These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE Information Portal

 
  • Topic is locked indefinitely.
123Next pageLast page
 

Dev Blog: Two-Factor Authenticaion... finally!

First post First post
Author
Previous Topic Next Topic
CCP Logibro
C C P
C C P Alliance
#1 - 2015-04-24 15:49:47 UTC  |  Edited by: CCP Phantom
After much work from CCP Ghostrider and friends, we are finally able to announce the roll-out of Two-Factor Authentication for Account management and our SSO service. Anyone wanting to keep their account secure should take a look at the latest dev blog for more details on how it works, and how to get it working on your accounts.

CCP Logibro // EVE Universe Community Team // Distributor of Nanites // Patron Saint of Logistics

@CCP_Logibro
Chribba
Otherworld Enterprises
Otherworld Empire
#2 - 2015-04-24 16:08:03 UTC  |  Edited by: Chribba
Man I wish we could have optional IP-restrictions as a choice over 2FA. But this is a good start, and not a day too late.


edit/also, what about not using the launcher but the client directly? what will happen there? - Found it by READING!

So... no 2FA if you use the client lol not much of security until you get around to fix that then. Do it quickly! Big smile

/c

★★★ Secure 3rd party service ★★★

Visit my in-game channel 'Holy Veldspar'

Twitter @ChribbaVeldspar
Aryth
University of Caille
Gallente Federation
#3 - 2015-04-24 16:18:33 UTC
I really want to use this...but being able to bypass it is a deal breaker. ETA on that being fixed?

Leader of the Goonswarm Economic Warfare Cabal.

Creator of Burn Jita

Vile Rat: You're the greatest sociopath that has ever played eve.
Vincent Athena
Photosynth
#4 - 2015-04-24 16:21:38 UTC  |  Edited by: Vincent Athena
Typo:

"Where two methods are needed two log in"

Know a Frozen fan? Check this out

Frozen fanfiction
EvilweaselSA
GoonCorp
Goonswarm Federation
#5 - 2015-04-24 16:22:42 UTC
yeah i gotta say, "two factor authentication, unless you're up to no good and know how to trivially bypass it in which case one factor is fine" is not really doing it for me

like, why on earth would i seriously inconvenience myself when anyone stealing my password won't be inconvenienced at all
Abla Tive
#6 - 2015-04-24 16:37:31 UTC
A welcome improvement, even though it is only psuedo two factor authentication.
Literally Space Moses
GoonWaffe
Goonswarm Federation
#7 - 2015-04-24 16:48:27 UTC
So basically it provides no additional protection, just adds a layer of complexity for suckers who choose to enable it.

Jesus Christ.

#T2013
Cristl
#8 - 2015-04-24 16:48:41 UTC
EvilweaselSA wrote:
yeah i gotta say, "two factor authentication, unless you're up to no good and know how to trivially bypass it in which case one factor is fine" is not really doing it for me

like, why on earth would i seriously inconvenience myself when anyone stealing my password won't be inconvenienced at all


Well, totally this. It's nice to know things are moving forward here, but...you need to enforce two-factor without any 'unless you're nefarious' loopholes.
March rabbit
Aliastra
Gallente Federation
#9 - 2015-04-24 16:55:17 UTC
Having Ericsson T29 as main mobile phone device i always hate when people mentions 2FA.
Hope this feature will always stay 'optional'.

The Mittani: "the inappropriate drunked joke"
Gabriel Karade
Coreli Corporation
Pandemic Legion
#10 - 2015-04-24 16:58:48 UTC
So, it doesn't actually work? What?

War Machine: http://www.eveonline.com/ingameboard.asp?a=topic&threadID=386293
Airi Cho
Dark-Rising
Wrecking Machine.
#11 - 2015-04-24 17:02:14 UTC
2 things:

1. are yubikeys supported?
2. how about an option to deny login via the normal client? i mean that should be easy to implement. I can understand adding that extra roundtrip to the old client might be much work.
Pen Ris
Eden Risk Management
Fedaykin.
#12 - 2015-04-24 17:10:45 UTC
LOL - 2 factor authentication, unless you want to bypass it, isn't actually two factor authentication.

Considering the high dependence on 3P app/forums/services and very recent and limited availability of federated identity(SSO); do you think this will stop anyone from improperly accessing accounts who also has the skills to obtain lists of username/passwords from those 3Ps?
Steve Ronuken
Fuzzwork Enterprises
Vote Steve Ronuken for CSM
#13 - 2015-04-24 17:19:17 UTC
March rabbit wrote:
Having Ericsson T29 as main mobile phone device i always hate when people mentions 2FA.
Hope this feature will always stay 'optional'.



