These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

Assembly Hall

 
  • Topic is locked indefinitely.
 

[Proposal] CCP Needs to Revisit the Policy on Hacked/Keylogged Accounts
Author
Previous Topic Next Topic
Takara Mora
University of Caille
Gallente Federation
#21 - 2011-12-11 02:01:02 UTC
There's an easy and cheap solution to account security .... CCP could develop a smartphone app that would register your phone to your account. Anytime you log in from a new IP#/new PC/etc., the game client could require an extra layer of authentication - a code from your smartphone app. The app could use timestamp + phone Mac # or some other identifier, to generate the smartphone authentication code. So, when prompted by the client for the extra code, you simply pull out your phone, generate a new code, enter it, and off you go. Key loggers wouldn't be able to generate spoofed keys, b/c they would need your smarphone and the time-based algorithm to do so.

All of this would likely take CCP's skilled programmers only a matter of a couple of weeks to develop (do Android, iPhone, and Windows Phone versions). There are tons of ways it could be tweaked to address various concerns.
Jehan Markow
Wu Si Yuan Luojishan
#22 - 2011-12-11 02:46:39 UTC
mxzf wrote:
Well, I've logged on with four+ different IPs over the course of the same day, me personally, not sharing the account or anything like that. That's a horrible criteria for determining if the account has been hacked.


That wasn't my proposal at all. First and foremost, my proposal is that CCP just take a look at the entire situation and try to plug the holes where isk sellers make profit.

Secondly, under my specific recommendation about IPs; in your case, you would be able to log each of those IPs so that if somebody does try to log in from another one, it would be blocked. But that's a side issue, not my overall point.

Quote:
TL;DR: CCP can't fix stupid and they can't stop you from LETTING someone know your password.


Player stupidity is off topic. Make a new thread.
-JM
John Frohike
Revival.
OnlyFleets.
#23 - 2011-12-11 05:13:12 UTC
While I do admit that player account security is up to the individual, if there is indeed a way for scammers to safely rip off accounts without recourse that is something that requires attention. Sure, it does create more work for the customer support staff in the short term, but it may discourage some activity in the long run.
Drake Draconis
Brutor Tribe
Minmatar Republic
#24 - 2011-12-11 16:24:43 UTC
Jehan Markow wrote:
mxzf wrote:
Well, I've logged on with four+ different IPs over the course of the same day, me personally, not sharing the account or anything like that. That's a horrible criteria for determining if the account has been hacked.


That wasn't my proposal at all. First and foremost, my proposal is that CCP just take a look at the entire situation and try to plug the holes where isk sellers make profit.

Secondly, under my specific recommendation about IPs; in your case, you would be able to log each of those IPs so that if somebody does try to log in from another one, it would be blocked. But that's a side issue, not my overall point.

Quote:
TL;DR: CCP can't fix stupid and they can't stop you from LETTING someone know your password.


Player stupidity is off topic. Make a new thread.
-JM

You are so desperate to push the blame on CCP Aren't you?

You just refuse to take responsibility for your lack of care or concern in where you go what you download and what you see.

This is nothing more than a whine thread to blame CCP for something you did.

================ STOP THE EVEMAIL SPAM! https://forums.eveonline.com/default.aspx?g=posts&t=78152
mxzf
Shovel Bros
#25 - 2011-12-11 17:22:27 UTC
I'm still confused about where the ISK sellers are coming into the discussion. How in the world are you getting from keyloggers stealing your password to ISK sellers making a profit?
Max Kolonko
Caldari Provisions
Caldari State
#26 - 2011-12-11 23:33:58 UTC
I noticed that OP have relly hard time understanding that people have dynamic IP adresses.

Again - I agree that security can be tightened for the sake of it. For example, some time age (fanfest) they showed those devices (tokens?) that generates numeric code based on build-in unique seed. They could make it finally available, so players can buy it and be sure that their accounts are safe

Read and support: Don't mess with OUR WH's What is Your stance on WH stuff?
Arctur Vallfar
Knights Adamant
#27 - 2011-12-12 03:23:43 UTC
Like others have stated, I believe that there are enough measures a player can make in order to prevent most breaching of account security. Though unobtrusive improvements wouldn't be too bad to see. The aforementioned account key generators would be a great option for high-value targets that are much more likely to be attacked than a carebear gnawing on an asteroid somewhere in 0.7.

