| Author |
Topic |
Mashie Saldana
Minmatar
Veto Corp |
Posted - 2011.03.24 13:09:00 - [ 1]
Well we got one of them in the fanfest goodie bag... |
RaTTuS
BIG
Gentlemen's Agreement |
Posted - 2011.03.24 13:10:00 - [ 2]
|
Marija Vanszar
Caldari
The Warp Pub |
Posted - 2011.03.24 13:15:00 - [ 3]
Just a question... what for? |
Mashie Saldana
Minmatar
Veto Corp |
Posted - 2011.03.24 13:19:00 - [ 4]
Edited by: Mashie Saldana on 24/03/2011 13:20:11 Originally by: Marija Vanszar
Just a question... what for?
Instead of a password that can be stolen by keyloggers and phishers. The security presentation is in 40minutes. |
Marija Vanszar
Caldari
The Warp Pub |
Posted - 2011.03.24 13:21:00 - [ 5]
Originally by: Mashie Saldana
Edited by: Mashie Saldana on 24/03/2011 13:20:11
Originally by: Marija Vanszar
Just a question... what for?
Instead of a password that can be stolen by keyloggers and phishers.
The security presentation is in 40minutes.
... i know... but where can you type in the generated key? |
Mashie Saldana
Minmatar
Veto Corp |
Posted - 2011.03.24 13:25:00 - [ 6]
|
Marija Vanszar
Caldari
The Warp Pub |
Posted - 2011.03.24 13:28:00 - [ 7]
Originally by: Mashie Saldana
Originally by: Marija Vanszar
Originally by: Mashie Saldana
Edited by: Mashie Saldana on 24/03/2011 13:20:11
Originally by: Marija Vanszar
Just a question... what for?
Instead of a password that can be stolen by keyloggers and phishers.
The security presentation is in 40minutes.
... i know...
but where can you type in the generated key?
Once it is up and running you type it in the password field together with your personal pin.
Sweet, so we will be abel to use a password or one of thoose, As Security is starting in 30 mins. can you give us not at fanfest people some infos about that. Br, Joker |
Gavjack Bunk
Gallente
Genos Occidere
HYDRA RELOADED |
Posted - 2011.03.24 13:31:00 - [ 8]
How curious neither my bank nor my credit card nor my mortgage or savings broker or my solicitors websites seem to think I need these devices I wonder what it is that they do differently that ccp cannot figure out oh look I can just log in to their web sites and see for myself how to do actual real security without fear of attacks without the need for hardware dongles that are sold for profit oh I think I just spotted a motivation. |
DmitryEKT
Clandestine. |
Posted - 2011.03.24 13:33:00 - [ 9]
Originally by: Gavjack Bunk
How curious neither my bank nor my credit card nor my mortgage or savings broker or my solicitors websites seem to think I need these devices I wonder what it is that they do differently that ccp cannot figure out oh look I can just log in to their web sites and see for myself how to do actual real security without fear of attacks without the need for hardware dongles that are sold for profit oh I think I just spotted a motivation.
a) my bank has one. maybe you need a better bank? b) other games use these already, as do many businesses c) you're not forced to get one. so it's up to you if you want extra security or not. d) the price will be enough to cover the hardware, it's not exactly an extra income stream |
Midge Mo'yb
Bat Country
Goonswarm Federation |
Posted - 2011.03.24 13:33:00 - [ 10]
Originally by: Gavjack Bunk
How curious neither my bank nor my credit card nor my mortgage or savings broker or my solicitors websites seem to think I need these devices I wonder what it is that they do differently that ccp cannot figure out oh look I can just log in to their web sites and see for myself how to do actual real security without fear of attacks without the need for hardware dongles that are sold for profit oh I think I just spotted a motivation.
