These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE General Discussion

 
  • Topic is locked indefinitely.
 

Login security, is a username and password enough

First post
Author
Previous Topic Next Topic
yumike
Doomheim
#121 - 2012-01-13 01:47:26 UTC
In all honesty.. It's a damn game, I'd be happy if they removed the field for password to be frank.

If someone's stupid enough to try to steal money from my bank account, I pick up the phone and say I didn't make XX transactions. They'll do a 72hour investigation and then refund the cash..

If someone manages to guess my eve-o login name (Nevermind my password) Props to them, They can keep the isk they get I won't even petition it.
Mangua Desnart
Mangua Desnart Corporation
#122 - 2012-01-13 08:48:01 UTC
yumike wrote:
In all honesty.. It's a damn game, I'd be happy if they removed the field for password to be frank.

If someone's stupid enough to try to steal money from my bank account, I pick up the phone and say I didn't make XX transactions. They'll do a 72hour investigation and then refund the cash..

If someone manages to guess my eve-o login name (Nevermind my password) Props to them, They can keep the isk they get I won't even petition it.



It seems your corp name suits you then.... jeez!
Cryten Jones
Advantage Inc
#123 - 2012-01-13 09:20:58 UTC
If it was up to me I would do the following:-

1. Separate the account services login from the game and forums logins.
2. Make multi-factor an option on the account services
3. Have the game check the CPU ID of the machine and allow you (from account services) to restrict which PC's you can login to the client from.

For most of us this would be multi-factor but in a way that would not intrude 99% of the time.

just an idea.

-CJ
Tepir
Ministry of War
Amarr Empire
#124 - 2012-01-13 09:24:00 UTC
Mangua Desnart wrote:
yumike wrote:
In all honesty.. It's a damn game, I'd be happy if they removed the field for password to be frank.

If someone's stupid enough to try to steal money from my bank account, I pick up the phone and say I didn't make XX transactions. They'll do a 72hour investigation and then refund the cash..

If someone manages to guess my eve-o login name (Nevermind my password) Props to them, They can keep the isk they get I won't even petition it.



It seems your corp name suits you then.... jeez!


my username is longer than my password and 3 times harder to guess than password .

But i vote for rectal scan , finger print and voice recognition on each step of eve log in.

equipment required for rectal scan , finger print and voice recognition should be funded by CCP :D just sayin... with this you will be atleast 20% more protected than you are now.
Steve Ronuken
Fuzzwork Enterprises
Vote Steve Ronuken for CSM
#125 - 2012-01-13 11:09:10 UTC
MailDeadDrop wrote:
Doggy Dogwoofwoof wrote:
ENOUGH, XKCD explained this already http://xkcd.com/936 . now STOP arguing. Roll

Neo Agricola wrote:
Yeah since nobody is using wordlists for hacking, that kind of PW is totaly save... o wait...

Zag'mar Jurkar wrote:
You'd have to test ALL words, then all the words with 1 additional character (the space), then do the same, adding all the words again, till you get the 3rd word correctly. This would be painfully long.

According to the Oxford Dictionary folks, there are about 171,476 words in current use in English. Ignoring the effect of a possible optional separator space, the key space volume is the combinations of 171,476 taken 4 at a time. That is 3.6E+19, or roughly 2^65 combinations. Substantially better than a single garbled password.

MDD



Looks like some people didn't get what was being explained in the XKCD comic.

Those little boxes are bits of entropy. Binary numbers, basically. An easy approximation of how many options you have. Each additional bit doubles the time to brute force it (on average, of course. There's always a small chance they'll guess the password first time. An infinitesimal chance, if you don't pick the first word in the dictionary four times)

The advantage with the bit representation is that you just need to add the number of bits together, rather than doing a bunch of multiplication, and that gives you the power of 2 number of possible options. With the example there, there are
around 1,759,218,600,000 (2^44) options. That's quite a few.

Woo! CSM XI!

Fuzzwork Enterprises

Twitter: @fuzzysteve on Twitter
Steve Ronuken
Fuzzwork Enterprises
Vote Steve Ronuken for CSM
#126 - 2012-01-13 11:13:02 UTC  |  Edited by: Steve Ronuken
Bah. double post.

