Security Changes To The EVE SSO!
by CCP Falcon11:00am on Wednesday 14th November 2018
As part of continued work to protect the accounts of our pilots, we've made a change to the EVE Online SSO today that makes the system more aggressive toward new and unknown devices.
Many of us here at CCP are long term EVE Online players, and we know the value that our pilots place in their accounts, clones and assets. We also recognize and respect the sheer number of hours that go into creating and maintaining a solid character and want to ensure that all our pilots have the best possible protection for their accounts.
This Change In A Nutshell
- When pilots log in, instead of utilizing geolocation, the SSO will instead look for a specific cookie in a pilot's browser or launcher.
- If that cookie is not found and a pilot has not enabled two factor authentication (2FA) via an app such as Google Authenticator, they will be sent a standard 2FA verification code via email.
- On successful login using this verification code check, a cookie that lasts for 6 months will be created in the pilot's launcher/browser.
What Does This Mean For You?
- We've already been creating these cookies for the last couple of months, so if you've been logging in regularly, you'll see no change.
- Pilots with pinned accounts will see no change.
- Pilots with the 2FA app enabled will see no changes.
Potential Side Effects
- If you change your browser, clear your cookies or reinstall the launcher and do not have 2FA enabled via app, you'll need to use a 2FA verification code via email, since the SSO no longer depends on geolocation.
Reasons For This Change
- Geolocation is not always accurate, and we want to ensure your accounts are as secure as possible.
- Once pilots successfully log in, they were whitelisted for that country indefinitely, opening them up to hackers coming from the same country.
- Increased account security due to more aggressive verification of email address if 2FA via app is not enabled.
What Can YOU Do To Improve Account Security?
- Ensure that you use 2FA via authenticator for the best account security. See this Helpcenter article for more info on how to set it up.
- Change your password regularly.
- Make sure you use a complex password, and don't use the same password in multiple places.
- Make sure that if you have multiple accounts, you use a unique password for each account.
- Don't account share - It's against the EVE Online EULA, and damage arising from account sharing will not be reimbursed.