i joined a corporation. To be able to do that I had to register my account/character on a third party site. I thought this was very sketchy. The site I authet with was https://auth.ao-eve.online/.
Should I be concerned by this action? was it stupid of me? do they have my login information with e-mail and password now? do I have to change my login information?
If I want to leave this corporation can I withdraw my account/character from their auth system, so the account/character is like new again? so that I can join another corporation?
Well I hope I didnt mess things up and destroyed my Eve Online account forever =(
Feel free to make new accounts with new passwords for groups you join, butâŚ
Never enter your EVE password or account details anywhere other than at the official EVE website.
Groups may let you authenticate via EVE to access their internal pages and services, which is common practice, but to do that you need to get redirected to the eveonline.com domain to fill in your account details.
The link you showed looks suspiciously alike but is different, which seems sketchy indeed. Unless they redirected you to log in on the official EVE website I suggest you change your password.
I will chime in with a word of caution. I seldom âsign upâ for other websites. On another online game, decades ago⌠a good friend got his account hacked by a 3rd party forum. Obviously he did the number one no-no, using his user name and password from the game to visit the forum. It was very obvious to me, either a forum admin or someone with high level permissions was hacking accounts, since there was a lot of âMy account was hackedâ topics on there.
My fellow gamer is no longer that naive and knows better than to reuse ID and passwords. I only wish I could say the same thing about the real working world. Too many times I would see post-it notes attached to the monitor âPassword: GOLF14â. Next month when the system prompted them to change it, the note would read âPassword: GOLF15â⌠all I could do was shake my head and warn them.
@Ender_Paxt the site you posted redirects to Eve Online using their 3rd party tools. However I still hesitate to trust them fully. While sites like Eve Tycoon use the same tools, I still wonât sign in. There is always the off chance you could get a site, that perfectly impersonates the trusted page. In the event of the Eve Online partners, it is best to login here on the Eve website, then visit the partner site. The partner site should redirect you to the Eve login and you will see your account characters already in place with a simple âAuthorizeâ button.
Outside of the few people trying to âhackâ you, these âsketchyâ sites are mostly used by corporations to look through your stuff to protect THEM from YOU. Itâs quite common in nullsec and not really something youâd need to worry about if you understand what they can do with your API data (basically nothing, itâs read-only).
They just look through your API data to see if your account has been affiliated with a political enemy, that sort of thing. I never bothered with this stuff but the more stuff you have/control, the more important it is that you do not let your corp get infiltrated.
To be fair, a lot of sites these days require or prompt visitors to make an account, or only provide access to full site with an account. So you need to create a bunch of accounts and passwords that frankly, nobody really needs. No wonder people use the same passwords. Also password requirements on some sites are a bit over the top. I get it that it is wise to use some characters other than letters and numbers in your passwords, but do you have to make it an absolute requirement? Some sites require caps, numbers, other characters, and an uncommon minimum character amount as well. Itâs really annoying, especially when you have a system for generating passwords (I do), and then thereâs this one site which breaks your system (e.g. by requiring more characters).
I have this one site Iâm forced to use, and my password system doesnât work on it, so every time I have to go on I have to click âforgot passwordâ and make a new one, only to repeat the process the next time I get on again.
If I were to create a video game, I would make a password optional. Many users have limited access and password protected OS already. My idea would be to examine the IP address and machine hardware profile. If or when either changes, then you would be prompted for email, password, or phone number to get into the account. Also there would be an opt out option with a disclaimer about account theft.
Meanwhile let me tell you how to make some easy passwords that are tough to crack;
Internet has all sorts of random generators, I ask it for a color, animal, and inanimate object.
okay, just did that, I got; Gold, Pig, Sword replace these letters with numbers A=4, E=3, I=1, O=0.
Password is G0ldP1g&Sw0rd
I will try one moreâŚ
Password is Gr33nPum4C01n!
Notice I put ampersand in the first and exclaimiation on the second.
i have my system. And it has never been compromised. Iâve only told 2 people about how I generate passwords and they couldnât wrap their head around it, although I think itâs very simple. But your examples work as well (except, I personally wouldnât use 4 for A, 0 for O, etc. Those are extremely common and predictable switches). Thatâs how people should generate them, not just type straight words. Words are crackable no matter how many or complicated ones you use.
Iâve toyed with the idea to changing my passwords to hash values including a salt that I commit to memory. I know this does reduce the keyspace a bit but even if you know the possible characters good luck guessing a 128 character password.
Even if itâs external seems it goes back to the API point, itâs how dev make use of data from the players, Iâve got even a tool in a site I own that redirects to login eve online, best way to check is if youâve got saved passwords and they browser is willing to share them in that site, youâre in the correct domain.