Woo! CSM XI!

Fuzzwork Enterprises

Twitter: @fuzzysteve on Twitter
RubyPorto
RubysRhymes
#127 - 2012-01-13 12:07:27 UTC
Cryten Jones wrote:
If it was up to me I would do the following:-

1. Separate the account services login from the game and forums logins.
2. Make multi-factor an option on the account services
3. Have the game check the CPU ID of the machine and allow you (from account services) to restrict which PC's you can login to the client from.

For most of us this would be multi-factor but in a way that would not intrude 99% of the time.

just an idea.

-CJ




I use a Mac, therefore I run my Eve client through a Virtual machine. Step 3 would be yet another feature denied to Mac users.
Like:
Eve-Voice
Not Crashing every 5 min
Graphics Options (Right now they're crash buttons)
Not Freezing every 10 min
Double Digit Framerates

"It's easy to speak for the silent majority. They rarely object to what you put into their mouths." -Abrazzar "the risk of having your day ruined by other people is the cornerstone with which EVE was built" -CCP Solomon
Lenore Leelu
Obsidian Dynamics
#128 - 2012-01-13 13:12:47 UTC
How would that intel two factor thing work if I use two different pcs to play eve, one an i5 and the other an i7?
Midge Mo'yb
State War Academy
Caldari State
#129 - 2012-01-13 16:53:41 UTC
RubyPorto wrote:
Cryten Jones wrote:
If it was up to me I would do the following:-

1. Separate the account services login from the game and forums logins.
2. Make multi-factor an option on the account services
3. Have the game check the CPU ID of the machine and allow you (from account services) to restrict which PC's you can login to the client from.

For most of us this would be multi-factor but in a way that would not intrude 99% of the time.

just an idea.

-CJ




I use a Mac, therefore I run my Eve client through a Virtual machine. Step 3 would be yet another feature denied to Mac users.
Like:
Eve-Voice
Not Crashing every 5 min
Graphics Options (Right now they're crash buttons)
Not Freezing every 10 min
Double Digit Framerates



get a better mac, mine plays eve fine
supersexysucker
Uber Awesome Fantastico Awesomeness Group
#130 - 2012-01-13 17:21:50 UTC
Yes it is, if you are a retartd no it is not.

I am already pissed I have to have a cap letter in my damn passoword, why? Cause people are dumbasses reuse passwords 1000 times, one location gets hacked (or they flat out gave the info to a bad source) and then claim they were "hacked"?

Know the problem?

passwords like

"password2"

I want a remember password button.

Also too lazy to quote lol @ "Incorrect. It is impossible to have too much account security. That's not debatable, sorry."

CCP please make it so this person needs to take 45min to run over everything you can think of to log in so they can come say... "Still not too much security, only took me 1hour to log in!"
Jaffari Sin
#131 - 2012-01-13 17:23:49 UTC
Zowie Powers wrote:
How much money do you need to spend on security before you feel secure?



To be Honest, there is not enough money to spend on being secure. Simply put, it can be hacked. Anything can be broken, tricked or penetrated. There is a whole field dedicated to it. Millions of people practice the "White Hat" and "Black Hat" professions everyday. You cannot stop them.

All you can do is try and stay one step ahead of them. Period.
Ranger 1
Ranger Corp
Vae. Victis.
#132 - 2012-01-13 17:30:48 UTC
Part of having an effective security layer is making sure that it will actually be used... if it is too complicated people will simply ignore it after a while thus rendering it completely ineffective. So yes, you can actually have too much security.

That being said, an optional layer of security for those that feel the need is certainly not a bad thing on any level.

View the latest EVE Online developments and other game related news and gameplay by visiting Ranger 1 Presents: Virtual Realms.
Steve Ronuken
Fuzzwork Enterprises
Vote Steve Ronuken for CSM
#133 - 2012-01-13 17:45:56 UTC
It's always a balance between security and convenience.

Woo! CSM XI!

Fuzzwork Enterprises

Twitter: @fuzzysteve on Twitter