These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE Information Portal

 
  • Topic is locked indefinitely.
 

Dev Blog: Two-Factor Authenticaion... finally!

First post First post
Author
Previous Topic Next Topic
Zappity
New Eden Tank Testing Services
#41 - 2015-04-24 23:53:49 UTC  |  Edited by: Zappity
Steve Ronuken wrote:
Zappity wrote:
devblog wrote:
This does not prevent people from logging into the game client by circumventing the launcher.
Oh. Well that's a pity. Please don't take away exe, though.



I'm curious. What do you use the exe file functionality for?

(I use it myself for 2 accounts, launcher for the third. Always curious to see what other people use it for)

I use it for three accounts. If I am just logging a couple of characters then the launcher would be fine. But if I need to rapidly switch characters then exe is far superior. You can pre-launch a few windows and fill them in with the right passwords, then just hit enter when you want to switch. The launcher is annoying because of the pull down, the fact that it is slower, the fact that you can't pre-launch a window.

Having said that, asking for a key for every single login described above would be very annoying. Having an option for asking only on a new IP would be great.

Zappity's Adventures for a taste of lowsec and nullsec.
Mackenzie Hawkwood
University of Caille
Gallente Federation
#42 - 2015-04-25 00:50:54 UTC
Steve Ronuken wrote:
Zappity wrote:
devblog wrote:
This does not prevent people from logging into the game client by circumventing the launcher.
Oh. Well that's a pity. Please don't take away exe, though.



I'm curious. What do you use the exe file functionality for?

(I use it myself for 2 accounts, launcher for the third. Always curious to see what other people use it for)


I use the exefile.exe method because the launcher never worked for me upon original release (have CCP fixed it for Win7 64bit issue?) and with the pages of forum posts stating problems with it, why would anyone bother to use it.
I have the .exe pinned to my task bar and I just have to click/shift+click to open all the clients I need.
No need for the resource hog/ad-fest of a launcher. It just means I dont have access to the spaceship barbies clothes store, but then nothing of value was lost.

Why a switch on/off? Because the new animation doesn't add anything to gameplay and it's graphically annoying. In other words, it's worse than bad: it's useless. Simple as that. - Kina Ayami
Masao Kurata
Perkone
Caldari State
#43 - 2015-04-25 01:56:50 UTC
So uh does this require us to enter a code from our e-mail every time we log in to any account even from the same IP? I can't see anyone using that even if it weren't for the fact that you can bypass this by not using the launcher.
Swidgen
Republic University
Minmatar Republic
#44 - 2015-04-25 03:17:53 UTC
Is there anyone at CCP named Walter? Because if there is I would like to tell him, "No more half measures, Walter."
Tyberius Franklin
Federal Navy Academy
Gallente Federation
#45 - 2015-04-25 04:05:26 UTC
Mackenzie Hawkwood wrote:
Steve Ronuken wrote:
Zappity wrote:
devblog wrote:
This does not prevent people from logging into the game client by circumventing the launcher.
Oh. Well that's a pity. Please don't take away exe, though.



I'm curious. What do you use the exe file functionality for?

(I use it myself for 2 accounts, launcher for the third. Always curious to see what other people use it for)


I use the exefile.exe method because the launcher never worked for me upon original release (have CCP fixed it for Win7 64bit issue?) and with the pages of forum posts stating problems with it, why would anyone bother to use it.
I have the .exe pinned to my task bar and I just have to click/shift+click to open all the clients I need.
No need for the resource hog/ad-fest of a launcher. It just means I dont have access to the spaceship barbies clothes store, but then nothing of value was lost.

What is the Win7 64bit issue? That's the OS I use and I haven't had any issues I had reason to believe were specific to it. Never had any specific recurring issues since it launched either that I am aware of.
Zappity
New Eden Tank Testing Services
#46 - 2015-04-25 04:58:22 UTC  |  Edited by: Zappity
Actually, now that I think about it, if I would be required to use two factor authentication each time I log a new character in then leaving the exe out of the loop is pretty good. Protecting my account is an improvement even if the characters' assets aren't protected.