whilst thats true im sure that crimes against banks/saving brokers/etc are persued a bit more than stealing your e-pixels |
Gavjack Bunk
Gallente
Genos Occidere
HYDRA RELOADED |
Posted - 2011.03.24 13:35:00 - [ 11]
Originally by: DmitryEKT
Originally by: Gavjack Bunk
How curious neither my bank nor my credit card nor my mortgage or savings broker or my solicitors websites seem to think I need these devices I wonder what it is that they do differently that ccp cannot figure out oh look I can just log in to their web sites and see for myself how to do actual real security without fear of attacks without the need for hardware dongles that are sold for profit oh I think I just spotted a motivation.
a) my bank has one. maybe you need a better bank?
b) other games use these already, as do many businesses
c) you're not forced to get one. so it's up to you if you want extra security or not.
d) the price will be enough to cover the hardware, it's not exactly an extra income stream
a) Maybe you need a better bank. b) Other games have instances, shall we get those too, or is your comparison irrelevant? c) We weren't going to be forced into Incarna either. Oops. d) The price will be to cover the hardware, software and profit. Otherwise they could have spent the time earning profit. Nobody is in business to break even. So 4 fails out of 4. You got more? |
Gavjack Bunk
Gallente
Genos Occidere
HYDRA RELOADED |
Posted - 2011.03.24 13:39:00 - [ 12]
A security question few people can answer: How much money do you need to spend on perceptions of security before you feel secure? Video kinda related. |
Othran
Brutor Tribe
|
Posted - 2011.03.24 13:41:00 - [ 13]
Originally by: Mashie Saldana
Well we got one of them in the fanfest goodie bag...
Oh dear CCPs usual bad timing strikes again  RSA breach leaks data for hacking SecurID tokensAttackers breached the servers of RSA and stole information that could be used to compromise the security of two-factor authentication tokens used by 40 million employees to access sensitive corporate and government networks, the company said late Thursday.
“Our investigation has led us to believe that the attack is in the category of an Advanced Persistent Threat (APT),” RSA Executive Chairman Art Coviello said in an undated letter posted on the company's website. “Our investigation also revealed that the attack resulted in certain information being extracted from RSA's systems.”
Neither the letter nor a filing (PDF) with the Securities and Exchange Commission identified what the stolen data was, but Coviello went on to say it “could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack.” |
Mashie Saldana
Minmatar
Veto Corp |
Posted - 2011.03.24 13:43:00 - [ 14]
Originally by: Marija Vanszar
Sweet, so we will be abel to use a password or one of thoose,
As Security is starting in 30 mins.
can you give us not at fanfest people some infos about that.
Br,
Joker
I'm sure it will be on the free stream. |
Marija Vanszar
Caldari
The Warp Pub |
Posted - 2011.03.24 13:51:00 - [ 15]
Originally by: Mashie Saldana
Originally by: Marija Vanszar
Sweet, so we will be abel to use a password or one of thoose,
As Security is starting in 30 mins.
can you give us not at fanfest people some infos about that.
Br,
Joker
I'm sure it will be on the free stream.
No streaming today.... Streams cover Friday and Saturday as i know. |
Gavjack Bunk
Gallente
Genos Occidere
HYDRA RELOADED |
Posted - 2011.03.24 14:04:00 - [ 16]
Originally by: Midge Mo'yb
Originally by: Gavjack Bunk
How curious neither my bank nor my credit card nor my mortgage or savings broker or my solicitors websites seem to think I need these devices I wonder what it is that they do differently that ccp cannot figure out oh look I can just log in to their web sites and see for myself how to do actual real security without fear of attacks without the need for hardware dongles that are sold for profit oh I think I just spotted a motivation.
whilst thats true im sure that crimes against banks/saving brokers/etc are persued a bit more than stealing your e-pixels
In extreme case they are, but there is a huge caveat to that, certainly with respect to credit cards. It is cheaper for a credit card company to write off controlled losses, or pay insurance to cover controlled losses than it is to introduce effective security. Every single Machine / Human interface is completely unsecure interaction otherwise the machine need not exist since it could not perform a function a human could make use of. Since they therefore cannot make a secure system, they barely (tm) try to. As long as investigations into extended or serious fraud are conducted on somebody else's balance sheet, ie the police's balance sheet, the banks are happy for them to pursue those investigations at their cost, but the banks aren't going to sign blank cheques for chasing money that doesn't even exist except as debt since it has no inherent value once recovered. |
Lord Haur
Amarr
Grim Determination |
Posted - 2011.03.24 14:07:00 - [ 17]
Edited by: Lord Haur on 24/03/2011 14:07:44 Originally by: Othran
Originally by: Mashie Saldana
Well we got one of them in the fanfest goodie bag...
