EVE General Discussion

I would only use an authenticator if it was available as an Android app, like WoW and TOR have.

Although the industry has been saying that smart phone virus are coming soon for years. I really think we are just around the corner. I think we are really entering that age quick. There was a demo at the last Def con about how to root an Android in about 2-3 minutes. I really don't think it will be too long until an attack like that is weaponized.

I really think soon more will have to be done for smart phone safety especially because a lot of people are using them for sensitive information ie banking, stock trading, ordering, and etc.

Phones are money unless they are the "pay as you go" variety. They are linked to your bank account via direct debit (or whatever the worldwide version of a variable debit is) and you can probably load a few euros/dollars onto a monthly account without the victim noticing.

Now I love Android but it is an accident waiting to happen - and it will. If for no other reason than phone manufacturers don't bother doing updates after a year or two.

I can't stand Apple but for mobile devices which are networked and linked to your bank account then I can't help feeling the "walled garden" approach with approved apps is better. For now at least.

Indeed and that's why Google bought Motorola.

A free(ish) and ubiquitous operating system for a phone is great for expanding the market for that OS but once the customers get bitten on the bum by no updates.....

Edit - we are so far off-topic I'm expecting a covert cyno and bombers from the mods soon

My trade platform has an interesting added layer of security which doesn't take much coding but works effectively.

Basically, they have the user/pass combination. Then they have a pin you need to use to input. It works this way:

a number pad 1-9+0 is displayed. Within each cell for each number is a subset of randomly generated numbers (i.e. the button for "1" has numbers 2 9 displayed). Each number cell has randomly generated numbers. Say my pin is 1234. I know my pin and so does the login. I use my pin to decode the keypad and input the correct sequence. So the sequence of this login might be something like 48802924. Best part of this system is the number of decode numbers in each cell can be random from displaying 1 to 6 so your decoded pin will always be different lengths.

This is a quick and easy way to add easy security to the log in as nobody but the user needs to know the pin, there is no reason at all to give the pin to any one else ever. The login randomly assigns the decoded numbers to the display pad each time it is shown. Now you have a constantly/randomly rotating security feature that a key logger would be unable to crack as the decode numbers are random and it would need to reverse engineer the algo to get the pin.

To further the security, you display the numbers like captcha so the computer can't easily determine. Adds less than 2 seconds to the log in, no need to manufacture decoders and the coding can be very simple to implement.

Well to bring my comments back on topic. I would really like a hard token that was not my phone for a second factor of authentication. I am all for having my assets in Eve be more secure, and I would easily pay $30 to have a separate device to protect my accounts.

I would like to have one device for my accounts who wants to have one token per account. But considering the nature of Eve where most dedicated players have at least two accounts. It would be a bad design to make one token able to line to more than one account.

Two factor was always intended to be optional. I do think though that we all have our own ideas in our own heads of what an implementation will look like and two factor can mean a lot of things, some of which are a more convenient for some than others.

I think the fact its been viewed as optional has been hugely detrimental to a sensible and ubiquitous two-factor system.

It is of course interesting that the insurers drive what is considered necessary - my own bank hands out tokens in the Pacific Rim area but not in Europe for exactly that reason.

it's all about the liability. until such tools are considered mandatory and/or profit generating (they either lower the effective insurance rate, or compel customer switching to generate revenues) then lowest common denominator applies.

personally, i don't bank via computer/pay bills online on any system (exception being the use of one time use credit card numbers for light purchases) i have as the only relevant factor is time to a compromised state. whether you are aware of the compromise or not is irrelevant, as the damage is always after the fact. i would not be surprised to discover that a compromising entity would allow for indexing and specific file search for items of interest, then sell the indexed/compromised machines for harvest at a later date.

it's a bit like this risk assessment i had to explain to a property manager once : is there sensitive/expensive equipment in the area? yes. is the door exposed to an outside area? yes. does the door have a lock?. yes. is the door locked? yes. is the door made of untreated, yet lightly tempered glass?....

in this case there wasn't even an alarm on the door, yet even if there had been, the window of opportunity was substantial enough to remove approx 300k worth of equipment in under 2 minutes. why was it in this state? because it was insured. yet i had to explain that just because the equipment was insured, your lost time/product/man hours were not. the approximate loss of that was around 250k from loss to replacement to up and running.

And how long would it take before the CCP authentication system locks your account? I have not tested it yet, but I'm wagering they'd detect a brute-force / wordlist based attack.



Here in NZ I can walk into a PostShop (Post Office) and buy a credit card with a pre-loaded $ value. It is one of the safest ways to make online purchases. I don't like exposing my Credit Card details either.