On the topic of bringing PVP beyond the intended features within the game, it is now, and has been for some time, an option for a cyber attacker to gather players passwords, and steal access to their accounts, either by remote login, or physical intrusion to their home and access to their logged in accounts.
I see no reason why CCP would pass the on the opportunity to secure accounts against this high value thievery move to steal skillpoints and then dead-drop to cargo containers or even just delete them for the purposes of setting back an opponenet, ensuring damage while mitigating any incriminating trails.
All that needs be done is set a standard lock cycle for any major moves in the game: Bio-mass, skill extraction, corporate or alliance disbands, and use the in game mail and email to set an alert chain that will slow the move by 24 hours and then offer a 24 hour open period followed by a re-lock.
There really can’t be a better way to protect the players against malicious activity like this.
2FA already exists with your account email, but it does not really change anything. If a person can get your email/account login & pw, then they can defeat it. All 2FA does is put the process over to your cell phone (which not everyone is guaranteed to own one).
The issue still remains with 2fa active that if they can access your logged in computer, 2fa is not challenged on the normal login, it only asks for that information when an account is logged in to the splash launcher for the first time.
This feature request wants to make and additional 2/fa challenge for major internal moves as listed, and a 24 hour cool down period to deter compromised situations, whether they be some irrational mental cycle from the player about to do something silly (cyber suicide prevention), or the access location is compromised and the person away from their home can take the time to consider their options with that oversight.
No, unfortunately activating 2fa takes away the email check in favor of the phone, but it’s much more likely to be always on your person than email where saved Passwords will could be compromised of a saved list in a browser, either directly from a dark grab off Google servers or other equivalent Password service, or by accessing in a browser and having a work around for the lockout.
If there were an option to make skill unextractable in the setting menu’s on the website I would use them, but I will make an attempt to do this since you mention it by GM contact.
I’ve lost >1000 USD of value of skill points (at value for buy/sell plex and buy LSI) from random grabs and they were not reimbursed when I asked for an investigation. I am of course, being a normal selfish being, thinking if this as a major concern, but its not a major concern in the grand scheme. The major concern is the structural system that opens the door for that action to be repeated against other victims, and simple things that could close the possibility altogether. I don’t morally make room for PVP outside the normal in fleet brush off and the brutality of out of game, out of event window, and out of client PVP is a major detriment to the playability here at EVE.
I don’t get it what the real issue is here? Is your account unsecured or is your computer unsecured?
As you can work on both to be secure, i don’t get it why you need game mechanics implemented to work around your security problems. Those would just annoy everyone else who have their stuff secure?
I wonder how other people would either know your credentials - unless you did some forbidden account sharing - or how they would be accessing your computer - unless you play on a public unsafe computer or you are not securing it properly with locking and encryption and what not. Still the question is how anyone would be able to target you or your computer specifically and how.
This all just raises far too many questions for me, how you support this to even be possible.