Jump to content

Security Key: I think it's a waste

cipher_nemo

By cipher_nemo
in General Discussion

 Share

Recommended Posts

cipher_nemo

cipher_nemo

Posted
Posted

I've recently seen other threads related to the security key, but all of them were too specific for my overarching issues with them or in customer service threads that sadly get no attention from the community as a whole. In other words, sorry if this is duplicated somewhere.

 

Since my security key came bundled with the CE, I used it for a while. But now I have it disabled due to many issues. Here's why I think the security key is a total waste of time both for us a customer and for EA/Bioware...

 

1.) Bioware won't (or can't?) let us use multiple keys on the same account, nor can we use a mobile key and their mobile device app on the same account. I don't want to carry my key around with everything, so locking my account into one mobile key is a huge inconvenience.

 

2.) If we have it enabled, we need to use the key to get to the forums. Why can't we just have login approvals from pre-set devices (eg: we could easily authorize specific IPs/devices we want to use with the forums and the client). After all, if I connect to the client from another IP address, the launcher will ask me to answer one of my security questions.

 

3.) There were issues with people getting locked out when switching from mobile key to mobile device app. Is that fixed yet? And since they even had this issue in the first place would I ever trust Bioware to keep it from locking me out in the future? Nope.

 

4.) The only way to change my key or disable it is to contact phone support. There should be a way to do this online with the original key and security questions to verify. The whole point of a security key is to make account access both secure and convenient for the end user. If I have to waste time phoning your support, the convenience is nullified. I might as well just call you first before launching the client each time, since that's roughly just as convenient.

 

5.) The in-game vendor for current Key users sells near-worthless junk. And it's not unlocked permanently for those who once used the key. It's only unlocked while you continue to use your security key. No incentive there to keep using it.

 

What's your opinion on this security key?

Link to comment
Share on other sites
  • Replies 130
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Lurkz

Lurkz

Posted
Posted (edited)

I like my security key and will continue to use it. As far as your items 1&2 are concerned... this is exactly how the Blizzard security key works so... sorry? Don't know what to tell you. You attach one it only makes sense to use it since the whole point is to make sure someone else isn't using your account.

 

As for the issues with having to disconnect it via phone and such, I imagine those problems will get fixed eventually. Though, yes, I will grant that they're pretty irritating in the meantime for anyone who needs to detach a security key.

 

Edit: As for the in-game vendor... they didn't even HAVE to give us that. I would imagine more things would get added later but given that it's just a vendor for some cosmetic perk stuff, why are you so annoyed that it only has a few items? It will never sell anything that would change the game because that would be unfair to people who don't have or can't get a security key. Same way the CE vendor is cosmetic items only, or even the social items vendor. They aren't going to give you some super awesome item or whatever just because you have a security key, it's just a perk.

Edited by Lurkz
Link to comment
Share on other sites
TheTurniipKing

TheTurniipKing

Posted
Posted (edited)
My opinion? If you dont have one and you get hacked. No restores. Simple.

If EA can't offer adequate account security without external devices and extra expense, they don't deserve our custom.

 

(and yes, there are many ways to increase security without requiring external devices: A second password, for example: The trick is the second password is never requested in it's entirety. Instead, two or three random characters from within the password are required, making it impossible for keyloggers to capture the entire password in a single login session).

 

An external security key is simply both an inconvenience and an unnecessary extra expense.

Edited by TheTurniipKing
Link to comment
Share on other sites
PostalTwinkie

PostalTwinkie

Posted
Posted

1) The whole purpose of having an extra security layer, is for the extra security. The more devices you have for authentication in any situation lowers the level of security that additional layer adds.

 

Think of it this way; If you have a lock and 1 key, it is fairly secure. Same lock with 10 keys, it isn't nearly as secure because the odds of a key being compromised are greatly increased.

 

2) IP address can easily be spoofed, as can MAC addresses. This feature would be easily circumvented, and thus not worth the time to have it. As it really doesn't add an extra layer of security.

 

3) The issue of people being locked out almost always falls back on the fact that people didn't write down their serial number of the authenticator, like they should have. When switching devices you have to have the unique serial number, it is an additional security feature.