Oh dear CCPs usual bad timing strikes again
RSA breach leaks data for hacking SecurID tokens
Attackers breached the servers of RSA and stole information that could be used to compromise the security of two-factor authentication tokens used by 40 million employees to access sensitive corporate and government networks, the company said late Thursday.
“Our investigation has led us to believe that the attack is in the category of an Advanced Persistent Threat (APT),” RSA Executive Chairman Art Coviello said in an undated letter posted on the company's website. “Our investigation also revealed that the attack resulted in certain information being extracted from RSA's systems.”
Neither the letter nor a filing (PDF) with the Securities and Exchange Commission identified what the stolen data was, but Coviello went on to say it “could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack.”
The authenticator is supplied by www.vasco.com. shiny image pulled from vasco website, looks like this with some shiny eve branding.  Please visit your user settings to re-enable images.http://vasco.com/Images/DP-Go-6.jpg |
Lord Haur
Amarr
Grim Determination |
Posted - 2011.03.24 14:10:00 - [ 18]
Edited by: Lord Haur on 24/03/2011 14:15:01
Listening to security presentations atm, Fanfest attendees are going to be the first testers of the two-factor authentication (hence the free authenticator). Will be integrated into all login processes.
Confirmed to be optional, too.
Edit1: The ability to "right click -> report bot" (a la report isk-spammers) is comming SoonTM. |
Mister Rocknrolla |
Posted - 2011.03.24 14:15:00 - [ 19]
I've been playing MMOs since mid-95 (Meridian59), been doing online banking, bill payment and investing for 10 or so years with 2-3 different banks, dozens of CC companies and vendors, and two different investment firms.
I've never needed separate hardware to make me feel more secure. I've never had any sort of security breach.
I guess all of those companies could be doing it wrong, and CCP (renown for their cutting edge security) has finally figured out how to handle account security.
I'm thinking that little device would be put to better use by sticking in your mouth and using it as a dummy/pacifier.
|
Myxx
Atropos Group |
Posted - 2011.03.24 14:21:00 - [ 20]
Edited by: Myxx on 24/03/2011 14:26:52 Originally by: Lord Haur
Edit1: The ability to "right click -> report bot" (a la report isk-spammers) is comming SoonTM.
\o/ edit: vasco are the same people that make the wow keyfobs. thats nice to know they're taking a page from blizzard, i like that. its the right kind of page, too. we've been asking for it forever. edit: I know the above... because I have one. |
Gavjack Bunk
Gallente
Genos Occidere
HYDRA RELOADED |
Posted - 2011.03.24 14:23:00 - [ 21]
Edited by: Gavjack Bunk on 24/03/2011 14:24:25 Originally by: Mister Rocknrolla
I'm thinking that little device would be put to better use by sticking in your mouth and using it as a dummy/pacifier.
Now we're really only waiting for the first trial account posting "I'VE LOST MY DONGLE AND MY WHOLE ACCOUNT CCP WON'T LISTEN TO ME WTF CUSTOMER SUPPORT" thread. Should be along soon enough. EDIT: 1 dongle, many accounts? |
ROXGenghis
Perkone
|
Posted - 2011.03.24 14:23:00 - [ 22]
Most Eve account thefts are the fault of the account owner, not CCP. Users with poor security on their systems, using identical credentials for multiple sites, visiting bad web pages, falling for phishing, etc.
