New Security Features With EVE Online: Ascension

By CCP Falcon
| Comments

Given the incredible level of investment that goes into creating and honing characters for specific roles in New Eden, as well as amassing wealth and assets, we want to make sure that your EVE Online accounts are as secure as possible.

With the arrival of EVE Online: Ascension, we have made some significant changes to account security in order to further protect the characters and assets of our pilots from being accessed by unauthorized third parties. 

The road has been a little rocky for some of our pilots who are returning to EVE or those who have had to verify their email addresses after the deployment of the expansion, and as such we’d like to clarify the new systems that are in place to protect your characters and assets.

Email Verification

With the release of EVE Online: Ascension, all EVE Online accounts now need to be attached to a valid and verified email address for account security purposes.

When creating a new account, pilots are guided through steps to verify their email address as part of the process of creating their account and downloading the EVE Online client. Similarly, if a pilot returns to the game and does not have a verified email address attached to their account, as of the deployment of Ascension they will be prompted to verify their email address when they log into the EVE Online launcher before they can continue through into character selection.

Please bear in mind that there are certain combinations of email address that are not considered valid for verification. These include mails with prefixes such as “info@” “admin@” and “mail@” and other generic inboxes, as well as some privately hosted email servers that pilots may have set up themselves.

It is also recommended that pilots add eveonline@service.ccpgames.com to their address book, trusted senders list, or safe contacts list to prevent email delivery issues with some services.

Emails sent to complete email verification will have the subject line “EVE Online Email Verification For [USERNAME]” so that they can easily be identified.

For more information on verifying email addresses, pilots can take a look at this help center article on e-mail verification and this help center article on creating and validating a new account.

Once an email address has been verified with CCP, the account it is attached to will be able to log in from the location that the email address was verified from without further security challenges in the future, as the location will be marked safe.

Please note that while a pilot can verify one email address with multiple accounts, each account must have the email address verified against it individually.

Account Security Improvements

Before the release of EVE Online: Ascension, pilots would face a character name request after successful log in from a new location or browser, in order to verify that they were the owner of the account that they were trying to access. 

This presented a number of issues that included returning pilots not remembering which characters were located on which account, or not being able to recall their character name after having not logged in for some time. In order to smooth out the process of logging into an account, we have made some changes to this process.

As of EVE Online: Ascension, a verification code sent to the email address attached to the account has replaced this request for a character name, and the system has been refined to only request a code when an account is logged into from a new geographical location for the first time.

This means that any pilots who have an internet service that provides them with a dynamic IP address will not need to enter a verification code every time their IP address is updated by their service provider.

Emails for this type of code will have the subject line “Your Verification Code For [USERNAME]” so that they can easily be identified.

Once this verification code has been entered once from the new location, it will be marked safe and there will be no further requests for verification.

Additional Security – Authenticator

An optional feature that pilots can also utilize to provide an extra layer of security is the ability to activate the Authenticator via account management, which overrides the location based verification system described above.

The authenticator allows pilots to utilize their mobile device to receive verification codes via Google’s Authenticator app, instead of them being sent to their account’s verified email address. 

When using this system, a verification code is requested every time a log in is attempted, unless the pilot marks the device they are logging with as safe using the “Don’t ask for codes again on this computer” checkbox when entering a code.

Any other device which is not marked safe in this manner will request a verification code every time a log in is attempted in order to increase account security.

Additionally, if a pilot misplaces their mobile device and has the optional Authenticator enabled, there is the option to receive Authenticator codes via email to prevent a pilot from being locked out of their account and allow them to disable the Authenticator service until they locate their device or replace it.

Emails for this type of code will have the subject line “Your Verification Code For [USERNAME]” so that they can easily be identified.

Clarifications On Messaging

With EVE Online Ascension, we cleared out the list of safe locations in order to enable this new system, which resulted in all pilots receiving an initial request for a verification code. Unfortunately, there was some confusion regarding the new system due to the fact that a significant number of pilots received emails that mentioned the optional authenticator service, leading them to believe that we had made this mandatory. This is not the case, and the authenticator is still an optional feature that pilots can utilize at their own discretion.

In addition to this, the call for pilots to verify their email addresses came just a week or so before the deployment of these new features for internal reasons, and not everyone was able to verify or update their email address in time.

We should have communicated these changes way earlier and with several warnings before launching this change, and we should have given you a blog like this explaining the changes up-front, not after the fact. We apologize for any confusion or any inconvenience that these communication issues might have caused, and have now rectified the text in the emails that are sent out with verification codes in them when an account is logged in from a new location.

There is also some outdated terminology that is being used on our account management webpages that we will be rectifying in an account management update early next week to further clarify these new systems.

Our customer support team is working hard to resolve cases related to these new security systems, and we have drafted in a significant number of extra staff to assist. We hope that we’ll be able to reach every affected pilot very soon and resolve any login issues that pilots are still experiencing. We will also compensate missed Omega clone state time for anyone locked out that they are assisting.

We urge anyone having issues with logging in to EVE Online to check the following Help Center articles to see if they can be of any assistance.

If you have a ticket open with Customer Support and are waiting for a response relating to an issue related to these systems, our Customer Support team will be with you as soon as possible. If you are experiencing login issues or issues with validating your email address, and the above knowledgebase articles do not help in resolving the problem, please file a support ticket through the help center and our Customer Support team will be more than happy to assist.

- @CCP_Falcon