Poor security for testserver login?

Why is double Authentication is not used for the testserver login whenn I add acount?

So you’re saying that if someone hacks my account, they can circumvent the MFA on the testserver and steal all my testserver ISK?

No double authentication there may be a risk, but the impact is low.

it is not about stealing isk. it is an copy of real data with mails, notes and etc.

So they can read your mail and notes.

I think the bigger issue is that you got hacked.

Because CCP has only emulated the game server and player database, not the account management system. You cannot access account management at all in the test server environment.- no password changes, no character transfers, etc. Those items are generally not needed for game development purposes.

If you are concerned about your account contents on the TEST server, you can log in each character after a mirror and wipe their stuff out. Better yet, practice good account security and use a unique, complex password for each account that isn’t used anywhere else, so you are unlikely to be hacked even with no MFA enabled.

but why not to secure it exact like “real”? it is the same account.

It isn’t the same account. It’s an image of the account, copied over to a discrete server. It runs entirely separate from your production (TQ) account.

Edit to add: From a system management perspective, the MFA process requires hooks into more than just the account data - it has an email server integration, account management website integration, etc. If these systems are not also mirrored in the test environment, they cannot emulate them for the test logins.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.