One thing that helps a lot is to change your password on a regular basis. Keep it complex, but try not to forget it.
Eperor
Machiavellian Empire
Test Alliance Please Ignore
#28 - 2011-12-12 10:04:09 UTC  |  Edited by: Eperor
Feligast wrote:
Jehan Markow wrote:
By addressing questions of personal responsibility, you are avoiding discussion of the topic at hand, which is simply that CCP can and should examine how they do business in this regard.

It seems like CCP doesn't care how we go about getting back stolen property or reporting criminals to the authorities. In other words, the current policy by CCP says it's fair game for me to go about becoming an isk-seller myself in order to recoup my losses. Obviously, I'm not going to, but that sort of opening is disturbing.
-JM


No, personal responsibility is ENTIRELY what this topic is about. CCP's handling of the consequences after the fact is fine, and needs no examination. That's the part you seem to be refusing to accept. The fact that you immediately brought up isk sellers tells me more about your situation than the block of :words: you posted in post #1. You, and everyone else that has been "hacked" through a keylogger, only have yourselves to blame for what happens. The fact that CCP gives you back anything at all should be seen as charity.

And as for flagging accounts that log in from multiple IPs.. you're really grasping at straws to blame anyone else but yourself, aren't you?


Wrong:
CCP fuly responsibul for keeping our accouts safe. I seethat your profesion noting to do with law s or somting like that :) but CCP fuly responsible for our account securety, they own server where wie play and where wie log in so they fully responsible for its securety. No mader if i have on my PC anti-keyloger softwere or even anti viruss softwere,. I can simply not wish to instal them stil CCP foult that my acount on CCP server is hacked and CCP shuld actulay report thos cases to Poloice if they not duing that they ned to take full resposibilitys to that. Each Hacking act is Criminal action, so each need to be reported to the Police and taked care off it. And no mader i let on my PC eny spy or etc. software. Tehy need to do ewriting to keep it safe.

Sorry for acient caldari.
Eperor
Machiavellian Empire
Test Alliance Please Ignore
#29 - 2011-12-12 10:07:26 UTC  |  Edited by: Eperor
Eperor wrote:
Feligast wrote:
Jehan Markow wrote:
By addressing questions of personal responsibility, you are avoiding discussion of the topic at hand, which is simply that CCP can and should examine how they do business in this regard.

It seems like CCP doesn't care how we go about getting back stolen property or reporting criminals to the authorities. In other words, the current policy by CCP says it's fair game for me to go about becoming an isk-seller myself in order to recoup my losses. Obviously, I'm not going to, but that sort of opening is disturbing.
-JM


No, personal responsibility is ENTIRELY what this topic is about. CCP's handling of the consequences after the fact is fine, and needs no examination. That's the part you seem to be refusing to accept. The fact that you immediately brought up isk sellers tells me more about your situation than the block of :words: you posted in post #1. You, and everyone else that has been "hacked" through a keylogger, only have yourselves to blame for what happens. The fact that CCP gives you back anything at all should be seen as charity.

And as for flagging accounts that log in from multiple IPs.. you're really grasping at straws to blame anyone else but yourself, aren't you?


Wrong:
CCP fuly responsibul for keeping our accouts safe. I seethat your profesion noting to do with law s or somting like that :) but CCP fuly responsible for our account securety, they own server where wie play and where wie log in so they fully responsible for its securety. No mader if i have on my PC anti-keyloger softwere or even anti viruss softwere,. I can simply not wish to instal them stil CCP foult that my acount on CCP server is hacked and CCP shuld actulay report thos cases to Poloice if they not duing that they ned to take full resposibilitys to that. Each Hacking act is Criminal action, so each need to be reported to the Police and taked care off it. And no mader i let on my PC eny spy or etc. software. CCP stil responsiblefor my acount on his own server. They need to do everiting to keep it safe.

Sorry for acient caldari.


delite this :)
Bumblefck
Kerensky Initiatives
#30 - 2011-12-12 10:54:37 UTC
Eperor wrote:
Eperor wrote:
Feligast wrote:
Jehan Markow wrote:
By addressing questions of personal responsibility, you are avoiding discussion of the topic at hand, which is simply that CCP can and should examine how they do business in this regard.