Efit: screenshot shows "don't ask for this computer again". Just fix it then...

Zappity's Adventures for a taste of lowsec and nullsec.
Airi Cho
Dark-Rising
Wrecking Machine.
#47 - 2015-04-25 05:49:09 UTC
Mara Rinn wrote:
Axhind wrote:
Any chance of supporting something actually safe like Yubikey? E-mail and mobile apps can be hardly considered secure (better than nothing but that's about it).


I am a security noob: how is Yubikey safer than a TOTP app like 1Password or Google Authenticator?


you need to get hold of the device and not just seed of the TOTP app.
Axhind
Eternity INC.
Goonswarm Federation
#48 - 2015-04-25 07:56:05 UTC
Mara Rinn wrote:
Axhind wrote:
Any chance of supporting something actually safe like Yubikey? E-mail and mobile apps can be hardly considered secure (better than nothing but that's about it).


I am a security noob: how is Yubikey safer than a TOTP app like 1Password or Google Authenticator?


It's separate hardware key (FOB) making it far less likely to get compromised. Something that can not be said for e-mail or phones that are probably the most insecure devices people use (well except smart TVs and co).
Torgeir Hekard
I MYSELF AND ME
#49 - 2015-04-25 10:32:11 UTC
Is there an option to only enable it for the account management page.
Because, seriously, checking e-mail each time you log into the game?
Sabriz Adoudel
Move along there is nothing here
#50 - 2015-04-25 11:09:34 UTC
Does anyone actually use the launcher? I bypass it as often as possible because it loads in 'Offline Mode' about 50-60% of the time.

I'd be willing to put effort into getting the launcher to work if 2FA actually provided some serious protection, but this does not.

Put it on hiatus, and come back to us when it is ready.

I support the New Order and CODE. alliance. www.minerbumping.com
Memphis Baas
#51 - 2015-04-25 12:33:37 UTC
It sounds like quite a few people would use the second factor for Account Management protection but don't want to be inconvenienced when logging into the client.

You also show the option "don't ask for codes again on this computer" in your dev blog but no one seems to have noticed that.

Also, it's a to do list, not a backlog.
Iroquoiss Pliskin
9B30FF Labs
#52 - 2015-04-25 14:47:24 UTC
Memphis Baas wrote:
It sounds like quite a few people would use the second factor for Account Management protection but don't want to be inconvenienced when logging into the client.

You also show the option "don't ask for codes again on this computer" in your dev blog but no one seems to have noticed that.

Also, it's a to do list, not a backlog.


Ahem,

Iroquoiss Pliskin wrote:

Can sometimes get annoying with multiple IP resets, but that's the price. Altho, in this case here I see there is an option to exempt the current machine from this - other MMOs don't provide this option.

Great. Big smile


Cool

// [PvP Damage Done by Class (Scylla)] //

[Cruisers Online]
Sturmwolke
#53 - 2015-04-26 23:17:10 UTC
GA? No thanks.
helana Tsero
Science and Trade Institute
Caldari State
#54 - 2015-04-27 01:11:17 UTC
What If I want two factor authentication on the account managment page only ???

Having it on the launcher is pointless currently as its easily bypassed. All it does not is add extra work for the user while providing no extra security for the game client log on.

I would use it if I could select it to apply to the account mangement page only. (as that is actually a working two factor Auth)

"...ppl need to get out of caves and they will see something new.... thats where eve is placed... not in cave."  | zoonr-Korsairs |

Meanwhile Citadel release issues: "tried to bug report this and the bug report is bugged as well" | Rafeau |
Steve Ronuken
Fuzzwork Enterprises
Vote Steve Ronuken for CSM
#55 - 2015-04-27 04:25:45 UTC
Sabriz Adoudel wrote:
Does anyone actually use the launcher? I bypass it as often as possible because it loads in 'Offline Mode' about 50-60% of the time.

I'd be willing to put effort into getting the launcher to work if 2FA actually provided some serious protection, but this does not.

