These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

Player Features and Ideas Discussion

 
  • Topic is locked indefinitely.
 

XMAS wish: 2FA auth using the $18 Yubico fido u2f usb key ?
Author
Previous Topic Next Topic
Queloor Zefram
Hogyoku
Goonswarm Federation
#1 - 2016-08-20 14:09:09 UTC
Hey,

I would like to use the $18 usb 2fa key from Yubico for 2FA. Currently eve supports the google 2fa, but seriously who trusts one's mobile phone these days - I certainly do not.

U2F seems to be an open standard, perhaps CCP's developers could have a look at this for xmas ?

BR
QZ
elitatwo
Zansha Expansion
#2 - 2016-08-20 17:32:28 UTC
You know when the Yubikey 2 was new, I made the same proposition. I love those and in a few month I will get the yubikey 4 with the smartcard thing.

My google account is already secured with that and my Linux login is secured with my Yubikey 2 Big smile

Eve Minions is recruiting.

This is the law of ship progression!

Aura sound-clips: Aura forever
Gauis Aldent
A Blessed Bean
Pandemic Horde
#3 - 2016-09-14 10:25:18 UTC
Queloor Zefram wrote:
U2F seems to be an open standard, perhaps CCP's developers could have a look at this for xmas ?


This. Came here looking for a thread on this very topic. I did some research of my own for personal reasons and am pretty impressed. Take a look on Amazon and you will see there are at least five direct competitors to Yubi, so vendor lock in is already not an issue.

Yubico really sold me on their token, but, I wouldn't even consider it for my own use if it wasn't implementing an open standard.

I know implementation takes time, especially when security is involved, please take time, but, if I saw this hit a roadmap, I would be pretty happy.
Shae Tadaruwa
Science and Trade Institute
Caldari State
#4 - 2016-09-14 11:04:18 UTC
This one seems like a more Eve'ish design really:

http://thehackernews.com/2016/09/usb-kill-computer.html

CCP should brand these as 2FA keys and sell them.

Dracvlad - "...Your intel is free intel, all you do is pay for it..." && "...If you warp on the same path as a cloaked ship, you'll make a bookmark at exactly the same spot as the cloaky camper..."
Rivr Luzade
Coreli Corporation
Pandemic Legion
#5 - 2016-09-14 11:13:36 UTC  |  Edited by: Rivr Luzade
If anything, shouldn't this dongle be included in our subscription? I mean it would be an interesting distinction for Omega Clone State users, right?

UI Improvement Collective

My ridicule, heavy criticism and general pale outlook about your or CCP's ideas is nothing but an encouragement to prove me wrong. Give it a try.
Queloor Zefram
Hogyoku
Goonswarm Federation
#6 - 2016-10-07 12:42:09 UTC
I seriously do not understand why F2A is not advertised harder, it makes any nefarious activity so much harder. And since CCP killed the ability to start eve without the bloody launcher for security reasons they could at least to it correctly and give us another candy feature back. And I do not mean the abomination of doing F2A on bloody insecure android devices either.
Zan Shiro
Doomheim
#7 - 2016-10-08 08:18:26 UTC  |  Edited by: Zan Shiro
Queloor Zefram wrote:
I seriously do not understand why F2A is not advertised harder, it makes any nefarious activity so much harder. And since CCP killed the ability to start eve without the bloody launcher for security reasons they could at least to it correctly and give us another candy feature back. And I do not mean the abomination of doing F2A on bloody insecure android devices either.





Online/mobile app is preferred at it be the most commonly used. With the proliferation of cloud storage, and some having decent rates, not are all into physically connected device anymore or even if wireless...its just more crap to carry. As the wireless and cloud revolution moves on....people don't feel as attached to clutter as much...they want the nice clean package.


2 factor authentication not catching on as other systems look at biometrics as well. even if ye old fingerprint scan on some laptops and such. Being eyed and liked for people who CBA to even type in passwords. Not liking passwords, they sure as hell won't be liking now where is my device at now??? For the less paranoid... setup works.


Or for those who see it at work....its gets a bad taste to some. I for example work on a base CAC enabled logins. Do most stuff on base...you need to show an ID. Like shopping at the exchange. Forgot your CAC card in the machine at work, they don't take licenses. They want to see the mil ID for a few reasons ( one of them being do you even have exchange rights...its printed on the card for the who do) .

So back to work you will go to get the ID. Sucks to be them, say it before you maybe do. Did this once or twice, I won't lie nor will I judge them lol. Crap happens


Point is when they go home, they won't be doing this. They dislike it at work...they won't be using it at home. So pursuing this becomes optional for a vendor as while there are some who would use it, chances are good there will be equal or more who won't.