Why is remembering an account in the EVE Launcher considered insecure?

According to CCP’s explanation, the “Remember Account” function is considered insecure because it stores auth tokens on the file system.

Why is this considered a problem?

Is it because those tokens would otherwise not be created in the first place (so they could not be abused in the theoretical case that they are stolen, and there is no possibility of a brute-force attack to “guess” the token)?

Or is it because they could theoretically be stolen from the file system? I find this unlikely, unless you play EVE from a computer in a public library or something, or you get your gaming rig stolen and haven’t encrypted your disk.

It also doesn’t defeat 2FA, because you still need something you have (your PC) and something you know (your Windows password) to log in to EVE.

Just wondering, as it seems to me that this warning could cause some unnecessary concerns without at least giving a reason. Also, judging from similar topics, a lot of players seem to be using this function.

It’s because the token can be stolen from the file system. That’s it.

it’s stored in a recoverable form, because it has to be (because it’s used directly)

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.