It seems like CCP doesn't care how we go about getting back stolen property or reporting criminals to the authorities. In other words, the current policy by CCP says it's fair game for me to go about becoming an isk-seller myself in order to recoup my losses. Obviously, I'm not going to, but that sort of opening is disturbing.
-JM


No, personal responsibility is ENTIRELY what this topic is about. CCP's handling of the consequences after the fact is fine, and needs no examination. That's the part you seem to be refusing to accept. The fact that you immediately brought up isk sellers tells me more about your situation than the block of :words: you posted in post #1. You, and everyone else that has been "hacked" through a keylogger, only have yourselves to blame for what happens. The fact that CCP gives you back anything at all should be seen as charity.

And as for flagging accounts that log in from multiple IPs.. you're really grasping at straws to blame anyone else but yourself, aren't you?


Wrong:
CCP fuly responsibul for keeping our accouts safe. I seethat your profesion noting to do with law s or somting like that :) but CCP fuly responsible for our account securety, they own server where wie play and where wie log in so they fully responsible for its securety. No mader if i have on my PC anti-keyloger softwere or even anti viruss softwere,. I can simply not wish to instal them stil CCP foult that my acount on CCP server is hacked and CCP shuld actulay report thos cases to Poloice if they not duing that they ned to take full resposibilitys to that. Each Hacking act is Criminal action, so each need to be reported to the Police and taked care off it. And no mader i let on my PC eny spy or etc. software. CCP stil responsiblefor my acount on his own server. They need to do everiting to keep it safe.

Sorry for acient caldari.


delite this :)



ANOTHER GENIUS FROM TNT STRIKES AGAIN!



Perfection is a dish best served like wasabi .

Bumble's Space Log
David Carel
SWAT Team Sales Consultants
#31 - 2011-12-12 11:22:23 UTC
Eperor wrote:
Eperor wrote:
Feligast wrote:
Jehan Markow wrote:
By addressing questions of personal responsibility, you are avoiding discussion of the topic at hand, which is simply that CCP can and should examine how they do business in this regard.

It seems like CCP doesn't care how we go about getting back stolen property or reporting criminals to the authorities. In other words, the current policy by CCP says it's fair game for me to go about becoming an isk-seller myself in order to recoup my losses. Obviously, I'm not going to, but that sort of opening is disturbing.
-JM


No, personal responsibility is ENTIRELY what this topic is about. CCP's handling of the consequences after the fact is fine, and needs no examination. That's the part you seem to be refusing to accept. The fact that you immediately brought up isk sellers tells me more about your situation than the block of :words: you posted in post #1. You, and everyone else that has been "hacked" through a keylogger, only have yourselves to blame for what happens. The fact that CCP gives you back anything at all should be seen as charity.

And as for flagging accounts that log in from multiple IPs.. you're really grasping at straws to blame anyone else but yourself, aren't you?


Wrong:
CCP fuly responsibul for keeping our accouts safe. I seethat your profesion noting to do with law s or somting like that :) but CCP fuly responsible for our account securety, they own server where wie play and where wie log in so they fully responsible for its securety. No mader if i have on my PC anti-keyloger softwere or even anti viruss softwere,. I can simply not wish to instal them stil CCP foult that my acount on CCP server is hacked and CCP shuld actulay report thos cases to Poloice if they not duing that they ned to take full resposibilitys to that. Each Hacking act is Criminal action, so each need to be reported to the Police and taked care off it. And no mader i let on my PC eny spy or etc. software. CCP stil responsiblefor my acount on his own server. They need to do everiting to keep it safe.

Sorry for acient caldari.


delite this :)


Wibla:

Kick Skyforger.
Wibla
Tactical Narcotics Team
#32 - 2011-12-12 11:53:41 UTC
Eperor, why do you insist on posting on eve-o when you cant write english even if your life depended on it?

You're a walking embarrassment for TNT on these forums :cripes:

David, get ******.
David Carel
SWAT Team Sales Consultants
#33 - 2011-12-12 11:56:52 UTC
Hey, just because I beat you to it :(
DurrHurrDurr
Dreddit
Test Alliance Please Ignore
#34 - 2011-12-12 23:41:53 UTC
If two dudes got phished in quick succession then maybe you should look at websites you both visit on a regular basis.

Or pick better passwords.
Rip Minner
ARMITAGE Logistics Salvage and Industries
#35 - 2011-12-13 06:28:31 UTC
I have quit a fair number of games do to keylogers and poor security.

