That is not how strong password work these days. Strong passwords are most importantly one thing: long. Rather use a long password that you can remember easily than a medium or short password that fulfills the above conditions but you have a lot of trouble with remembering.
Weve spent enough time teaching users passwords that are hard to remember and easy to crack for a machine, rather than passwords that are easy to remember and hard to crack for a machine.
The only best solution to this is utilizing 2-step verification. I can use a password as simple as 12345 (though I wouldnât recommend it as Iâm just joking here) and it still wonât be enough if the hacker doesnât have my cell phone or email access. Even my emails and bank account are as guarded as Fort Knox with complex passwords and 2-step verifications.
Is it me being paranoid? Yes.
Is it working? Well, none of my accounts have been hacked into for years so I guess the answer is yes.
The more secure the accounts are, the less work the security team has to do to deal with hacked accounts and they can then put more time into combatting botting.
Its conjecture on my part, but I believe a significant part of reports of hijacked accounts, are infact account-sharers, botters etc trying to convince CCP they were haxxored, when infact they wherenât.
Its possible that various service provider hacks, like Yahoo debacle, have revealed account login/password to RMT/botters etc, but for anyone even remotely familiar with how difficult that data is to obtain from the hackers (including identifying/contacting/paying them for the data past law-enforcement), or parsing it for details specific to an EVE player, I think it unlikely.
Ill engage 2FA today, so as to put my money where my mouth is.
No, they hack them to get as much data as possible, across all internet related data.
Hacking an email account is more difficult than hacking an EVE account.
Finding an EVE related account among the thousands/millions of hacked email accounts is even more difficult.
Getting access to the hacked email data is even more difficult, involving finding/contacting and purchasing that data from the hackers, past law-enforcement.
You REALLY need to do some research about this. People sell the login-informations to accounts ( email,games, hell, even bank details) IN BULK. You can buy 10-500 000 accounts at once. Some work, others donât. They do this because they can usually profit from them one way or another.
The rational behind the concept, is that Botters do not have the opportunity to recycle the accounts value to another character.
There is little that could be additionally done with isk and ships, but now that skill points are a major part of the characters value, preventing that being transferred would be a very reasonable and valuable step. this would need to be account wide and permanent as a penalty to be effective though.
An additional option, to prevent it being overwhelming for a âfoolish one off mistake leading to a three day banâ there could be the opportunity available for a 12months cool down but with a permanent lock remaining from extracting as an Alpha. But that option could be at GM discretion to enable as a rare opportunity, in the case of borderline decisions. The default publicised decision should always be permalock.
The goal is to make botting have a significant and permanent cost. âfor the encouragement of les autresâ. It will also be reassuring to the community and reinforce a sense of fairness in the whole system.
Unfortunately, since they reduced the first warning penalty to 3 days, that penalizes a botting operation only by 10% of a sub/PLEX, after which they can use the remainder to transfer assets/SP/characters to another account, and starting the bot hunt on CCPs part all over again.
Atleast with the previous 30 suspension, each account, and all characters on it, suffered the loss of a full sub/PLEX, and an entire month of loss of access to accounts to perform asset/character/SP transfers, and revenue for the remaining 27-24 days from operating accounts.
Then you really havenât. There is a whole economy build on stolen account-details for different uses. People sell and trade them to those who want specific kind of accounts, in this case, MMO-game accounts. Those accounts are then emptied of anything valuable and those items and in-game currencies are then sold to other players on the illegal RMT-websites.
If you truly believe that this doesnât happen, then you really need to go back and do more research.
Your idea that itâs too impropable to happen is just not the reality anymore. It does happen, all the damn time. It doesnât just affect Eve, it affects all MMOâs. There are some estimates that the illegal RMT-market globally makes just as much money as the games themselves.
Practically every post youâve done in this thread. You think itâs much more likely that the vast majority of account-breaches that CCP has to deal with is due to âit wasnât me, someone hacked my accountâ -defence instead of it actually being hacked.
Late to this party but I wanted to thank you guys for doing something visible about the issue. Perception matters a great deal for your customers.
I spent a month killing bots with help from many members of the community. We identified well over a hundred bots in our little area of space and I reported them to security as you said to do.
Would it be at all possible to get at least an automated reply when sending these reports in? TBH, I donât even know if anyone even got my emails at HQ.
Thanks and keep finding ways to hamper those bots. The community here could help. A little antimatter goes a long way
Nice of the commenting interface to let us know when somebody in the thread has already posted the exact same link, because I was just about to post this as well.
This XKCD needs to be posted everywhere, because we are doing a really terrible job at creating secure passwords. The âsome 6-10 character string of upper/lowercase, numbers, and special symbolsâ password protocol was developed by one computer technician in the 1980s; it isnât what we should be using anymore.