 

4) I agree with this, there shouldn't be any reason that you can't disable the key from the website. So long as you can provide the serial number of the authenticator, which people should be writing down somewhere safe.

Link to comment
Share on other sites
Kindara

Kindara

Posted
Posted (edited)

Funny how all of the OP's options for security are like way way easier to hack then making use of the key. Not to mention they're far more troublesome if you buy a new computer or change ISP i went through this with DDO since they do something similar and it locked me out of my account. I just wanted to resub and I couldn't so I had to go through an insane amount of mess and wait 14 days once they gave me temporary access to my account to have full access to forum and web account features.

 

Security Key & App = better safer option.

 

If you dont like keeping your account for yourself adn enjoy having people steal your information, your creds, your gear adn leaving you with nothing but a shell of account please stop using the security or its app.

 

There's a reason why game developers are turning to security key devices and apps. Because they're not as easy to circumvent and lower the amount of money and a time a company's security team has to spend on investigating theft which is a major issue in mmo gaming.

Edited by Kindara
Link to comment
Share on other sites
cipher_nemo

cipher_nemo

Posted
  • Author
Posted
My opinion? If you dont have one and you get hacked. No restores. Simple.

 

Yeah, "get hacked", as in I would have to be a moron to practice unsafe browsing and online habits. Very slim chance of that happening. I use Firefox w/ NoScript, WoT, AdBlock, and variety of other addons. But the most important tool and my first line of defense is being able to spot phishing attempts, questionable domains, funny javascript, and browser exploits a mile away. My last line of defense is NOD32. No, the security key is for the average computer user who doesn't know a lick of anything about safe browsing or security.

 

More layers of security is always nice, and I would welcome it, provided that it doesn't seriously detract from my day-to-day conveniences.

 

As for my account, if I attempt to access from anywhere other than my known IPs Bioware would prompt me with a security question. And my password is unique to just TOR. Of course nothing is a pure 100% when we talk about security, but what someone would gain from the attempt doesn't outweigh the efforts, so no, I'm not worried of getting hacked.

Link to comment
Share on other sites
Lurkz

Lurkz

Posted
Posted
Yeah, "get hacked", as in I would have to be a moron to practice unsafe browsing and online habits. Very slim chance of that happening. I use Firefox w/ NoScript, WoT, AdBlock, and variety of other addons. But the most important tool and my first line of defense is being able to spot phishing attempts, questionable domains, funny javascript, and browser exploits a mile away. My last line of defense is NOD32. No, the security key is for the average computer user who doesn't know a lick of anything about safe browsing or security.

 

More layers of security is always nice, and I would welcome it, provided that it doesn't seriously detract from my day-to-day conveniences.

 

As for my account, if I attempt to access from anywhere other than my known IPs Bioware would prompt me with a security question. And my password is unique to just TOR. Of course nothing is a pure 100% when we talk about security, but what someone would gain from the attempt doesn't outweigh the efforts, so no, I'm not worried of getting hacked.

 

Ok, you're personally not worried about getting hacked. Good for you?

 

Others of us, who btw ALSO practice all your safe browsing habits, would rather have that extra layer just to be safe. So why do you care if we want to use the security key (which is implemented logically other than the difficulty with removing/replacing it) and you don't want to use it?

Link to comment
Share on other sites
cipher_nemo

cipher_nemo

Posted
  • Author
Posted
Ok, you're personally not worried about getting hacked. Good for you?

 

Others of us, who btw ALSO practice all your safe browsing habits, would rather have that extra layer just to be safe. So why do you care if we want to use the security key (which is implemented logically other than the difficulty with removing/replacing it) and you don't want to use it?

 

Don't get me wrong, I'd welcome the extra layer of security. But when Bioware doesn't let you have multiple keys for one account it severely hampers the convenience for me.

 

And you didn't seem to get the overall gist of the thread. It's not about me caring if other members use it. It's about how unflexible and awkward the security key implementation is for SWTOR.

Link to comment
Share on other sites
cdstephen

cdstephen

Posted
Posted
I like my security key and will continue to use it. As far as your items 1&2 are concerned... this is exactly how the Blizzard security key works so... sorry?

