Jump to content

How secure are security keys ?

Pathlight-

By Pathlight-
in General Discussion

 Share

Recommended Posts

Nighthawked

Nighthawked

Posted
Posted (edited)
This is my first MMO. After hearing that account hacking is very common, I started using a security key to login to my account. Is it really foolproof or could someone still hack my account?

 

Nothing is ever immune to hacking. But triple authentication is one step closer to making it as secure as possible.

 

I have it for WoW, Facebook, gmail, and my bank.

 

EDIT: The advantage of this on Facebook and gmail is: It will not ask you until you provide your correct log in. At that point you will get a text/call on your phone with the number. This can also be used as a warning indicator that somebody has your username and password. Sadly, (most players will hate it if they did this though), the authenticator for WoW and this game do not do that.

 

I prefer entering codes every time I log in than having my accounts hacked.

 

Also, it all depends on how the codes are generated. If a hacker finds out the formula for the code, it will not be safe anymore.

 

So nothing is ever hacker proof.

Edited by Nighthawked
Link to comment
Share on other sites
Mr_Crueak

Mr_Crueak

Posted
Posted (edited)
from my understanding... the only way your account can be hacked with a security key... is if :

 

They have your phone...

 

 

or...

 

 

They have your Security Key-chain dealyo

 

there are ways around it, especially if you swtor account is tied in with yoru origin account

 

nothing is ever safe, anything can be hacked. if the NSA can be hacked you can believe your BW account can be too

Edited by Mr_Crueak
Link to comment
Share on other sites
Elross

Elross

Posted
Posted

Anything that is attached to the internet CAN be hacked. That saying, it is much more difficult to hack a persons game if they have the security key. Still not impossible, but less likely to happen.

 

Other good habits to protect yourself....

 

1) Don't go to questionable sites

 

2) Keep your virus scanners up to date

 

3) Never visit a gold farmers site

 

4) Obviously never give your account info away to anyone

 

5) Don't use the same email for this game as you might for other MMOs (because if they get your email address from another MMO they can try to break into this one by guessing your password).

 

I am sure I am missing many security tips that could protect you more.

Link to comment
Share on other sites
Roodys

Roodys

Posted
Posted
from my understanding... the only way your account can be hacked with a security key... is if :

 

They have your phone...

 

 

or...

 

 

They have your Security Key-chain dealyo

 

Or if they hack your EA/orgin account origin

Link to comment
Share on other sites
Nighthawked

Nighthawked

Posted
Posted
there are ways around it, especially if you swtor account is tied in with yoru origin account

 

nothing is ever safe, anything can be hacked. if the NSA can be hacked you can believe your BW account can be too

 

And if BW is using some sort of formula to create the numbers that can be replicated.

 

Something like {AccountID} * {TimeOfDayInMilliseconds}^2 or something like that.

 

So if a hacker knows your account ID, all he has to do is enter in the time of day in milliseconds and he gets the code.

 

Of course it would never be that simple, but you know what I mean though :)

Link to comment
Share on other sites
Atredes

Atredes

Posted
Posted
This is my first MMO. After hearing that account hacking is very common, I started using a security key to login to my account. Is it really foolproof or could someone still hack my account?

 

The same security keys are used for e-banking, (vasco manufacturer), so you can say they are pretty darn safe!

Link to comment
Share on other sites
WutsInAName

WutsInAName

Posted
Posted

Security Keys are not infallible and can certainly be cracked or broken. (In fact I seem to remeber an issue at RSA this summer and there are #1 security key vendor in world)

 

A secure access(to any system) is meant to check three things

 

Something about you - your username

Something you know - your password

Something you have - a security key( a number, a swipe card for secure building access, etc)

 

 

it is only another layer, but by no means is it 100% secure just harder to crack is all.

Link to comment
Share on other sites
Nighthawked

Nighthawked

Posted
Posted
Not to change the subject but I have a security key and I was wondering what happends if you loose or break the device?

 

How would you go about getting access to your TOR account then?

 

I am in a similar situation. I would like to get the latest iPhone, but I already have mine associated with my slow, old iPhone.

 

I wish there was a way to remove it through the site. If you have it working still, I wish you can just remove it.

 

Since I do not want to be on the phone with CS all day, I will probably just keep my current iPhone as an iPod when I get the new one.

Link to comment
Share on other sites
WutsInAName

WutsInAName

Posted
Posted
And if BW is using some sort of formula to create the numbers that can be replicated.

