|
Author |
Thread Statistics | Show CCP posts - 7 post(s) |
Rain6637
Team Evil
15274
|
Posted - 2014.07.03 15:33:00 -
[1] - Quote
suddenly I understand why forums.eveonline, secure.eveonline, and community.eveonline require separate logins. President of the Commissar Kate Fanclub | Rainfleet on Twitch | Twitter | Rainfleet mk.III | Imgur |
Rain6637
Team Evil
15275
|
Posted - 2014.07.03 17:57:00 -
[2] - Quote
no way. no way he's for real President of the Commissar Kate Fanclub | Rainfleet on Twitch | Twitter | Rainfleet mk.III | Imgur |
Rain6637
Team Evil
15275
|
Posted - 2014.07.03 20:37:00 -
[3] - Quote
that's pretty slick. so these sites -won't- see my account name and login?
I've read through the dev blog twice now, and that part is still unclear.
//ok. i see it now. took 3 tries: middle of the second paragraph.
I think the title of the dev blog should be more like: SSO: log in to third party sites without revealing account info
main idea up-front/cut to the chase... because attention span. as hard as I tried, my pupils dilated as I began reading that article (in that way when it's just like 'ok i dunno wtf'). President of the Commissar Kate Fanclub | Rainfleet on Twitch | Twitter | Rainfleet mk.III | Imgur |
Rain6637
Team Evil
15275
|
Posted - 2014.07.03 21:49:00 -
[4] - Quote
is this some sort of compromise regarding the one-site-one-API rule from not too long ago? President of the Commissar Kate Fanclub | Rainfleet on Twitch | Twitter | Rainfleet mk.III | Imgur |
Rain6637
Team Evil
15275
|
Posted - 2014.07.03 21:51:00 -
[5] - Quote
that part I see going bad, and the dev blog struck me as a visual how-to-phish guide President of the Commissar Kate Fanclub | Rainfleet on Twitch | Twitter | Rainfleet mk.III | Imgur |
Rain6637
Team Evil
15275
|
Posted - 2014.07.04 01:36:00 -
[6] - Quote
what will be the customer support policy in the case of accounts compromised to phishing? will accounts be returned or will players be told it is their responsibility to verify the address and authentication of websites? as in, how much compassion will customer support have for players who fell victim in those cases. President of the Commissar Kate Fanclub | Rainfleet on Twitch | Twitter | Rainfleet mk.III | Imgur |
Rain6637
Team Evil
15281
|
Posted - 2014.07.05 18:40:00 -
[7] - Quote
yeah, that's not a problem. the issue is these input fields becoming associated with sites that aren't strictly CCP, opening the door to phishing. as a percentage, there will be players who type their account name and password into a fake SSO page. President of the Commissar Kate Fanclub | Rainfleet on Twitch | Twitter | Rainfleet mk.III | Imgur |
Rain6637
Team Evil
15287
|
Posted - 2014.07.07 19:40:00 -
[8] - Quote
Lady Areola Fappington wrote:This thread is just amazing. Jam packed with false assumptions and incorrect guesses.
SSO actually makes your account quite abit more secure. Rather than having seperate usernames for all your assorted third party websites, you just have one username and password to remember. Knowing people, all those user/pw combos are either the exact same as their EVE account, or just simple variations.
3rd party devs don't get your username/PW (as mentioned before). They'll be getting the same information they get now about you, only without the added burden of having to manage login credentials.
If you use google, facebook, steam, multiple telcom/cable providers, hulu, netflix, Amazon, most large banks, ebay, paypal, then you are using SSO already in your daily life. You do the same thing with CCP as you do with them...check the URL and make sure it's valid before blindly facerolling your credentials in.
Jeez folks, CCP could hand some of you a brick of solid gold, and you'd still be complaining it wasn't shiny enough. it might sound like a slippery slope fallacy followed by an appeal to emotion, to suggest players will get tricked into entering their login on a fake SSO page... but it isn't. especially for the player/victim/statistic whose account name matches their main's name, asking what customer service's policy will be in their case is an inquiry regarding the only recourse available to them. President of the Commissar Kate Fanclub | Rainfleet on Twitch | Twitter | Rainfleet mk.III | Imgur |
Rain6637
Team Evil
15289
|
Posted - 2014.07.07 21:35:00 -
[9] - Quote
not participating is simple: don't use sites that ask for SSO. the two sites I participate in currently are Eveboard (EB) and zkillboard, EB via API and zkillboard via manually/selectively submitting killmails. There's a lot that I don't let EB see, and opening my CREST is a bit of a jump... opening it to other sites is most likely not something I will do.
yeah, i'm paranoid. (don't hate the player hate the metagame). President of the Commissar Kate Fanclub | Rainfleet on Twitch | Twitter | Rainfleet mk.III | Imgur |
Rain6637
Team Evil
15328
|
Posted - 2014.07.11 15:20:00 -
[10] - Quote
can I limit CREST access like I can with an API access mask President of the Commissar Kate Fanclub | Rainfleet on Twitch | Twitter | Rainfleet mk.III | Imgur |
|
Rain6637
Team Evil
15329
|
Posted - 2014.07.12 07:24:00 -
[11] - Quote
ok, cool. that was going to be my next question. if i want to cut off a site, i can do it from a dashboard CCP-side like an API.
the likes of yourself and chribba are as trustworthy as anyone can expect, and i'm not questioning that. it's just my paranoia. as powerful as CREST is promised to be, the thought of opening it and leaving it open is unsettling. President of the Commissar Kate Fanclub | Rainfleet on Twitch | Twitter | Rainfleet mk.III | Imgur |
Rain6637
Team Evil
15346
|
Posted - 2014.07.13 16:29:00 -
[12] - Quote
I am curious to hear third party developer thoughts on SSO as a single point of failure. President of the Commissar Kate Fanclub | Rainfleet on Twitch | Twitter | Rainfleet mk.III | Imgur |
Rain6637
Team Evil
15347
|
Posted - 2014.07.13 18:53:00 -
[13] - Quote
will SSO be your only login option?
like... is there functionality available without SSO President of the Commissar Kate Fanclub | Rainfleet on Twitch | Twitter | Rainfleet mk.III | Imgur |
Rain6637
Team Evil
15347
|
Posted - 2014.07.14 13:41:00 -
[14] - Quote
until just now, I thought SSO was replacing API President of the Commissar Kate Fanclub | Rainfleet on Twitch | Twitter | Rainfleet mk.III | Imgur |
|
|
|