Jump to content

Security Key: I think it's a waste


cipher_nemo

Recommended Posts

I don't ever need to reply to that directly

 

You just did...

 

But I will make a poignant statement: SWTOR is a game, not a bank account. Should TSA frisk you every time you get into a personal vehicle like they do at public airports?

 

Analogy failure. Security key is an elective option.

Edited by Paralassa
rude quote
Link to comment
Share on other sites

  • Replies 130
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

I don't ever need to reply to that directly, because I could really care less what you believe. But I will make a poignant statement: SWTOR is a game, not a bank account. Should TSA frisk you every time you get into a personal vehicle like they do at public airports?

 

 

Then don't get a key and don't worry about it. No one held a gun to your head and said, "Get a key now!" If you feel safe with standard password only security that's fine. You say it's not a bank account but many invest enough time and money into MMO's for them to be a second job. Stealing and pillaging MMO accounts is a thriving underworld business and nets millions of dollars a year. Your ignorance to the threat and the monetary gains and loses aside; if you don't care about losing everything because it's just a game then don't use it.

Link to comment
Share on other sites

I don't ever need to reply to that directly, because I could really care less what you believe. But I will make a poignant statement: SWTOR is a game, not a bank account. Should TSA frisk you every time you get into a personal vehicle like they do at public airports?

 

Then why do you care about your account security at all? Just use "password" for your password and see how far that gets you. Oh yeah you're account would be hacked overnight and you'd be on here complaining that Bioware doesn't know security because you got hacked.

 

You obviously care about your account since you mentioned the methods you use to keep yourself secure (which btw...doing so is itself compromising your security...knowledge is half the battle a lot of the time in security), so you know the money and time you invested into your account is valuable. As much as the place that stores your money, perhaps not to you, but personally they both represent an investment of the most finite resource...time...which you can never get back.

Edited by Thunder-God
Link to comment
Share on other sites

That's the thing about good security practices, they are not convenient.

 

You're absolutely right. You have to weigh the guaranteed inconvenience of extra security against the potential loss/inconvenience of having your security fail. Contrary to the near-monolithic opinion in this forum thread, that's not a cut-and-dried choice in favor of the extra security -- not when we're talking about security for an online game.

 

For my part, I was initially tempted to buy the key fob just for thoroughness' sake, but I was put off by reports that it would be difficult to change my mind later. I was put off by the fact that (apparently) I can't even search the game's forums without logging in. Finally, I just decided the whole thing wasn't worth the hassle. It'd suck to get hacked, but like I said, the prospect of losing in-game assets ain't gonna keep me up nights.

 

None of the above makes me a luddite (though I am one, generally; damn kids and their Facebook/Twitter/Smartphones!) or ignorant. Then again, maybe I am ignorant, given the following:

 

You argue that there is no need to protect your SWTOR account because its importance is below that of accounts you deem more valuable, such as your bank account. Another point of yours that shows your lack of intelligence in the IT security world. Any account / login combination is valuable. People use the same login names and the same passwords all the time in different places. You're a liar if you say you have never repeated a password, or a small variation of one.

 

Interesting. Maybe you can educate me here: how does the security key protect my password information? I'm honestly curious, because my understanding was that the security key will simply prevent an intruder who already has my password from accessing my account.

 

That's where I come to the conclusion that the the security key isn't doing anything to protect my non-SWTOR assets/information. From there, I conclude that the inconvenience isn't worthwhile, because if I am compromised, then I have much bigger concerns than my game account. You seem to be saying that the security key would prevent people from ever learning my other account info (password, email, etc).

Edited by Invictos
Link to comment
Share on other sites

I think I and others may look at this from the opposite direction. Considering that a couple in this thread have alluded to me being oblivious to computer security, I thought Id put just what Ive done to secure my environment.

 

IF I somehow got some sort of key logger virus on my computer, I want to know about it. I take great pains to keep such garbage out of my computer. Simply securing my SWTOR account does nothing for my overall computer whatsoever. Sure it may make it so my SWTOR account is harder to hack, but what about everything else on my computer?

 

An example, this is how I secure my computer, and I feel its far superior to a keygen alone.

 

First, I run OS X on my Mac Pro tower most of the day for my work (I'm a work from home software engineer). I didn't pick the hardware or the operating system, its the equipment the investment company I work for provides me. It is however all I have to game on since I'm too cheap to buy a specific gaming machine. I have Win7 64 on a small bootcamp partition, that pretty much ONLY runs SWTOR. I'm never in Win7 unless I'm playing SWTOR and don't "surf" when I boot into Win7, its not necessary since I have another computer (OS X email server) sitting 2 feet to my left. If I need to download a program, its generally open Opera, straight to the URL of the company I need and done. I have Win7 locked down like Fort Knox, everything that can be blocked is. I have top of the line Cisco hardware firewall that all of my machines are behind. The ONLY machine on my network that ever runs Windows is my Mac Pro when I'm playing SWTOR, everything else is either OS X or CentOS Linux (I host about a half dozen servers in my house) The vectors for various viruses, trojans and such of infecting my computer are way smaller than the pita of screwing around with a fob or application on my phone every time I want to log in. Most importantly though, is I NEED to know if I've been compromised in any manner and simply securing SWTOR isn't enough. I secure my entire world.

Edited by IrotNoot
Link to comment
Share on other sites

Have the key on my Iphone, so it's with me at all times anyway.

 

I would never use the key you get with the CE, would be a pain to keep that on you.

 

It's a layer of protection against hackers, which makes it great.

 

Don't like it, simply don't use it, it takes 5 secs (if that) to login with it.

Edited by Tekkoclarky
Link to comment
Share on other sites

 

 

Interesting. Maybe you can educate me here: how does the security key protect my password information? I'm honestly curious, because my understanding was that the security key will simply prevent an intruder who already has my password from accessing my account.

 

 

You won't know or be able to test if it's a successful login without it. If you're getting keylogged then you're right, it does nothing. But if you got phished or someone was making a brute force attempt then there would be no way to discern between successful and unsuccessful logins without the key.

Link to comment
Share on other sites

Interesting. Maybe you can educate me here: how does the security key protect my password information? I'm honestly curious, because my understanding was that the security key will simply prevent an intruder who already has my password from accessing my account.

 

That's where I come to the conclusion that the the security key isn't doing anything to protect my non-SWTOR assets/information. From there, I conclude that the inconvenience isn't worthwhile, because if I am compromised, then I have much bigger concerns than my game account. You seem to be saying that the security key would prevent people from ever learning my other account into (password, email, etc).

 

It depends on how exactly the attacker got your password...

 

Your login ID is obv... your email. Have you ever used your password elsewhere? or a derivation of it? Say you used the same password for Gawker. Gawker gets hacked. Now, the Username and Password you used are on a list some hacker has. They try those emails in an automated app that test login to a number of games.

 

...and you are hacked without your machine ever being touched.

Edited by Zarrot
Link to comment
Share on other sites

IF I somehow got some sort of key logger virus on my computer, I want to know about it. I take great pains to keep such garbage out of my computer. Simply securing my SWTOR account does nothing for my overall computer whatsoever. Sure it may make it so my SWTOR account is harder to hack, but what about everything else on my computer?

 

(...)

 

Most importantly though, is I NEED to know if I've been compromised in any manner and simply securing SWTOR isn't enough. I secure my entire world.

 

Excellent viewpoint! This is why I even bother reading and responding to the thread. Someone takes the time to think outside the confines of knee-jerk reactions like so many others. