Difference between revisions of "Character lock no resale possible (CSM)"
From Backstage Lore Wiki
(New page: == Stats == * '''Raised by''': mazzilliu * '''Submission Date''': Sunday october 18th 16:00 * '''Issue ID''': tbd == Summary == Right now, anyone who can hijack an e-mail account attache...) |
m (Character lock no resale possible moved to Character lock no resale possible (CSM): Naming conventions) |
(No difference)
| |
Revision as of 05:10, 16 December 2009
Stats
- Raised by: mazzilliu
- Submission Date: Sunday october 18th 16:00
- Issue ID: tbd
Summary
Right now, anyone who can hijack an e-mail account attached to an EVE account can reset the EVE account password and clear out the EVE account immediately(via character sales or destruction of items, etc).
Solution
After certain events such as a password reset from an e-mail, or a password change, or an e-mail change, or an account login from a country different from that of the previous login- or other types of account changes that can signal a potential account hijacking- do the following:
- add a temporary lock on the account so the person playing the character is unable to transfer the character. still allow them to play, but don't let them trash the account.
- notify the user via e-mail that the lock has occured
- if there was an e-mail change, send notification to the old e-mail address as well
- if there was a password change, send notification to the current e-mail address
- I would like to also see the account locks be able to do other things such as prevent someone from completely emptying their own wallet, corp/personal hangars, reprocess or trash items, but I understand that would require a lot more coding time.
Pros
- more security
Cons
- devs will have to be careful in the actual implementation otherwise it will inconvenience legitimate users.