The POS Password Theft Era Ends - Citadels Replace Starbases (2016)

The POS Password Theft Era Ends - Citadels Replace Starbases (2016)

From the introduction of Player-Owned Starbases in 2005 through the rollout of Upwell structures a decade later, every fortified facility in EVE - from a one-corp moon-mining tower to a flagship alliance research POS - sat behind the same primary access control: a short, shared starbase force-field password. Anyone holding the password could warp inside the shield. Inside the shield, ships and modules sat in hangar arrays, capital construction lines hummed, and corp wallets paid weekly fuel bills. Outside the shield, you could shoot at the tower for hours and accomplish nothing.

The password itself had no in-game protection. It was a string, set by whoever had Starbase Management roles, and shared by mouth, by Jabber, by Mumble, by alliance Discord, and - fatally - by anyone who had ever held the role and then quit the corp without the password being changed. There was no per-pilot ACL, no rotation enforcement, no lockout on guessing, and (for most of the era) no distinction between "may pass through the shield" and "may operate the structures inside it". A defector with director roles and the current password could empty an alliance's industrial backbone overnight; a defector with just the password and no roles could still bump AFK pilots, board unlocked ships, and warp them out one at a time.

The cultural rule the era produced was simple: the password is the asset, and the asset is always one disgruntled member away from being for sale. EVE's defining heists - the Guiding Hand Social Club's 2005 infiltration of Ubiqua Seraph and the Haargoth Agamar betrayal that disbanded Band of Brothers in 2009 - drew much of their weight from the POS era's specific geometry: critical infrastructure was concentrated inside a small number of password-locked bubbles, and a single trusted insider could compromise all of them.

The most-cited cautionary tale of the late-era POS is also one of the simplest. On 6 September 2015, a pilot named Foedus Latro of the corporation Isogen 5 idly tried 1234 against a hostile POS in HB-5L3, Cobalt Edge - and the shield let him in. The POS belonged to a pilot named Scheldor Imperator, who had used the same trivial password on a second tower at a neighbouring moon. Foedus and his corpmates spent the afternoon looting Megathrons and Rattlesnakes from the first POS, then moved to the second POS - same password - and destroyed two parked Chimeras. The whole operation required no inside man, no leak, no social engineering. Just 1234. The contemporary EVE News 24 retrospective made the obvious point: the same assets, parked in any nearby NPC station, would have been untouchable.

The era ended not with a single dramatic incident but with an expansion. On 27 April 2016, Citadels launched and introduced the Upwell structure family - Astrahus, Fortizar, Keepstar - with proper docking, per-pilot ACL access, structure timers, and no shared password mechanic at all. POSes did not vanish overnight; full feature-parity migration ran through 2016-2018, with reactions and moon mining moving to Refineries in the Lifeblood expansion (October 2017) and the last industrial roles transferring in Onslaught (November 2018). But the strategic logic of "anchor the password to the asset" was over the day Citadels shipped. New construction went straight to Upwell; legacy POS networks were torn down or quietly let lapse. By the end of 2018, a fresh capsuleer could play EVE for years without ever knowing what a starbase password was.

The shape of EVE's social-engineering attacks survived the transition - director-roles theft, structure-transfer scams, infiltration heists are all still recurring news - but the specific POS-password sub-genre is a closed chapter. For returning players who last played pre-2016: the rituals of memorising the password, rotating it after every membership change, and treating any leaked password as a reason to evacuate the entire moon, are no longer part of corp life.