Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: Evony Security Features

  1. #1
    Join Date
    Jun 2011
    Location
    North Cuba ~ AKA Miami
    Posts
    507

    Default Evony Security Features

    I'm not sure if this topic has been made into a guide, but due to recent events of folks having accounts hacked (wether it's a true hack or due to account log sharing) I figured I would do this with the hope that it helps people.

    If it has been doen before I'm sorry, if anyone wants to flame and hate go right ahead becuase I truely don't care.


    This guide will be a step by step of all security features offered by Evony to protect your account. If you fail to utilize all of these features after reading this then you have noone to cry to when you get hacked.

    STEP ONE - Security Code

    Log into the game on you server. On the screen you will see your game profile picture (see below)



    Click this picture and you will see the following



    Click on the tab that says SECURITY CODE and you will see the following



    If you have failed to already install a security code, do so now. Saying "I didn't think I would need one becuase noone has my logs" is not an excuse. This takes less than 2 minutes to do ... once you entered and verified your code please OK and you will see the following



    At this point you will select the areas you wish to have protected by the security code feature. By defualt Evony has forced the RESTART GAME option to be protected by the security code. Personally IMO you should also utilize the tax, hero and city options as well.

    On a side note, I would suggest not using a security code that is easy to figure out or matches your password. This code can use alpha / numeric and is case sensitive, take advantage of that.

    Signature Designed By Morgan Le Fey
    137 / SS54 - DeathInc ~ Nomade / 11oo11 RETIRED
    151 - WRATH ~ llloVolll RETIRED
    154 - Ego ~ llililill RETIRED
    164 - Figure It Out

  2. #2
    Join Date
    Jun 2011
    Location
    North Cuba ~ AKA Miami
    Posts
    507

    Default

    STEP TWO - Account Protection

    After you've finished the security code feature you will need to log out of the game itself and go to Evony.com (see below)



    Once this screen loads you will see the large PLAY button, press it and you will see the following



    Once this screen loads you will see where you need to log back into the game. Enter your email and password, press PLAY and you will see the following



    Press the RETURN button here and you will see the following



    Press the MY ACCOUNT button and you will see the following



    At this screen you will begin the process for setting up your account protection, for those of you who don't know about this feature it is a 3 question feature that will allow you to regain control of your account if you get hacked. Press the ACCOUNT PROTECTION link and you will see the following

    Signature Designed By Morgan Le Fey
    137 / SS54 - DeathInc ~ Nomade / 11oo11 RETIRED
    151 - WRATH ~ llloVolll RETIRED
    154 - Ego ~ llililill RETIRED
    164 - Figure It Out

  3. #3
    Join Date
    Jun 2011
    Location
    North Cuba ~ AKA Miami
    Posts
    507

    Default



    At this page you will enter your account email, password and verify the captcha. Press NEXT STEP and you will se the following



    Enter the security code that you established earlier, press NEXT STEP and you will see the following



    Each of these 3 questions has a drop down opton with several questions to choose from. Use the questions that you will be able to easily remember the answers to while still being unnown by others. Once you've selected these questions press NEXT STEP and you will see the following



    On this page you will verify the answers to the 3 questions that you selected. complete this and press NEXT STEP. This will bring you to the following



    Press the highlighted HERE link and you will see the following

    Signature Designed By Morgan Le Fey
    137 / SS54 - DeathInc ~ Nomade / 11oo11 RETIRED
    151 - WRATH ~ llloVolll RETIRED
    154 - Ego ~ llililill RETIRED
    164 - Figure It Out

  4. #4
    Join Date
    Jun 2011
    Location
    North Cuba ~ AKA Miami
    Posts
    507

    Default



    You will now see the Secondary Email option. Press the link and you will see the following



    If you have not established a secondary email you will see this page. In this case I started a new account with a new email address on a server I was not playing, thus avoiding a ToS violation. Obviously I cut out the email address I was using. Anyway, on this page you will simply input the captcha and press SET. You will then see the following page



    On this page you will enter you account password and again verify the captcha. Press NEXT STEP and you will go to this next page



    Again you will enter the security code established earlier, verify the captach and press NEXT STEP. This will lead you to this next page



    You are now able to enter a secondary email address. Doing this will add yet another route to recover your hacked account. Verify the email address and captcha then press NEXT STEP to go to this page

    Signature Designed By Morgan Le Fey
    137 / SS54 - DeathInc ~ Nomade / 11oo11 RETIRED
    151 - WRATH ~ llloVolll RETIRED
    154 - Ego ~ llililill RETIRED
    164 - Figure It Out

  5. #5
    Join Date
    Jun 2011
    Location
    North Cuba ~ AKA Miami
    Posts
    507

    Default



    You have now completed the account security features for Evony.