People can and do follow every possable security mesures. Staying away from unknow websites/Security software and in the case of some games like WoW geting the keychain with random number for added security and you still get hacked and jacked and even WoW handles it poorly.

I just stop playing any MMO that will not fix what was broken in my account. How do you think I ended up here. If it happends here I cancalle accounts and move on to the next game or take a long brake.

There have been years inbetween games.

I have left UO/WoW/Aion over this kinds of problems. I have never gone back and never will. And I realy like some of them alot but it's just to painfull to lose all that you worked for.

And normaly way to borning to work though all that content again.

For eve it's a bit differnt though. I would be happy and call it fair if I just got all my isk back and the real market vaule of the iteams lost back as well.

Like when I run out to the market place and buy stuff right back I need that isk for that. I should not even have to **** around with buy orders to get my crap back.

Is it a rock point a lazer at it and profit. Is it a ship point a lazer at it and profit. I dont see any problems here.
Rip Minner
ARMITAGE Logistics Salvage and Industries
#36 - 2011-12-13 06:30:29 UTC
Vertisce Soritenshi wrote:
mxzf wrote:
It is completely in your power to prevent yourself from being a victim of a keylogger. I don't see how that's CCP's fault.


I was about to post the exact same thing but the forum ate my post. Stop buying ISK and visiting illegit sites and you won't get keylogged.


You dont have to the good ones send you email any ways and the realy good one's make it look like something from CCP that your going to want to open and read.

Is it a rock point a lazer at it and profit. Is it a ship point a lazer at it and profit. I dont see any problems here.
Rip Minner
ARMITAGE Logistics Salvage and Industries
#37 - 2011-12-13 06:38:06 UTC
And FYI at this point and time on the internet the weapons out reach the def tools. It go's back and forth and right now the weapons are winning the fight over the def tools.

Is it a rock point a lazer at it and profit. Is it a ship point a lazer at it and profit. I dont see any problems here.
FloppieTheBanjoClown
Arcana Imperii Ltd.
#38 - 2011-12-15 14:40:54 UTC  |  Edited by: FloppieTheBanjoClown
Jehan Markow wrote:
the keylogger logging in from another IP than mine should be sending some sort of a flag to CCP that the account should be shut down


So when my ISP resets my IP address, CCP should lock my account?

Hmm...maybe we should limit it to jumping subnets...but that happened to me a while back when my ISP moved our routing from copper to fiber, which goes to a different city and a different subnet. And what about when I log on using free wifi while I'm traveling? Or I go to my brother-in-law's house, we get to talking Eve, and I log in on his PC to show him something?

I don't want to jump through hoops every time I play Eve from somewhere OTHER than my own house (*gasp* I go outside! Cool) just so that you can feel like they're doing everything they can to protect you from getting your stuff stolen.

Founding member of the Belligerent Undesirables movement.
FloppieTheBanjoClown
Arcana Imperii Ltd.
#39 - 2011-12-15 14:55:32 UTC
Takara Mora wrote:
the game client could require an extra layer of authentication - a code from your smartphone app.

Because everyone uses phones that support whatever app store this would be available on.

No, keep your convoluted security schemes to yourself.

in 15 years of internet access, I've had one security breach. ONE. And that resulted in someone using my PC to operate an IRC bot network (yeah, it makes no sense to me either)...one so poorly administered that I was able to take it over when I discovered the bot's presence. That made for an amusing couple of days.

Founding member of the Belligerent Undesirables movement.
Velicitia
XS Tech
#40 - 2011-12-15 17:45:57 UTC
mxzf wrote:
I'm still confused about where the ISK sellers are coming into the discussion. How in the world are you getting from keyloggers stealing your password to ISK sellers making a profit?


likely scenario
1. OP bought ISK
2. ISK came with a free keylogger
3. OP logs into eve
4. keylogger gets acct infos.
5. RMTers login to acct management, and change the details. They already know a toon on the acct, since hey, he gave them the name of the toon to give the isks to (thus bypassing the "hey, we don't recognise this IP, what's a toon on this acct" enquiry)
6. RMT bastards sold the toon, and got all the ISK they sold the OP back (from the sale)

TL;DR -- buying ISK is a bad idea.

One of the bitter points of a good bittervet is the realisation that all those SP don't really do much, and that the newbie is having much more fun with what little he has. - Tippia