Is Using the ED Market Connector safe as it asks for the ED user name and password to your ed account? please respond ASAP
Your call of course. But consider:I will hold of Inputting the data for the minute as I am not happy about releasing account details to game and store. thanks again 07
Your call of course. But consider:
- EDMC has been used over 2 million times in the last year and a half with no complaints.
- What's the worst that could happen if I stole your Frontier store account login credentials - buy you some Paintjobs ?
No - I'd also need control over your email account to intercept the verification email in order to do that.Login in to your game and reset your Cmdr?
Your call of course. But consider:
- EDMC has been used over 2 million times in the last year and a half with no complaints.
- What's the worst that could happen if I stole your Frontier store account login credentials - buy you some Paintjobs ?
Seriously, there's no reason to be concerned over EDMC. Frontier wouldn't release an API where all you had to do was use it and risk losing your entire account/progress/game.
In the end that doesn't make something safe. OpenSSL Heartbleed was a vulnerability open for a little over two years before being discovered. Dirty COW was introduced in 2007 and only discovered this year. I admit these are quite different in nature, but the point remains the same in that time going by without incident doesn't mean it's not vulnerable.
First, it's just a bad design. You should never need to provide your account credentials for any purpose other than accessing the account itself.
Second, there are in fact reasons providing your account credentials can be harmful:
1) Although it may not be able to access the game itself through the credentials alone (due to 2 factor authentication) you'd still potentially be able to access the account management page and therefore get access to their account information/personal information. Such credentials pose risks such as:
- The 'intruder' selling your account credentials possibly leading to (or aiding in) identity theft, spam, and social engineering and/or leverage blackmailing, stalking, or various other forms of harassment.
- The 'intruder' themselves doing any of the above.
Even if you can't access the website either (due to 2 factor authentication) it's entirely possible to store the credentials in an off-chance that there becomes a time where a weakness in the 2 factor authentication is shown and you can therefore bypass it.
2) People, unfortunately, are terrible at managing their passwords. I wouldn't doubt that a lot of users have the same password and email combo as they do for other accounts and services. Providing their account credentials for elite can therefore be used to get access to their other accounts either through brute-force (through massive databases of stolen or purchased data) in future attacks on other companies or through targeted means.
3) More concerning, at least to me, is that it undermines account security in general. The general public is atrocious at handling account security. You really have to hammer it into people's heads never to give account information to anyone or anything except to access the account it is for and only the account it is for. Developing API's that force you to use the same login information as the account itself is ridiculous. It would be different if the login page was from frontier and then they fed an authorization key behind the scenes. But that's not how it works, we actually provide the password directly to these programs and rely solely on trust that the information isn't sent out or otherwise taken advantage of.
This isn't to target EDMC specifically - it's just that giving account credentials to a third party is concerning to say the least; it should be using a third party access key/password. EDMC, from all I've heard and seen (with my very vague glances) appears fine to use.
Then you should take your concern up with Frontier, because it's their API which requires the credentials in order to pull data from your CMDR. If someone's paranoid enough to complain about it, then they can refuse to use any tools which use the API and play the base game without them.
If you don't like how the API works, then don't use 3rd party tools.
Paranoia - suspicion and mistrust of people or their actions without evidence or justification. If you want to complain about the method which the API uses to interface with the game, then take it up with Frontier, but don't come here all Chicken Little and try to proselytize about how unsafe and terrible everything is.
That isn't what this subforum is about.