 

So just because a company does it one way Bioware has to copy them exactly, even the bad parts?

 

Oh wait, it's Blizzard. This is to be expected. Carry on.

Link to comment
Share on other sites
Apocalypsezero

Apocalypsezero

Posted
Posted
Yeah, "get hacked", as in I would have to be a moron to practice unsafe browsing and online habits. Very slim chance of that happening. I use Firefox w/ NoScript, WoT, AdBlock, and variety of other addons. But the most important tool and my first line of defense is being able to spot phishing attempts, questionable domains, funny javascript, and browser exploits a mile away. My last line of defense is NOD32. No, the security key is for the average computer user who doesn't know a lick of anything about safe browsing or security.

 

More layers of security is always nice, and I would welcome it, provided that it doesn't seriously detract from my day-to-day conveniences.

 

As for my account, if I attempt to access from anywhere other than my known IPs Bioware would prompt me with a security question. And my password is unique to just TOR. Of course nothing is a pure 100% when we talk about security, but what someone would gain from the attempt doesn't outweigh the efforts, so no, I'm not worried of getting hacked.

 

I've seen the same thing said by many a person that's been hacked.

Link to comment
Share on other sites
Pink_Saber

Pink_Saber

Posted
Posted (edited)

1.) Bioware won't (or can't?) let us use multiple keys on the same account, nor can we use a mobile key and their mobile device app on the same account. I don't want to carry my key around with everything, so locking my account into one mobile key is a huge inconvenience.

 

That's how they work. As soon as you configure your account to require a certain authenticator to log you in, it... well, requires you to use that authenticator to log you in. That's the whole point, and these types of authentication systems always work this way.

 

2.) If we have it enabled, we need to use the key to get to the forums. Why can't we just have login approvals from pre-set devices (eg: we could easily authorize specific IPs/devices we want to use with the forums and the client). After all, if I connect to the client from another IP address, the launcher will ask me to answer one of my security questions.

 

This is because Bioware rightly assumes that if you want to protect your account with an authenticator, that you really want to. It wouldn't be much good if someone could just use the website to get in without it, and change settings (like, presumably at some point, the need to use your authenticator to get into the game).

 

 

3.) There were issues with people getting locked out when switching from mobile key to mobile device app. Is that fixed yet? And since they even had this issue in the first place would I ever trust Bioware to keep it from locking me out in the future? Nope.

 

I don't know if it's fixed yet, but here's another one for you: because accounts have been hacked in the past, it's probably safe to assume that can happen again, too. Your call.

 

4.) The only way to change my key or disable it is to contact phone support. There should be a way to do this online with the original key and security questions to verify. The whole point of a security key is to make account access both secure and convenient for the end user. If I have to waste time phoning your support, the convenience is nullified. I might as well just call you first before launching the client each time, since that's roughly just as convenient.

 

I'm sure they'll have this eventually. Incidentally, the purpose of the security key is not convenience at all: it's security. And, really, comparing having to use the phone one time in the unlikely event that something breaks to having to use it every time you log in is laughable.

 

5.) The in-game vendor for current Key users sells near-worthless junk. And it's not unlocked permanently for those who once used the key. It's only unlocked while you continue to use your security key. No incentive there to keep using it.

 

Huh? You're saying it's only unlocked while you use your key, but then say there's no incentive to keep using your key. Which is it?

 

In any case, if the only reason you're using a key is to get access to a vanity vendor... well, hey, at least you're using one, and that's good. Personally, I'm far more concerned with the security of my account and stuff like, potentially, access to my credit card. Whatever floats your boat.

 

What's your opinion on this security key?

 

I wouldn't play a subscription-based game without one. And I do Internet security for a living... If there's one thing you learn really early, it's that you're not too smart to get targeted. Nobody is. Plenty of people who've done nothing wrong other than not use an authenticator have been hacked in other games. If you think you're smart enough to beat the bad guys without using the tools available to protect yourself, you're not as smart as you think you are.

Edited by Pink_Saber
Link to comment
Share on other sites
PostalTwinkie

PostalTwinkie

Posted
Posted
Don't get me wrong, I'd welcome the extra layer of security. But when Bioware doesn't let you have multiple keys for one account it severely hampers the convenience for me.

