Account security problem

This “enter verification code” thing is a bit annoying. Particularly when you go to your email, and they ask you to verify it too or even demand password change for security reasons :roll_eyes:, as if I have nothing else to do than verifying everything and changing passwords every other day. I actually had to give up on Blizzard because of their security zeal, that caused so much trouble I hardly had time to play.
Is there a way to stop this security nonsense? This is getting silly. More than 99% accounts “hacks” aren’t actual hacks, but stealing when people simply share their accounts with someone untrustworthy. Everybody knows that.

Select save if you are on a private PC.
You can use google authenticator, YOU DO OWN A SMARTPHONE, right? :wink:
Mostly keep an eye out on the “remember” as it will eliminate the need to enter it every time. Yes. On occasion it still asks. But unlike you I care about my accounts.

On the change password, it is just a hash check with IGotpwned. I will not explain you a rainbow table but if you use a known hash they know your password instantly if you log in over a public wifi.

Just make a new complex password and write it down. You can save it on the PC you use.

2 Likes

Main causes of problems: password/username re-use. So if I know your e-mail address (many leaks - that’s in the open already) I’ll try it against many sites with passwords you’ve already used from elsewhere which have “escaped”. And that attack is scripted - so “Eve is small/obscure” doesn’t work. An attacker will try you email address and known passwords against every site they can find. It’s easy.
2FA - done well - stops that dead. And fixes other things (Done well is easy, but even done reasonably well is much better than nothing).
And the other issue is short or obvious passwords.
If there is a breach and the hashed and salted password list escapes, then short passwords - the eight character alphanumerics with additional characters break fairly quickly to brute force. Length really works. And avoid phrases, even those with clever “letter to number” replacement5, because they are the first to try - you always run the collected passwords from earlier breaches first; because you know someone uses it…

Anyway, “Everybody knows that”.
I don’t give a damn about the security of your account except for two reasons.
One: you’ll whinge when you loose your account because of your own inadequacies. I’d rather not listen to that.
Two: your account will be stripped, your assets sold on, probably as part of an accounts or items for cash (RMT - the guys attacking accounts do this for money. Don’t help them). And ultimately, that’ll wreck Eve for everyone else. Including me.

So, learn, understand, set things up properly and it’ll stop being in your way.
Use 2FA on a phone, Google Authenticator is good and CCP support it. Try a password manger if you’ve got a bad memory. It’ll also generate good passwords for you (I don’t know and have never seen most of my passwords, I just click a couple of times to complete them.

And stop being a weak point for others.
Numpty.

End of Rant.

5 Likes

Getting hacked can be pretty annoying too.

8 Likes

If you’re putting your password in, and getting a request to change it, that’s because the password you’re using has been found in a list from a security breach elsewhere.

There’s a service called Have I Been Pwned. https://haveibeenpwned.com/ which collects breach lists from various sources, and makes them searchable on email address (purely the presence, not the password) to see if you are affected.

They _also provide a service called https://haveibeenpwned.com/Passwords which allows for checking for the presence of a password in those breaches. They do not make the passwords available, but what’s known as a hash of them. (a hash function takes some data (your password in this case) and runs it through some math, to get a long string which is close to unique for it. a small change in input makes a large change in output. It’s not unique, but it’s handy for comparison.) you send the first 5 characters of the hash to the service, and it sends back a list of all the hashs it knows about which start with those.

This has been integrated into Eve login for a fair time now. If it’s telling you the password has been broken, it’s seen it in a dump from another site which had a security incident, losing their password lists.

Change it. Pay attention.

Most password ‘hacks’ are due to reuse, and are by people looking to strip your accounts of isk and sp, to sell to other people. (yes, RMT)

2 Likes

I’m so paranoid about being hacked since my blizzard one got it. I have 2FA on everything now

1 Like

That’s interesting. Probably, should stop using that password then? Still I’m very sceptical. I have received thousands of warnings about ‘suspicious activity’, ‘possibly hacked’ etc and all were false alarms.

This is odd. Blizzard are paranoid themselves, I would not believe it possible to lose account there other than by losing some info you need access that account.
This actully is the way my only account loss happend. After a year break I could not remember my chareter’s last name. That was not so much of a loss (I only used up the trial) and I recovered it once the policy changed, but there is some uncertainty about my accounts safety. Any moment now they may intoduce another security measure which will catch me off my guard and lose me an account.

It’s not blizzard/CCP/ insert company name here losing your account that you need to worry about, it’s other people getting access to your account without permission. 2 factor authentication will make it much more difficult for others to access your account.

1 Like

I just want to know whether it is possible to customize security settings. As far as I’m concerned, the only option is Authenticator (i.e. it isn’t compulsory), but I might be missing something.

As far as I know, that is pretty much it. I do suggest using 2FA (authenticator). It will help keeping your account safe®.

Yes, stop using the password. It may not have been your account which was lost elsewhere with it, but it’s safer to assume that if anyone else used it, it’s compromised.

I recommend using a password safe, and a totally random long password with Eve. This can be a little painful though. If you’re going to need to use it where you won’t have your password safe, you want to use a long passphrase. Say, 6 random words (chosen by a computer, not you. humans are bad at random) with a number or two, and maybe a special character thrown in somewhere. Can be inside a word, or at a word boundary.

That kind of password tends to be easy to remember and type, but hard to break.

A few examples (Do not use these. I hope I do not have to explain why to anyone):

when does the glitz5y one study a cornea
these lace remark#ed a fiend is reordering my derrick
your plast!ics will dull the aspiring demon
those cravats state3d that neck might inno4vate behind that homemade viewpoint
tha2t sulky will violate a pigeon

All pretty simple to remember. (I have a generator for readable passwords. They’re not entirely random, fitting the basic structure of english, but they’re random enough)

As for options other than Authenticator:

Eve’s 2FA is an industry standard TOTP, with a 30 second interval. Any authenticator app which supports that will work. I’m partial to Authy, as it allows for encrypted backups to Authy’s servers. But you could use the MS authenticator, or a number of other ones.

all of the above can (and will happen) if you have dynamic IP, have used proxies/VPNs, changed or updated browser(s) or used “private browsing” function in them etc.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.