There are actually windows apps for doing this as well. Which is something, at least.

Just the google Authenticator.

(there's also the email option)

Sure, it's not going to stop someone logging into Eve (yet. I'm hopeful there will be launcher updates to make multi account logins and sets of settings viable. I keep asking for them) it does at least protect the website.

Woo! CSM XI!

Fuzzwork Enterprises

Twitter: @fuzzysteve on Twitter
Steve Ronuken
Fuzzwork Enterprises
Vote Steve Ronuken for CSM
#14 - 2015-04-24 17:20:09 UTC
Pen Ris wrote:
LOL - 2 factor authentication, unless you want to bypass it, isn't actually two factor authentication.

Considering the high dependence on 3P app/forums/services and very recent and limited availability of federated identity(SSO); do you think this will stop anyone from improperly accessing accounts who also has the skills to obtain lists of username/passwords from those 3Ps?




With any luck, people weren't moronic enough to reuse the passwords.

Woo! CSM XI!

Fuzzwork Enterprises

Twitter: @fuzzysteve on Twitter
Altrue
Exploration Frontier inc
Tactical-Retreat
#15 - 2015-04-24 17:29:56 UTC  |  Edited by: Altrue
Inb4 instead of fixing the eve.exe problem, they simply disable the possibility for us to use it to log-in. Straight

We know CCP has been trying to force their launcher on us for ages now, with critical bugs never fixed on it (closing the settings window, anyone?), that kind of stuff...

I don't get how making something that makes the login process more painful is any good.

Signature Tanking Best Tanking

[Ex-F] CEO - Eve-guides.fr

Ultimate Citadel Guide - 2016 EVE Career Chart
Axhind
Eternity INC.
Goonswarm Federation
#16 - 2015-04-24 17:31:14 UTC
Any chance of supporting something actually safe like Yubikey? E-mail and mobile apps can be hardly considered secure (better than nothing but that's about it).
Axhind
Eternity INC.
Goonswarm Federation
#17 - 2015-04-24 17:35:07 UTC
Altrue wrote:
Inb4 instead of fixing the eve.exe problem, they simply disable the possibility for us to use it to log-in. Straight

We know CCP has been trying to force their launcher on us for ages now, with critical bugs never fixed on it (closing the settings window, anyone?), that kind of stuff...

I don't get how making something that makes the login process more painful is any good.


That would be terrible considering that the launcher is utterly useless with several screens and different settings for each account.
CCP Ghostrider
C C P
C C P Alliance
#18 - 2015-04-24 17:44:26 UTC
We are aware that having the launcher bypass is not optimal but a lot of bad stuff can take place if someone gets access to account management like changing the registered email address, password changes and character transfers. Two-factor protecting the client login itself requires effort from multiple teams but is on the backlog.
Kale Freeman
Garoun Investment Bank
Gallente Federation
#19 - 2015-04-24 17:56:32 UTC  |  Edited by: Kale Freeman
I have multiple accounts, and I typically log in and out of various characters as I move buy materials, haul, start jobs, sell final products etc. I would guess that I log in/out maybe 10-15 times during the course of an evening.

The 2-factor auth really needs some sort of "single signon" that allows me to authenticate once and then access all my characters for the duration of the evening.



EDIT:
In an ideal world I would love to see something like this... start the launcher. Provide authentication details for account 1. The launcher now shows my portraits of my 3 characters in account 1. Provide authentication details for account 2. The launcher now shows me 6 character portraits. Authenticate into all my accounts. Now I see all my characters portraits. Maybe grouped together to show which ones are together in an account.

Now I click the portraits to start the client for a specific character, keeping the launcher open the in background. I close the client, click other character portraits in the launcher to start new clients. Play all evening. No more authentication needed.



EDIT:
In an even more perfect world I would love to create a master account login. With 2-factor authentication and the whole nine yards. I log into account management and link all my accounts to this master account login. I start the launcher, login with my master account credentials and all my characters across all my linked accounts become available in the launcher.
Aryth
University of Caille
Gallente Federation
#20 - 2015-04-24 17:59:38 UTC
CCP Ghostrider wrote:
We are aware that having the launcher bypass is not optimal but a lot of bad stuff can take place if someone gets access to account management like changing the registered email address, password changes and character transfers. Two-factor protecting the client login itself requires effort from multiple teams but is on the backlog.


Do you feel it is a this year thing?

Leader of the Goonswarm Economic Warfare Cabal.

Creator of Burn Jita

Vile Rat: You're the greatest sociopath that has ever played eve.
123Next pageLast page