 

And you didn't seem to get the overall gist of the thread. It's not about me caring if other members use it. It's about how unflexible and awkward the security key implementation is for SWTOR.

 

Security is awkward and inflexible by nature, that is part of what makes it secure. It is a series of events that take place in a strictly controlled manner, anything outside of those narrow confines is deemed invalid. The more "flexible" a security feature is the less secure it is, to a point that it isn't a security feature but a vulnerability.

 

I will also blow your mind a little......

 

No matter how secure you think you are when browsing, no matter how many commercial options for security you have in place, you aren't as secure as you think you are. Remember, in most cases security software is playing catchup to the threat....not the other way around.

Link to comment
Share on other sites
IrotNoot

IrotNoot

Posted
Posted

I also share Ciphers opinion on this.

 

Why would I make it harder for me to log in to the game for no benefit? I've never been hacked and go to great lengths to keep my computer clean of such garbage as an overall practice. Proper firewalls and simple security steps all but eliminate these types of problems a keygen fob prevents. I figure, at best, someday, ill have a problem with the keygen that will keep me out of my account for however long it takes Biowares inept CS dept at this point to clear it up. Simply not worth it. If I someday get hacked it wont even change my mind, as I would look at it as an overall security problem.

 

Buying a keyfob thing like this is really for the lazy or the types of people that dont really care or understand if their computer is overrun with viruses and the such, yet still want to play. I prefer to keep my overall computer clean and free of such things instead of putting additional layers of security on top of my what already should be secure computer.

 

Its not for me, but hey, if you want it, more power to you. Just my opinion.

Link to comment
Share on other sites
iain_b

iain_b

Posted
Posted
If EA can't offer adequate account security without external devices and extra expense, they don't deserve our custom.

 

(and yes, there are many ways to increase security without requiring external devices: A second password, for example: The trick is the second password is never requested in it's entirety. Instead, two or three random characters from within the password are required, making it impossible for keyloggers to capture the entire password in a single login session).

 

An external security key is simply both an inconvenience and an unnecessary extra expense.

 

What you are suggesting is the exact same thing as the authenticator except that your second token is still fixed which defeats the purpose. Any keylogger would eventually identify all the characters of your fixed second password. :rolleyes:

 

The point of 2-factor authentication is that the second pass-phrase is randomized and only used for a short window (ie 60 seconds).

Link to comment
Share on other sites
cipher_nemo

cipher_nemo

Posted
  • Author
Posted (edited)
If EA can't offer adequate account security without external devices and extra expense, they don't deserve our custom.

 

(...)

 

An external security key is simply both an inconvenience and an unnecessary extra expense.

 

QFT.

 

 

I've seen the same thing said by many a person that's been hacked.

 

Word of mouth. Everyone's an expert. "But I've seen..." Yeah, yeah, we all know the pitfalls of those arguments.

 

Keep in mind this is a game, not a bank account. You have to understand the motives behind the hackers attempting to gain control of an account before you can assess the threat. The way panicked, naive people worry about getting hacked is quite amusing. Hackers who want to get control over online accounts such as SWTOR, Facebook, your e-mail, etc., only make money in quantity. They have little reason to orchestrate elaborate attacks on specific accounts. Someone would have to be hell-bent on personal revenge to want to try to target some individual gamer's MMO account. So we use layers of security to protect against those mass attacks, not individual attacks.

 

Point of this thread is: security keys are a waste because I can A.) handle my own account security just fine without relying on a crutch, and B.) the inconvenience of EA/Bioware's implementation of the security key is not enough of an incentive to get me to keep using it.

 

And if you're really worried about a hacking attempt that's targeted specifically at YOUR account instead of thousands of accounts, the security key is not a guaranteed, 100% fail-proof means of stopping that hack.

 

Huh? You're saying it's only unlocked while you use your key, but then say there's no incentive to keep using your key. Which is it?

 

I tried it and it's not available when you have your mobile authenticator deactivated on your account.

Edited by cipher_nemo
Link to comment
Share on other sites
PostalTwinkie

PostalTwinkie

Posted
Posted
I also share Ciphers opinion on this.