 

Something like {AccountID} * {TimeOfDayInMilliseconds}^2 or something like that.

 

So if a hacker knows your account ID, all he has to do is enter in the time of day in milliseconds and he gets the code.

 

Of course it would never be that simple, but you know what I mean though :)

 

People have been dealing with and working on electronic and numerical security for a LONG time, like since first world war basically. A lot of smart people in fact, I am talking Albert Einstein level mathematitions.

 

This guy seems to have just blown away anything they done, in a simple 4 line forum posts.

 

/sarcasm

 

Ignorance at its finest folks.

Link to comment
Share on other sites
DarkCarnage

DarkCarnage

Posted
Posted
Not to change the subject but I have a security key and I was wondering what happends if you loose or break the device?

 

How would you go about getting access to your TOR account then?

 

you have to call, give them some account details only you and them should know, they remove it from your account, and i would have a new one on standby so once you log in can add it and resecure your account.

Link to comment
Share on other sites
Nighthawked

Nighthawked

Posted
Posted
People have been dealing with and working on electronic and numerical security for a LONG time, like since first world war basically. A lot of smart people in fact, I am talking Albert Einstein level mathematitions.

 

This guy seems to have just blown away anything they done, in a simple 4 line forum posts.

 

/sarcasm

 

Ignorance at its finest folks.

 

Ignorance? Have you ever heard of examples before?

 

I do not have 3 months to come up with whatever system they use. This post will be long dead by the time I am done.

 

Define example: an instance illustrating a rule or method, as a mathematical problem proposed for solution (dictionary.com)

 

As I said, it is more complex than that. But I do remember a site that had its authenticator algorithm broken and was able to use it.

 

My point was it is another layer, but not 100% safe.

Link to comment
Share on other sites
CadaKai

CadaKai

Posted
Posted
Security Keys are not infallible and can certainly be cracked or broken. (In fact I seem to remeber an issue at RSA this summer and there are #1 security key vendor in world)

 

A secure access(to any system) is meant to check three things

 

Something about you - your username

Something you know - your password

Something you have - a security key( a number, a swipe card for secure building access, etc)

 

 

it is only another layer, but by no means is it 100% secure just harder to crack is all.

 

 

The reason their keys were hacked is that hackers broke into their system and were able to get the seed numbers for their devices. Had they secured their seed numbers their devices wouldn't have gotten hacked.

 

 

Since the security keys use a seed number that is generated at the time you install in a hacker would have to know the algorithm the keys use, and the seed number used by your device.

 

If they had all the seed numbers and algorithm they would still have to match each seed number up to an account, and password.

 

So basically it would be nearly impossible, and probably not worth the time for a hacker to try to access a security keyed account when it would be so much easier to just get a username/password combo for an unsecured account using easy methods.

Link to comment
Share on other sites
BigBadEdward

BigBadEdward

Posted
Posted

The chances you are going to be hacked when you have a security key are very slight simply because there are plenty of people who don't have one. Anything is possible, security is quite often about making yourself as small a target as possible.

 

It's like locking you car door, chances are a car thief will try yours then move on to one that isn't locked.

Link to comment
Share on other sites
WutsInAName

WutsInAName

Posted
Posted
Ignorance? Have you ever heard of examples before?

 

I do not have 3 months to come up with whatever system they use. This post will be long dead by the time I am done.

 

Define example: an instance illustrating a rule or method, as a mathematical problem proposed for solution (dictionary.com)

 

As I said, it is more complex than that. But I do remember a site that had its authenticator algorithm broken and was able to use it.

 

My point was it is another layer, but not 100% safe.

 

Now look up the definition of ignorance. It is not derogatory as you seem to think it is.

 

You were simply speaking security algorithms and trying to dumb them down when you have little to no information on the subject matter.

 

Even as an actual programmer I dont know very much about security algorithms. Thats for the people who are truley gifted at and love math.

 

My point was dont try to make something people have been struggling with for a hundred years sound simple that a gaming company is about to solve it.

Link to comment
Share on other sites
chton

chton

Posted
Posted
This is my first MMO. After hearing that account hacking is very common, I started using a security key to login to my account. Is it really foolproof or could someone still hack my account?

 

Account hacking isn't very common, unless you buy gold, pay levelling services, go to hack sites. Never been hacked, never knew anyone in 15 years who got hacked. Don't give out your PW, don't dl hacks and you'll be fine. Or listen to the fearmongers.

Link to comment
Share on other sites
 Share
Go to topic listing
×
×
  • Create New...