Put it on hiatus, and come back to us when it is ready.


I use the launcher, and it's rare I have a problem. (as in, when I have a problem, it tends to be because there's a ddos happening)

Woo! CSM XI!

Fuzzwork Enterprises

Twitter: @fuzzysteve on Twitter
Eria Quint
Republic University
Minmatar Republic
#56 - 2015-04-27 07:17:21 UTC
Hi,

I quickly read to the thread and couldn't find a answer (if it should be answered though, sorry for asking again)

I love and support the idea! Good work !

Anyhow one remark/question:

Has the launcher an option (per pc) to remember the computer and only ask once for the authentication code. This is really important. For a pc you trust eg desktop pc running multiple clients this is a burden to have to enter a code for each account.

I hope the launcher is implemented (or get implemented) like eg gmail. There you have the option to mark a checkbox to say that the code shouldn't asked anymore for this pc

Attached the a link on how this is implemented in gmail, it is this option that should be included in the launcher:

http://tinypic.com/r/2j4wug6/8
Steve Ronuken
Fuzzwork Enterprises
Vote Steve Ronuken for CSM
#57 - 2015-04-27 11:56:10 UTC
Eria Quint wrote:
Hi,

I quickly read to the thread and couldn't find a answer (if it should be answered though, sorry for asking again)

I love and support the idea! Good work !

Anyhow one remark/question:

Has the launcher an option (per pc) to remember the computer and only ask once for the authentication code. This is really important. For a pc you trust eg desktop pc running multiple clients this is a burden to have to enter a code for each account.

I hope the launcher is implemented (or get implemented) like eg gmail. There you have the option to mark a checkbox to say that the code shouldn't asked anymore for this pc

Attached the a link on how this is implemented in gmail, it is this option that should be included in the launcher:

http://tinypic.com/r/2j4wug6/8



Go back and look at the included pictures in the devblog.

Woo! CSM XI!

Fuzzwork Enterprises

Twitter: @fuzzysteve on Twitter
Eria Quint
Republic University
Minmatar Republic
#58 - 2015-04-27 12:13:44 UTC
Tnx a lot for the feedback Steve.

I saw the screenshot but wasn't immediately clear if this applied as well to the launcher.
(Since it's already in place in the screenshot I suppose it's just a matter of adding a checkbox to the launcher)

Can this already be tested on Sisi?

Steve Ronuken wrote:
Eria Quint wrote:
Hi,

I quickly read to the thread and couldn't find a answer (if it should be answered though, sorry for asking again)

I love and support the idea! Good work !

Anyhow one remark/question:

Has the launcher an option (per pc) to remember the computer and only ask once for the authentication code. This is really important. For a pc you trust eg desktop pc running multiple clients this is a burden to have to enter a code for each account.

I hope the launcher is implemented (or get implemented) like eg gmail. There you have the option to mark a checkbox to say that the code shouldn't asked anymore for this pc

Attached the a link on how this is implemented in gmail, it is this option that should be included in the launcher:

http://tinypic.com/r/2j4wug6/8



Go back and look at the included pictures in the devblog.
Angmar Udate
#59 - 2015-04-27 23:01:05 UTC
The launcher bypass is kind of a big deal.
Also would really like the ability to white list a client, so it only challenges for 2 factor when I log in on a new client.

(PS. while you are at it, please add meta-accounts to manage our different accounts in one place and make it easier to switch between accounts :))
Mara Rinn
Cosmic Goo Convertor
#60 - 2015-04-28 03:51:59 UTC
Angmar Udate wrote:
The launcher bypass is kind of a big deal.
Also would really like the ability to white list a client, so it only challenges for 2 factor when I log in on a new client.

(PS. while you are at it, please add meta-accounts to manage our different accounts in one place and make it easier to switch between accounts :))


I would go so far as to say, give us one account with subscriptions for login slots and skill queues. Thus I could pay $5/month for one login slot and $5/month for one skill queue, or $10/month for two login slots since I have no further skill training of interest.

Day 0 Advice for New Players