In this session I will walk you through the history of account security in EVE Online, the uniquely player-driven spaceship MMO game set in a vast online sci-fi sandbox, running for more than 15 years. With EVE being a single-shard universe known for it's huge battles, it is a big target for hackers who want to break into and steal player accounts for various purposes. I will show you what methods we have used to prevent and counter online attacks against our players, the challenges we've faced in doing so with minimal impact to user experience, where we've failed and succeeded and how we've had to constantly evolve in the process. By sharing our experiences and methods, we hope you can take advantage of them to increase the security of your own systems.

This session is a walk through 10 years of development work battling account takeovers and brute force attempts against the MMO EVE Online and it's websites, through success and failure alike. It's not heavy on programming specifics but rather explains methodologies used to prevent hacking and takeover attempts. It goes over the most important scenarios we hit during several changes in the game, and how we had to tackle them before things such as 2FA really existed. Towards the end we will show several statistics on recent changes that have been made and how they have affected user security in a positive way through integrations such as Have I Been Pwned and 2FA. The session is around 1 hour long.