 

Why would I make it harder for me to log in to the game for no benefit? I've never been hacked and go to great lengths to keep my computer clean of such garbage as an overall practice. Proper firewalls and simple security steps all but eliminate these types of problems a keygen fob prevents. I figure, at best, someday, ill have a problem with the keygen that will keep me out of my account for however long it takes Biowares inept CS dept at this point to clear it up. Simply not worth it. If I someday get hacked it wont even change my mind, as I would look at it as an overall security problem.

 

Buying a keyfob thing like this is really for the lazy or the types of people that dont really care or understand if their computer is overrun with viruses and the such, yet still want to play. I prefer to keep my overall computer clean and free of such things instead of putting additional layers of security on top of my what already should be secure computer.

 

Its not for me, but hey, if you want it, more power to you. Just my opinion.

 

It is obvious that you are another person that doesn't understand the concept of Multi-factor authentication. I sometimes feel for software companies, either they aren't secure enough or they are too secure in the eyes of some customers.

Link to comment
Share on other sites
Lurkz

Lurkz

Posted
Posted
So just because a company does it one way Bioware has to copy them exactly, even the bad parts?

 

Oh wait, it's Blizzard. This is to be expected. Carry on.

 

Not what I said. I was pointing out that the other major MMO with a security key (that I have personal experience with) works the same way. Now, if there's some OTHER security key for an MMO out there that works differently, great. I don't personally know about it and am not going to make a comparison because I don't have the knowledge to do so.

 

However, just because Blizzard did something doesn't mean it's bad, which seems to be what you're implying. Not everything they do is good but nor is it automatically bad either. And in the case of only allowing ONE authenticator which you then actually HAVE to use, well... this make sense in security. Multiple keys just means you now are that much more likely to lose one or have it stolen and hey presto, someone can now get into your account. Requiring it to be used? As I said, the point is to make sure it's you so it MAKES SENSE that it requires it to be used.

 

This is a logical way for a security key to be enacted and yes, both Bioware and Blizzard do it. Probably because it makes sense.

Link to comment
Share on other sites
Keta

Keta

Posted
Posted

I use the security key on my iPhone and like it. Yes, I'd really like to have one tied into my android tablet as well so I could use whichever one was more convenient at any given moment. I'd also like to be able to remove it from my account through the website and add a new one on if I ever do remove it. But I can't do any of that so I'll just use the security key I have because it makes my account a bit more secure from Chinese/Indian/American hackers and farmers.

 

And I'll keep using it until I lose or break my iPhone and have to call Bioware to get it removed. Then I'll make the 37,987,342 thread about how the authenticator sux and it's all Bioware's fault and how they suck. Because it would obviously be Bioware's fault that I dropped my iPhone on The Queen K while cycling in Kona, Hawaii.

Link to comment
Share on other sites
iain_b

iain_b

Posted
Posted (edited)
That's how they work. As soon as you configure your account to require a certain authenticator to log you in, it... well, requires you to use that authenticator to log you in. That's the whole point, and these types of authentication systems always work this way.

That's not entirely true. RSA SecureID allows you to have multiple devices/dongles attached to a single account.

 

I used to manage the RSA tokens for my group at my old job- I had multiple tokens assigned to my account so I could keep a keyfob at work, at home and a software key on my Blackberry.

Edited by iain_b
Link to comment
Share on other sites
Redcorn

Redcorn

Posted
Posted

Just curious, why do you need multiple authenticators for one account? Is it that you share the account with family? Not a flame, just curious.

 

 

My network and PC are only moderately secured. I use flash, view email in html mode, and plenty of other things I would never do if I wanted to be solid on my security. Heck, if I wanted to be solid I would use no radio waves with my setup and never connect to any other machine.

 

But that is not life. I play it like I expect to get hacked. Anti-virus, anti-malware, and all the conventional safety steps have been taken, but there is always a new vulnerability.

 

So I say use the authenticator. Most hacks are client-side/social engineering in nature.

 

 

Yes, there should be a way to remove the authenticator needed access from the website.

Link to comment
Share on other sites
 Share
Go to topic listing
×
×
  • Create New...