What this device will do is protect Eve players from themselves. And that is actually a useful thing, because nobody is 100% vigilant or 100% lucky. |
Lord Haur
Amarr
Grim Determination |
Posted - 2011.03.24 14:48:00 - [ 23]
Edited by: Lord Haur on 24/03/2011 14:50:54
CCP will be introducing the character challenge to the client in tandem with the authentication key. Those with a fob will input that, those without will get character challenge.
Edit: Authenticators will be in a one-to-many relationship with accounts, so you can use one authenticator for all your accounts. |
RaTTuS
BIG
Gentlemen's Agreement |
Posted - 2011.03.24 14:51:00 - [ 24]
Edited by: RaTTuS on 24/03/2011 14:51:51can one fob control several accounts?thanks for the answer  |
Myxx
Atropos Group |
Posted - 2011.03.24 14:54:00 - [ 25]
Edited by: Myxx on 24/03/2011 14:53:56
any word on keyfob pricing?
edit: or not yet known? |
sableye
principle of motion
|
Posted - 2011.03.24 14:57:00 - [ 26]
Edited by: sableye on 24/03/2011 15:02:35
they seriousally better not make the game anymore of a pain in ass to login than it is now, its bad enough I have to log off and sign back into another character on the account if it starts giving me more crap I'd be one step closer to ntot playing except for skilling whcih I guess is perfect for ccp pay but don't play :). |
Gavjack Bunk
Gallente
Genos Occidere
HYDRA RELOADED |
Posted - 2011.03.24 14:58:00 - [ 27]
Originally by: Lord Haur
Edited by: Lord Haur on 24/03/2011 14:50:54
CCP will be introducing the character challenge to the client in tandem with the authentication key. Those with a fob will input that, those without will get character challenge.
Well that's one way to convince people to buy them... **** them off with enough captcha's so illegible you actually need a computer to decipher them. |
Envoy Achates |
Posted - 2011.03.24 15:03:00 - [ 28]
Originally by: sableye
theys eriousally better not make the game anymore of a pain in ass to login than it is now, its bad enough I have to log off and sign back into another character ont eh account if it starts giving me more crap I;d be one step closer to nto playing except for skilling whcih I guess si perfect for ccp pay but don't play :).
Just curious - is English your 3rd language, do you type ALL your posts on a phone with a miniature keyboard, are you 11 years old, or do you have some kind of learning disability? Your posts are, for the most part, borderline unintelligible and I'm trying to figure out why. |
Lord Haur
Amarr
Grim Determination |
Posted - 2011.03.24 15:03:00 - [ 29]
Edited by: Lord Haur on 24/03/2011 15:04:28 Originally by: Gavjack Bunk
Originally by: Lord Haur
Edited by: Lord Haur on 24/03/2011 14:50:54
CCP will be introducing the character challenge to the client in tandem with the authentication key. Those with a fob will input that, those without will get character challenge.
Well that's one way to convince people to buy them... **** them off with enough captcha's so illegible you actually need a computer to decipher them.
Character challenge as in "name one character on this account", not CAPTCHAs Originally by: Myxx
Edited by: Myxx on 24/03/2011 14:53:56
any word on keyfob pricing?
edit: or not yet known?
Wasn't asked about/detailed, but I'd assume it would be the cost of the fob plus P+P (hopefully not fedex tho) |
sableye
principle of motion
|
Posted - 2011.03.24 15:07:00 - [ 30]
Originally by: Envoy Achates
Originally by: sableye
theys eriousally better not make the game anymore of a pain in ass to login than it is now, its bad enough I have to log off and sign back into another character ont eh account if it starts giving me more crap I;d be one step closer to nto playing except for skilling whcih I guess si perfect for ccp pay but don't play :).
Just curious - is English your 3rd language, do you type ALL your posts on a phone with a miniature keyboard, are you 11 years old, or do you have some kind of learning disability?
Your posts are, for the most part, borderline unintelligible and I'm trying to figure out why.
thankyou for being so curious about my postings, would you like to write a thesis on it? |
All Channels
EVE General Discussion
