open All Channels
seplocked EVE Information Portal
blankseplocked New Dev Blog: Account Security and You!
 
This thread is older than 90 days and has been locked due to inactivity.


 
Pages: [1] 2 3 4 5 6

Author Topic

CCP Zymurgist


Gallente
C C P
Posted - 2010.11.19 17:10:00 - [1]
 

CCP Sreegs is here to help you protect your account. Read all about account security and what you can do to protect yourself here.


CCP Navigator


C C P
C C P Alliance
Posted - 2010.11.19 17:17:00 - [2]
 

Just a friendly reminder that your replies should be on topic and in relation to the blog. Spam replies will be deleted.

Tiruriku
Posted - 2010.11.19 17:25:00 - [3]
 

Good suggestions. I always enjoy CCP's writing style.

With regards to changing your password regularly one thing I always suggest to people is using a password manager like KeePass. This is especially prudent when advised to use a different password for every website as that becomes impossible to remember everything.

Many EVE players also use multiple accounts and it makes sense to use different passwords for each account. Why use 'eve1' when you could use 'kDFxh56Ur6dqEOOdkpYS'?

EdFromHumanResources
Caldari
GoonWaffe
Goonswarm Federation
Posted - 2010.11.19 17:33:00 - [4]
 

:condi: to DJ. The "name challenge" method is a direct discouragement for returning players.

Scenario: You talk your friend into picking up Eve again after a few years away(This makes you a bad friend but that's besides the point)
Your friend tries to log in to reactive his account, he cannot because he does not remember his character name. Instead of petitioning and waiting a week to get this sorted he says "**** it" and goes to play something else.

Perhaps offering people the OPTION of this name challenge or perhaps an option to email the primary email a list of characters on the account should be in order.

This method also sucks for those of us with ****ty memories and too damn many accounts with similarly named characters on them when we are trying to reactive them.

Dav Varan
Posted - 2010.11.19 17:36:00 - [5]
 

Edited by: Dav Varan on 19/11/2010 17:36:50

PERMA BAN PEOPLE WHO SUPPORT RMT.



People who buy isk from RMT'rs are the root cause of account theft.

No customers to sell isk too for $ = No point in stealing account info.

Scare people away from RMT by promising them if they are caught ALL there accounts will be deleted and they will be permanently banned from EVE.


CCP Sreegs

Posted - 2010.11.19 17:40:00 - [6]
 

Originally by: EdFromHumanResources
:condi: to DJ. The "name challenge" method is a direct discouragement for returning players.

Scenario: You talk your friend into picking up Eve again after a few years away(This makes you a bad friend but that's besides the point)
Your friend tries to log in to reactive his account, he cannot because he does not remember his character name. Instead of petitioning and waiting a week to get this sorted he says "**** it" and goes to play something else.

Perhaps offering people the OPTION of this name challenge or perhaps an option to email the primary email a list of characters on the account should be in order.

This method also sucks for those of us with ****ty memories and too damn many accounts with similarly named characters on them when we are trying to reactive them.


Most security measures bring with them some additional amount of work to gain access to whatever it is you're trying to access. That's just the nature of the beast. The general idea is to try to implement measures that both increase security while minimizing the size of the obstacle. The name challenge, when introduced, was extremely effective in reducing the number of hacked accounts.

While I understand that it can add some complexity for people, I think they'd be a lot more upset if they came back and all their stuff was gone. We're in a constant state of exploring solutions to this particular issue (hacking) and there may come a point in the future where the name challenge isn't necessary any more, but for now it is a necessary evil.

BenjaminBarker
Posted - 2010.11.19 17:44:00 - [7]
 

Does this mean we're never getting keyfob tokens for account security?

CCP Sreegs

Posted - 2010.11.19 17:46:00 - [8]
 

Originally by: BenjaminBarker
Does this mean we're never getting keyfob tokens for account security?


No this does not mean that.

shortspecialbus
GoonWaffe
Goonswarm Federation
Posted - 2010.11.19 17:47:00 - [9]
 

Is it a good idea to set complex passwords based on our favorite consumables such as wasabi and/or soy sauce?

Khefron
GoonWaffe
Goonswarm Federation
Posted - 2010.11.19 17:49:00 - [10]
 

Tell us how you arrived at that magical name "CCP Sreegs".

