Account Security Enhancements (CSM)
All this data is potentially out of date, and should be taken with a truckload of salt
Account Security Enhancements (CSM)
- Title: Account Security Enhancements
- Raised by: TeaDaze Original Submission by Z0D
- Submission Date: 17 Jan 2010 (Originally 2nd Dec 2009)
- Issue ID: ???
This topic was spawned from discussions about Lock Characters to Prevent Theft (CSM). It was decided that a more detailed look at Account Security was required.
The overriding issue is to make it significantly harder (if not outright impossible) for a malicious user in control of an Eve account to transfer characters from that account. It has been suggested that the easiest way to stop malicious transfers would be to discontinue that service. I feel that is far too broad a suggestion and there are ways to improve the procedure instead.
Past this initial requirement to block transfers there are areas that can be improved to reduce the possibility of hacking in the first place.
Enhancements to the Transfer procedure
- By default accounts should be locked so that characters cannot be transferred at all.
- The system should notify the account holder via the email when significant events occur.
- The system should require confirmation on certain actions.
- Notifications and confirmations should be sent from specific email addresses and be PGP signed to allow people to verify the authenticity.
Notifications (Including but not limited to)
- Change of address or other account details
- Change of Password
- Change of Subscription plan
Confirmations (Including but not limited to)
- Unlock Characters for transfer.
- Change of email address (see below)
Unlocking for transfer Unlocking character transfers is very straightforward.
- Login to your account
- Choose to unlock character transfers
- Wait for an email to arrive with a confirmation code
- Copy the confirmation code into the appropriate box on the account page
- Proceed with the character transfer
Why not a link to click in the confirmation email? Simply because people “trained” to click on confirmation links in emails is one of the techniques “phishers” use to gain login details.
Changing email address Requiring confirmation to change email address is slightly trickier because one of the reasons you might legitimately wish to is if you no longer have access to it (this could happen for any number of reasons).
One way to handle it is to require confirmation (positive or negative) via a code sent to the existing email address, but with a time limit such that if nothing is done within 30 days it will assume that the action was valid. This would require reminders to be sent until either action is taken or the time limit is reached and is not ideal because it is a “fail dangerous” situation. An alternative is to require GM intervention in this specific case.
See the long term improvement section for other ways to improve this.
Long term security improvements to consider
- Physical key tokens as used by many office VPN systems and some games (e.g. Warcraft). This is a limited time code that must be entered in addition to the username and password when logging in to game (thus makes it much harder for somebody to login and clean out your stuff).
- Add a mobile phone number as another route for a player to get alerts or confirmations by text message.
- Optionally locking account access to known IP addresses (or range of) for advanced users only. This would have to be for login to the game only (or else getting totally locked out would be possible) however setting, changing or unsetting would need email / text message confirmation as above.
- Additional email addresses on the account for notifications and confirmations.
Relevant Forum Threads
Relevant Wiki Articles
- ElvenLord - yes
- Alekseyev Karrde - yes
- Zastrow J - yes
- TeaDaze - yes
- Mrs Trzzbk - yes
- Helen Highwater - yes
- Z0D - yes
- Song Li - yes
- T'Amber - yes