Posted - 2010.10.05 04:44:00 - [3]

 

They've said it would essentially cost too much to produce/sell for too few people who'd use it to be price effective.

Posted - 2010.10.05 05:06:00 - [5]

 

Originally by: Forum Stuff

---

They've said it would essentially cost too much to produce/sell for too few people who'd use it to be price effective.

---

Except solutions like the YubiKey require no capital on the part of the developer. It's essentially a standalone solution that developers can add to their applications, and I'm certain there are other solutions out there that are similarly cost-effective (this is the only one I have any experience with).

Posted - 2010.10.05 07:11:00 - [7]

 

Additional security features for our accounts, yes please.

Posted - 2010.10.05 07:17:00 - [9]

 

Originally by: Forum Stuff

---

They've said it would essentially cost too much to produce/sell for too few people who'd use it to be price effective.

---

You can produce a smartphone authentication token for much less than the cost of a hardware solution. But then, even if CCP jumped on this tomorrow they'd still be behind the curve.

Posted - 2010.10.05 07:54:00 - [11]

 

Originally by: Miss Connolly

---

Originally by: Forum Stuff

---

They've said it would essentially cost too much to produce/sell for too few people who'd use it to be price effective.

---

this is simply a lie from CCP because they don't really care about account secirity. It's no problem to provide software based authenticators such as the iPhone app that blizzard uses (or any of the other solutions that don't require any special hardware).

Also instead of selling overprized crap merchandise on their webshop they could simply sell RSA authenticators that way. I really can't see the problem.

In a game like EVE where your account is so important and hard to replace this kind of thing is extra important. Especialky considering that CCP don't have any proper customer support and don't replace anything that was stolen by hackers.

Typical CCP... To lazy to provide decent support, to money-oriented to implement existing solutions... *sigh*

---

And you continue to show them your rage and frustration by refusing to pay. Oh wait.

Posted - 2010.10.05 17:38:00 - [13]

 

Originally by: Mr Kidd

---

Edited by: Mr Kidd on 05/10/2010 09:31:54

Originally by: Lance Fighter

---

Weird. Ive never had my account hacked.




Ever.

---

Right. And since you've never had your account hacked...ever....lets not do anything to improve security on an authentication system that was antiquated years before CCP implemented it.

---

Really, if you use just a little bit of smarts with your account data you stand almost 0 chance of getting hacked.

Use an account name that's not something you're known by - or go by in game. Use a secure password. Don't fall for phishing mails. Most importantly, don't click "WII SEX TOY" links, or buy ISK.

Posted - 2010.10.05 17:56:00 - [15]

 

Accounts don't get hacked.

If all those account *****s who share their passwords with strangers on the internets had the balls to admit that they have broken the EULA and got scammed in return, we would see far less "hacked" accounts.

Posted - 2010.10.05 19:04:00 - [17]

 

Originally by: Valandril

---

Originally by: Chribba

---

Additional security features for our accounts, yes please.

---

It's not real security, only ilussion of it

---

Care to explain how authenticators don't offer real security? Or do you just like inserting random assertions?

Posted - 2010.10.05 20:16:00 - [19]

 

Originally by: Carine Parnasse

---

Originally by: Valandril

---

Originally by: Chribba

---

Additional security features for our accounts, yes please.

---

It's not real security, only ilussion of it

---

Care to explain how authenticators don't offer real security? Or do you just like inserting random assertions?

---

Maybe because most of account stolen are via worm attacks which have no issue to hijack your session, login with it you your account and remove the authenticator and then hook up their own (just like it happends in wow) so in order to react you have to wait for support ?

Posted - 2010.10.05 21:19:00 - [21]

 

Originally by: Carine Parnasse

---

Originally by: Valandril

---

Maybe because most of account stolen are via worm attacks which have no issue to hijack your session, login with it you your account and remove the authenticator and then hook up their own (just like it happends in wow) so in order to react you have to wait for support ?

---

Ahhh i see. You're a moron. How about a link to any evidence for any of that? You think the majority of account hijackings are worms taking over your session? Which somehow also gives them access to account management? And you can't remove an authenticator from a wow account without either using the authenticator twice, or calling Blizz.

Most account hijackings are keyloggers, to steal an authenticated account you need to do a man in the middle attack, which means any theft has to be targeted, you can't just release a keylogger.

---

Go get a clue you ****** about worms. That was all.

Posted - 2010.10.06 06:50:00 - [23]

 

Originally by: Valandril

---

Originally by: Chribba

---

Additional security features for our accounts, yes please.

---

It's not real security, only ilussion of it

---

If they implement my idea of restricting your accounts via IP-addresses, I wouldn't count my restriction as illusion at least.

Posted - 2010.10.06 07:22:00 - [25]

 

They should just do what they did on the forum. If you log in from an unknown IP, it asks you for a character on your account. This wouldn't hinder a targeted attack but would add some security for people downloading random keyloggers.

That said, I'm probably one of the rare people that only plays from 1-2 different IPs (home, + work ip to change skills), most people have dynamic ones. Suckers

Posted - 2010.10.06 08:25:00 - [27]

 

Originally by: Valandril

---

As neat this idea is, most people play from multiple places (and on top of that have dynamic IP numbers) so this would receive very small audience. To be frank if we want to improve security, we are looking in wrong direction. Instead of another mechanisms (that won't stop idiots from getting hacked anyway) we should simply educate people more so they will know that downloading "hotlesbianaction.avi.exe" is not a good idea.

---

Of course this idea is directed a bit more towards the 'advanced' users than the everyday mass - and as such the idea was suggested as an optional feature for increased security when I first posted it in assembly hall (some years ago).

The basic "do not click hotchick.exe" obviously would need to be a part of the general education, but that just won't cut it - nor will it stop brute force attacks or random attemtps of trying passwords. Hence some sort of external dongle/device/stuff would indeed be a good option, and/or additionally features like IP-restrictions.

I'd say an external device generating numbers in some way would be a smart solution - as long as you somehow can link multiple accounts to the same device - for those of us that do not wish to have double-digit number of devices lying next to our keyboard

/c

Posted - 2010.10.25 10:07:00 - [29]

 

I am bumping this thread in the name of security.

A few minutes ago, i read on facebook that CCP was STILL having problems with hacked accounts.

if CCP is able to create a GAME, they should be able to create an app for smartphones that can function as an authenticator.
And with all the PLEX that i'm buying, they should be able to afford authenticator devices too.

So WHY havent they started implementating this yet?