As part of continued work to protect the accounts of our pilots, we've made a change to the EVE Online SSO today that makes the system more aggressive toward new and unknown devices.

Many of us here at CCP are long term EVE Online players, and we know the value that our pilots place in their accounts, clones and assets. We also recognize and respect the sheer number of hours that go into creating and maintaining a solid character and want to ensure that all our pilots have the best possible protection for their accounts.

This Change In A Nutshell

When pilots log in, instead of utilizing geolocation, the SSO will instead look for a specific cookie in a pilot's browser or launcher.

If that cookie is not found and a pilot has not enabled two factor authentication (2FA) via an app such as Google Authenticator, they will be sent a standard 2FA verification code via email.

On successful login using this verification code check, a cookie that lasts for 6 months will be created in the pilot's launcher/browser.

What Does This Mean For You?

We've already been creating these cookies for the last couple of months, so if you've been logging in regularly, you'll see no change.

Pilots with pinned accounts will see no change.

Pilots with the 2FA app enabled will see no changes.

Potential Side Effects

If you change your browser, clear your cookies or reinstall the launcher and do not have 2FA enabled via app, you'll need to use a 2FA verification code via email, since the SSO no longer depends on geolocation.

Reasons For This Change

Geolocation is not always accurate, and we want to ensure your accounts are as secure as possible.

Once pilots successfully log in, they were whitelisted for that country indefinitely, opening them up to hackers coming from the same country.

Increased account security due to more aggressive verification of email address if 2FA via app is not enabled.

What Can YOU Do To Improve Account Security?