Cid Mutation
Posted - 2010.11.19 17:49:00 - [11]
 

One thing I would like is to be able to not only change my password but also my ID. I know it's my account ID but I think it should be deferent. Give customer a number and link that number to the current ID.

Also when you guy found out about site being hacks you should post and tell people that if they visited those they should do a scan and change there pw like now.

And thanks for the sandbox thing :D.

Tamyris
Posted - 2010.11.19 17:50:00 - [12]
 

Re: changing passwords and whatnot

Maybe, for simplicity, there should be a "generate random password" or "generate secure password" button in the accounts section? Not everyone will have a link to a secure password generator handy. If you want to hold users hands even more, whip something up that'll take a phrase and turn it in to a secure password ("I suck at eve" -> "1sU(k@3vE") in a pseudo-random fashion (yes, it's predictable if you know the input and algorythm).

Virtuozzo
The Collective
Against ALL Authorities
Posted - 2010.11.19 17:51:00 - [13]
 

Originally by: Khefron
Tell us how you arrived at that magical name "CCP Sreegs".


Very Happy


Niccolado Starwalker
Gallente
Shadow Templars
Posted - 2010.11.19 17:55:00 - [14]
 

Edited by: Niccolado Starwalker on 19/11/2010 17:56:08
Originally by: CCP Zymurgist
CCP Sreegs is here to help you protect your account. Read all about account security and what you can do to protect yourself here.




Good post.

But please answer me this question I have been asking for ages with so many others from these forums:

Why dont you offer login tokens?????

It give an extra additional layer, by giving the player a unique login code each time. That way account sharing turns difficult and if a keylogger cathes the login it wont help!

Most players who stay with EVE do so fanatically. Like me, I am 5 years behind me in EVE on 3. of december, and would without hesitation invest in a login token!

The question have gone unanswered from what I can see. Now dear CCP Sreegs! Please tell us if this might be or might not be possible! Tell us you are thinking of it! Or at least give us your toughts about the matter! It have been so quiet about this! But with this devpost and all, please! Share your toughts about this!!!

:BEGS:



Webb Mordock
GoonWaffe
Goonswarm Federation
Posted - 2010.11.19 17:58:00 - [15]
 

Originally by: CCP Zymurgist
CCP Sreegs is here



...

Mynxee
Veto.
Veto Corp
Posted - 2010.11.19 18:02:00 - [16]
 

Good info. The name challenge is a small effort considering its value for enhanced security--glad to hear it has been a big help in cutting down on hacked accounts. I'll keep that in mind the next time I grumble at it being presented when I'm trying to log in to the forums from a mobile device. Wink


Twigand Berries
Caldari
GoonWaffe
Goonswarm Federation
Posted - 2010.11.19 18:02:00 - [17]
 

i left my account open on a public computer in new jersey

what do i do?

Arrgthepirate
GoonWaffe
Goonswarm Federation
Posted - 2010.11.19 18:02:00 - [18]
 

Edited by: Arrgthepirate on 19/11/2010 18:03:25
Good blog.

Rustpunk
Minmatar
No-Mercy
Posted - 2010.11.19 18:05:00 - [19]
 

I'd pay real money (say about equivalent to one month of a full-price sub) for an authentication token like WoW uses. Although my WoW token is free because I have it on my Droid phone rather than a keyfob...

(RL infosec geek and incident responder)

Makurid
Posted - 2010.11.19 18:08:00 - [20]
 

Originally by: CCP Sreegs

Most security measures bring with them some additional amount of work to gain access to whatever it is you're trying to access. That's just the nature of the beast. The general idea is to try to implement measures that both increase security while minimizing the size of the obstacle. The name challenge, when introduced, was extremely effective in reducing the number of hacked accounts.

While I understand that it can add some complexity for people, I think they'd be a lot more upset if they came back and all their stuff was gone. We're in a constant state of exploring solutions to this particular issue (hacking) and there may come a point in the future where the name challenge isn't necessary any more, but for now it is a necessary evil.


Just wondering how this helps the security if I can just log into EVE Gate and get a list of my characters without having to answer the challenge.


EdFromHumanResources
Caldari
GoonWaffe
Goonswarm Federation
Posted - 2010.11.19 18:12:00 - [21]
 

Originally by: Makurid
Originally by: CCP Sreegs

Most security measures bring with them some additional amount of work to gain access to whatever it is you're trying to access. That's just the nature of the beast. The general idea is to try to implement measures that both increase security while minimizing the size of the obstacle. The name challenge, when introduced, was extremely effective in reducing the number of hacked accounts.

