Reiisha
EVE University
|
Posted - 2011.03.25 20:11:00 -
[1]
Originally by: Seripis Chiktor Im wondering how they will get past the practicality of utilizing a authenticator.
1: they can be cloned 2: You will loose players if we have to purchase a item to play the game. 3: the security of this type of device is antiquated. 4: How will you handle people who pay for multiple accounts. 5: I often play from home work and while I'm traveling. I'm not toting some chip around with me just so i can do a skill check.
IP addresses. The ip address setup is worthless. Its easy to ghost an IP and fool this. These whole security measure setup is outdated. It seems more of scare tactic. I want measures in place that work. Not something that is going to catch the idiots.
Macros a macro setup is separate from eve-online install meaning you cannot disable it or punish some one for having it on their computer. Because technically you have no way of proving these macros are being used.
To be honest Im disappointed in todays security brief. you have said a lot of fluff about this. But nothing that is a true and functional security method.
The only true way to prevent this is a motivational approach. Humanity is based on one simple concept We will always take the easiest route with the most gain. So close the gap between traditional methods in game and the bots. Make the rewards in game for doing it the right way the same or better than doing it the wrong way.
Seripis.
1: You need the id of the token aswell as the associated account, and find out the algorythm used - Either way it makes it a lot harder for anyone to hack into your account. Even Blizzard with it's 12m+ subscribers is still relatively safe, the only time it was hacked was with a man in the middle attack (which was hard to do in the first place).
2: They specifically said it won't be mandatory. It prolly won't be anyway unless CCP wants to charge people for the token, which i suspect they won't do (yet).
3: What's a better 2+factor method that's easy to implement and cheap?
4: Either link the token to multiple accounts or introduce a master account. Multiple tokens are possible but a little inconvenient.
5: You're already toting a laptop around, a token which is 200 times smaller might still fit in that briefcase/bag.
On IP's: Spoofing them requires knowing what IP is connected to what account in the first place. If you don't have that information you'll still generate at least one entry with the false IP. That, and iirc spoofing only works with udp, tcp packets don't work with it.
You mention that it should be just as easy to 'win' in the game as doing it by cheating. The problem is, bots are a method of playing the game without playing it. You're basically suggesting that people pay for a game they don't actually play, as they can generate infinite isk by doing absolutely nothing aside from logging in. You can't beat that, and most importantly, there will ALWAYS be people who LIKE cheating, regardless of it's reward, because they like griefing or whatever.
Of course i'll be branded a CCP fanboy for saying this, but the security people have put a lot more thought into this than you make it sound like. You're criticizing the methods without offering any (viable) alternatives - That, and Blizzard having set the precedent on how to implement this kind of account security somewhat successfully over 12 million customers, CCP doing the same (and more!) should be much better than them doing nothing at all.
"If you do things right, people won't be sure you've done anything at all"
|