with facebook, gmail, yahoo, bl blah blah were ****** sellouts on the social bandwagon" is the day i go and make my own space game for me to play in all alone.

I swear too many games all try and jump on this bandwagon, and then offer ingame bonuses to people who allow the site to post advertisements with their name on their wall to cut back advertising budgets, i do not and will not ever have a facebook, if i want to meet one of my friends without going to their freaking house there is Mumble, Teamspeak, EVE, Steam, or any other game i can meet other players in without being subjected to advertising and "pokes" from some no-life in North Africa or Southern Europe.

In short, facebook = pointless to even have and is even less ecure than EVE, so all you would be doing is hooking an even less secure "password" service onto what your assuming is an already compromised EVE account, because lets face it, if they managed to get your EVE info, then its not going to be at all difficult to get your facebook info.


I don't think you understand the concept of 2 step verification. It has nothing to do with gmail or facebook. It connects your account to your pc and phone.

Oh, nvm, you meant LIKE facebook has, not using facebook as the secondary verification... my bad.

i thought you were wanting EVE to use the ******** bullshit Perfect World International and a couple other F2P companies tried a year back or so.
Ellon JTC
Quadralien
#17 - 2013-07-02 09:55:38 UTC
added some new ideas