Is Using the ED Market Connector safe as it asks for the ED user name and password to your ed account? please respond ASAP
Discussion ACCOUNT SAFETY
- Thread starter Eben Sheti'ya
- Start date
Others seem to say it is and I haven't heard about times where people have had their credentials stolen as a result. In the case of EDMC, it's basically the only way for it to get the data it needs to do its thing.
That said, I personally refuse to use third party tools that require my account credentials. Frontier really needs a third party access key/password that we can generate such that these tools can get the game-related data but don't have the actual information to access the account itself.
Should be noted that the tool itself is open source. (I haven't looked through it personally, but: ) It's decently safe to say there'd be a huge uproar if it did send your client info out/steal it; which there hasn't been.
That said, I personally refuse to use third party tools that require my account credentials. Frontier really needs a third party access key/password that we can generate such that these tools can get the game-related data but don't have the actual information to access the account itself.
Should be noted that the tool itself is open source. (I haven't looked through it personally, but: ) It's decently safe to say there'd be a huge uproar if it did send your client info out/steal it; which there hasn't been.
Last edited:
Thank you for your prompt response' I will hold of Inputting the data for the minute as I am not happy about releasing account details to game and store. thanks again 07
Your call of course. But consider:
- EDMC has been used over 2 million times in the last year and a half with no complaints.
- What's the worst that could happen if I stole your Frontier store account login credentials - buy you some Paintjobs ?
No - I'd also need control over your email account to intercept the verification email in order to do that.
Last edited:
In the end that doesn't make something safe. OpenSSL Heartbleed was a vulnerability open for a little over two years before being discovered. Dirty COW was introduced in 2007 and only discovered this year. I admit these are quite different in nature, but the point remains the same in that time going by without incident doesn't mean it's not vulnerable.
First, it's just a bad design. You should never need to provide your account credentials for any purpose other than accessing the account itself.
Second, there are in fact reasons providing your account credentials can be harmful:
1) Although it may not be able to access the game itself through the credentials alone (due to 2 factor authentication) you'd still potentially be able to access the account management page and therefore get access to their account information/personal information. Such credentials pose risks such as:
- The 'intruder' selling your account credentials possibly leading to (or aiding in) identity theft, spam, and social engineering and/or leverage blackmailing, stalking, or various other forms of harassment.
- The 'intruder' themselves doing any of the above.
Even if you can't access the website either (due to 2 factor authentication) it's entirely possible to store the credentials in an off-chance that there becomes a time where a weakness in the 2 factor authentication is shown and you can therefore bypass it.
2) People, unfortunately, are terrible at managing their passwords. I wouldn't doubt that a lot of users have the same password and email combo as they do for other accounts and services. Providing their account credentials for elite can therefore be used to get access to their other accounts either through brute-force (through massive databases of stolen or purchased data) in future attacks on other companies or through targeted means.
3) More concerning, at least to me, is that it undermines account security in general. The general public is atrocious at handling account security. You really have to hammer it into people's heads never to give account information to anyone or anything except to access the account it is for and only the account it is for. Developing API's that force you to use the same login information as the account itself is ridiculous. It would be different if the login page was from frontier and then they fed an authorization key behind the scenes. But that's not how it works, we actually provide the password directly to these programs and rely solely on trust that the information isn't sent out or otherwise taken advantage of.
This isn't to target EDMC specifically - it's just that giving account credentials to a third party is concerning to say the least; it should be using a third party access key/password. EDMC, from all I've heard and seen (with my very vague glances) appears fine to use.
Then you should take your concern up with Frontier, because it's their API which requires the credentials in order to pull data from your CMDR. If someone's paranoid enough to complain about it, then they can refuse to use any tools which use the API and play the base game without them.
If Frontier was concerned about the possibility of any of what you've mentioned being genuine, they wouldn't have released an API at all. If you don't like how the API works, then don't use 3rd party tools.
Paranoia - suspicion and mistrust of people or their actions without evidence or justification. If you want to complain about the method which the API uses to interface with the game, then take it up with Frontier, but don't come here all Chicken Little and try to proselytize about how unsafe and terrible everything is.
That isn't what this subforum is about.
And here we are, responding in a thread about this topic in a sub forum for the topic.
This is the first time I've personally run into third party tools that ask for this info in such a way and as posted in my response to OP; I personally don't use these as a result. However, I'm fully aware others don't have issue and indeed there's largely no inherent danger, also as mentioned.
Well aren't you constructive.
If you expose your credentials to a third party, you are effectively taking any abuse of your Frontier Store account onto yourself. So if anyone really did get into your account and spend a load of money on whatever they're offering, you alone will be liable for that!
Do not provide your login credentials to third parties.
Do not provide your login credentials to third parties.