First off, I like EVE Online so far, a bit pricey and yet nice to play even FTP.
But then: Security Issues.
Let’s say I want to play for a year or so, and then with that comes making payments.
The ‘secure’ page isn’t coming from a single domain, but is like spaghetti
that has been sitting in the oven for two days.
FACT: Linking outside a secure payment page, not from the same domain,
is like asking for trouble. All content should come from the same domain,
for the security to be highest, if any of the outside linked stuff has a security breach
in it, you inherit it. So leave Facebook, Bing, Adnx and whatever out of it,
and only use stuff from the secure payment page’s domain.
After much consideration, and an unwanting wallet, I wanted to buy the $16 deal,
with the destroyer and such, but it wasn’t like “YES!!!” more like “Umm…well okay then.”
Then my browser starts by disallowing all the outside sites involved into making
the ‘secure’ page. And nope, I’m not gonna allow a whole slew of outside stuff
into a secure payment by CC.
So, too bad, not paying anything through this page any day soon.
Then, for players accounts, I also read on how much people got their accounts hacked,
and I wonder if after 1 year I’d like to get hacked or such. Big fat “NO !”.
So, if you wanna make people’s account’s secure, if they’re worth it,
offer two factor authentication, through SMS, yes, phone.
A small fee for the SMS sent, possibly payable in PLEX, like 1 Plex,
and now people get their account secondary login info by phone.
This makes for really good security, but instead you use a software tool.
Not good. if they want to hack someone, they can use keyboard logging,
they know about the tool, and whatnot. So, once again bad idea.
The two form, I’d call it “Two Form PLEX authentication”, would make any account
as hackproof as it can be, from the user perspective. And it minimal cost,
since 1 Plex is about $0.05 or 2.5M ISK ingame bought.
Now, I don’t think anyone at CCP will actually go through the trouble of even reading this,
since all they have to do is kick back and watch the money roll in, but if they do,
well, here it is.
If the ‘secure’ page ever gets stripped of anything but the payment domain, then maybe
I’ll start paying.
Anyways, that’s my for now 2 cents.
I’m going back to my Alpha gaming, hoping for something to improve.
FYI: Ask Moxie Marlinspike to try and check your security, he’s awesome.
(You can look on YouTube on some presentation he’s given on security.)