While I understand that it can add some complexity for people, I think they'd be a lot more upset if they came back and all their stuff was gone. We're in a constant state of exploring solutions to this particular issue (hacking) and there may come a point in the future where the name challenge isn't necessary any more, but for now it is a necessary evil.


Just wondering how this helps the security if I can just log into EVE Gate and get a list of my characters without having to answer the challenge.




Haha, this actually works but only for subbed accounts.

Ci Seepy
Amarr
Posted - 2010.11.19 18:13:00 - [22]
 

So I'm guessing its a bad thing that I've never once changed my passwords since I started playing. Embarassed

Vincent Athena
Posted - 2010.11.19 18:19:00 - [23]
 

Originally by: Twigand Berries
i left my account open on a public computer in new jersey

what do i do?


The client? Log in on another computer. That will force log out the one you forgot to log out.

Breaker77
Gallente
Reclamation Industries
Posted - 2010.11.19 18:21:00 - [24]
 

We still need seperate ID's for the forums.

Hey look I have a wireless signal here, checks the forums, oh I should reply to this, oh wait my account ID/PW was sniffed Sad


Jengi Gotsen
Gallente
BlackSite Prophecy
Posted - 2010.11.19 18:25:00 - [25]
 

Is EvE looking into external tools (authenticating keyfobs) to keep players more secure? Are there any excessive technical hurdles that would need to be overcome to make their use a reality? WoW currently has two separate tools for authenticating and verifying identities when logging in, the authenticator keyfobs / mobile authenticators available on smart phones, as the new system whereby a phone call is made when your account is logged in from an unusual place to verify you are the one logging in.

Do you feel that EvE is falling behind the industry in that way? I understand it's hard to place WoW and EvE in the same light in terms of game play, but in security measures aren't all games equal? I would say that a single-shard system where in-game currency can be converted into actual game time, security is paramount.

You mention the name challenge feature. That's great, except for the part where I don't recall seeing that on the login screen. I'm a little more nervous about someone stealing my isk than ****posting in C&P or checking out my easily changeable API key. Are there any plans to make the name challenge show up on the login screen?

Cid Mutation
Posted - 2010.11.19 18:25:00 - [26]
 

Edited by: Cid Mutation on 19/11/2010 18:26:17
Originally by: Breaker77
We still need seperate ID's for the forums.

Hey look I have a wireless signal here, checks the forums, oh I should reply to this, oh wait my account ID/PW was sniffed Sad




^^^^
this

Ariz Black
Posted - 2010.11.19 18:27:00 - [27]
 

i tried to change my password and it wouldn't let me because it said i don't have capital letters in it. ironically i was trying to make it more secure by adding numbers to an already random collection of letters. stuff like this is taking it 'too far' because you shouldn't *force* people to explicitly have to hit extra keystrokes to log in when it's something they likely do 2000+ times a year (think about eve website, ingame, evegate, etc)

Kragaar
Posted - 2010.11.19 18:30:00 - [28]
 

Is there going to be a new way to transfer characters between accounts aside from providing your email and account name so that "bad people" don't have a starting point to compromise your account?

CCP Sreegs

Posted - 2010.11.19 18:35:00 - [29]
 

Originally by: Cid Mutation
One thing I would like is to be able to not only change my password but also my ID. I know it's my account ID but I think it should be deferent. Give customer a number and link that number to the current ID.

Also when you guy found out about site being hacks you should post and tell people that if they visited those they should do a scan and change there pw like now.

And thanks for the sandbox thing :D.


I can't really speak to our capability to change usernames, though it will go on the list of items to consider. I CAN however speak to your second point. The Community Team actually DOES keep a running list of known bad sites in a sticky at the top of General Discussion which I will link HERE.

Also, you're welcome Very Happy

Squizz Caphinator
Woopatang
Posted - 2010.11.19 18:40:00 - [30]
 

This blog post should be required reading for all new accounts. Then followed by a test that's fill in the blank. Should they fail the test or opt out, they can still register but have their subscription rate tripled. This way, when they inevitably give out their account information CCP's cost to recoup the account to it's former status is covered.

Hey, one can dream right? :)


Pages: [1] 2 3 4 5 6

This thread is older than 90 days and has been locked due to inactivity.


 


The new forums are live

Please adjust your bookmarks to https://forums.eveonline.com

These forums are archived and read-only