    I know this was long and full of pretty pictures which will make it easy for Acer to understand . I hope it helps and let the flaming begin.

    EDIT: Sorry for the multi posting, when I made this I didn't realize there was a 5 picture per post limit.

    Signature Designed By Morgan Le Fey
    137 / SS54 - DeathInc ~ Nomade / 11oo11 RETIRED
    151 - WRATH ~ llloVolll RETIRED
    154 - Ego ~ llililill RETIRED
    164 - Figure It Out

  6. #6

    Default

    All i can say Fort Knox...



    My haters are my motivators
    RETIRED

  7. #7
    Join Date
    Nov 2010
    Location
    SandCastle
    Posts
    508

    Default

    good job, I did this just recently lol, + rep

    I have returned to taunt the evony forums, beware.

  8. #8

    Default

    Without discussing the ability or inability for the Evony servers to be "hacked" and thus the account information obtained through that "hack", people should also bear in mind the following:

    1) If you use a wireless connection, if your wireless router allows people to sign onto your network anonymously, then they can get your password AND your security code by being on your network and just listening to the traffic. They will have to identify the password, and the password does get hashed (a type of encryption), but there are things to decode hashes called "Rainbow Tables". An unsecured connection simply gives the access to the data much easier than a secured wireless connection.

    2) If you use a wireless connection, if your wireless router is set up for WEP (Wired Equivalent Privacy), then WEP is easily crackable and you should consider upgrading the security of your router to at least WPA (Wi-fi Protected Access), but preferably WPA2. This may mean you need to buy a newer router.

    3) If you use a wireless connection, if your Wireless router is broadcasting its' SSID (Service Set Identifier), then people can find your network easier and attempt to crack its' encryption. Make sure to disable SSID broadcasting in the router's configuration management screen.

    4) Public Wi-Fi spots should be treated as unsecure.

    5) Use of proxy servers to make yourself "anonymous" may also be unsecure.

    *****

    All of the wireless-related comments are particularly pertinent, given that the majority of the player base will be teens and college-age adults. Houses in non-rural neighborhoods, apartment complexes, and dorm rooms are places where high concentrations of wireless routers are likely to exist.

    The reason all of this is important is because:

    6) Evony does not use the accepted web standard of encrypting the data channel with HTTPS (HyperText Transport Protocol Secure) when user passwords are involved.

    If Evony had HTTPS, a hacker on a totally unsecured wireless network (item #1 above) would still have to break through the HTTPS encryption to be able to see the raw data, which is not really feasible for hackers that would take a special interest in restarting Evony games, as most hackers that would attempt to break HTTPS would be more interested in getting into bank accounts / credit cards.
    Last edited by neko_lord; 08-07-2011 at 03:23 AM.

  9. #9
    Join Date
    Mar 2011
    Location
    192.168.1.1
    Posts
    31

    Default

    99% of people who get "hacked" are morons who give out their passwords.

    Quote Originally Posted by neko_lord View Post
    If Evony had HTTPS, a hacker on a totally unsecured wireless network (item #1 above) would still have to break through the HTTPS encryption to be able to see the raw data, which is not really feasible for hackers that would take a special interest in restarting Evony games, as most hackers that would attempt to break HTTPS would be more interested in getting into bank accounts / credit cards.
    That costs Evony more money.
    Last edited by CryptKeepr; 08-07-2011 at 12:37 AM.
    YOU GUYS ARE JELLY, AMIRITE?

  10. #10

    Default

    Quote Originally Posted by CryptKeepr View Post
    That costs Evony more money.
    Only with respect to testing to make sure that it works properly. Implementations exist for nearly all web servers out there, and are free. The only possibility that might cut into revenue is if there are significant numbers of players in countries that are under cryptography export restrictions, like China, North Korea, Iran, and the like, and that disallows the use of SSL/TLS (I'm not sure if it does or does not restrict SSL/TLS right off the top of my head), but the Alexa stats show there to be very few players in those countries.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •