Account Security on the Dev Blog

Yeah, there's not much more of a boring blog topic than account security. This is still an incredibly important topic however. The latest Dev Blog offers the following "standard" suggestions:

Do not use the same usernames and passwords for different games

Commonly happens, but not a good idea, especially in the passwords arena.

Change your passwords regularly

Generally a good idea. Just make sure you have a way to keep track of them. I use an App that auto-destructs the data if the wrong password for it is entered one too many times.

Use strong passwords

don't just use "password" or "coolermaster" as a password. The best passwords are like "p9G$wk45#" it's random. The problem is that it's hard to remember.

Do not share your login details with anyone

This is a "no kidding"

Don't accept files from sources you don't know

Not a bad idea, but considering most of this stuff comes in via a friend or family member's computer being compromised. So it probably came from a trusted source. Granted, many people do click on the random phish.

Regularly scan your systems for security threats with up-to-date anti-virus software

This is a given, and easier than ever with free AV software. However, given the number of variants of Trojan.Vundo alone ("You are infected" "Scan now" "Fix Errors") and the number of years it's been around, you'll find out pretty quick that even having updated AV (and AS) can still leave you vulnerable. One of my underlings spends a lot of time re-imaging computers infected with variants of that bugger. Oh yeah, we have AV software on all computers, plus filtering, firewalls, et al.

Unfortunately none of this would have helped me, or my wife. In the wife's case, it used a flaw in Windows to get a logger on her computer. I've never found a bug on any computer I use to play Eve, months later. I've not had a recurrence either.

I still say Eve should use something dismissed by the CSM in the latest meeting:

One option is to sell random number generators but the CSM expressed doubt that a significant number of players would utilize that option.

First off to the CSM: Get a freakin' clue. Blizzard had those little "authenticators" (read: a Vasco random number generator) sold out for months. Go look the price history up on eBay. They were being sold for over 10 times their value because Blizzard underestimated, or there wasn't enough production capacity available, the demand for them. Everyone I know has one, because all it takes is one friend to have a compromised account and the hassles generated by that, for you to want to protect your own account.

Second off, they're optional and extremely useful.

Finally, it's almost impossible to crack such a system without the physical "key" in your hand.

If you're serious about account security, you'll consider one. I even have one for my rarely used PayPal account. I have one for WoW / Battle.net protection. I have a "Smartcard" for protecting my work. I even have a card to let me in the door at work.

Security is something that is done in layers. Usernames and Passwords are fine at first. In the MMO world, however, as your game becomes popular you need to offer more tools to protect your players from unscrupulous people. They are almost always people selling (in this case) illegally obtained ISK. Eve has been getting more and more press. Eve has been attracting more and more players. This makes the universe a bigger and bigger target.

So I would ask CCP to take a chance, the same chance Blizzard took. Offer two-factor authentication to your players. Heck, I'll get one as fast as I can if it's offered.