EVE General Discussion

I still don't get it. CCP has been unable to do it because it's simple? Google sends me an auth code to my phone. My gmail account is pretty safe, unless someone steals my phone or uses my home computer.

Some of us don't have or want a smart 'phone. So with your idea how would we manage to log on? If you can't keep your user name and password secure how much more likely is it that you won't lose, forget or have your digital keys stolen?

Oh, and that's fobs not phobs.

You as a end-user see it as that simple (as it should be - users won't adopt complicated crap), but that doesn't mean it's equally as simple to implement this on CCP's side - the server side, if you will.

I'm in no way speaking for CCP, but from first-hand experience I have when implementing this on a large scale, let me just tick off a few general items that need to be covered:

1) A business relationship with well-defined SLAs would need to be initiated between CCP and its 2fa vendor. After all, if the 2fa provider is down, your account will essentially be unusable.

2) A support system should be drawn up and support people trained on it (GMs, other such people) and used for a while internally for testing, evaluation, and familiarity.

3) If the 2fa solution needs its own dedicated hardware, that hardware must be spec'd and procured, and then integrated into the existing CCP data center(s).

4) Integration of the 2fa system needs to happen with Account Services, the game client+launcher, forums, eve-gate, petition and bug reporting systems. The SSO system will probably simplify this given that's the job of SSO, but given that SSO is new I'm not going to make a sweeping generalization on how easily 3rd party authentication mechanisms can be put in place.

Also, since SSO is eventually going to be able to service external 3rd party websites (or that's the intent, it has been said) then how this is going to work with them will need to be sorted out.

5) Publish documentation on setting it up and using 2fa on whatever devices are supported needs to be made and signaled to us, the end-users.

Finally, a project manager needs to herd all groups inside CCP together where this is relevant and get them to commit to implementing their portion and in the right order.

Simple, right?

I have a door and Im sure up till now no one has tried to just open it, guess I don't need locks

Id rather have it, and if something tried they hit a wall and move on, than they try, get my account, and I get to spend weeks seeing if CCP will get my stuff back

I have to agree an app makes more sense than some stupid text. It can't be that complicated to make an authenticator app. WoW is not the only MMO with such an app.

If you're one of the very few that don't use a smartphone then you won't be able to use the extra security feature and you'll have to assume the extra risk to your account. Yes it sucks but technology advances so if you're not going to keep up you'll be left out of some things. Just like if you refuse to upgrade your older PC you may not be able to play Eve.

Because smart phones & e-mails can't be hacked also?
Most 'hacks' are key logger type hacks, not honest hacks. From browsing naughty isk selling websites & other things.
A robust password that is more complex than 1234 combined with lock outs if multiple fails happen in a short time is actually pretty secure at a standard user level.
The two stage sign in doesn't actually add that much security to the account. Not if it's purely digital, and requiring a physical item adds a lot of cost to both sides.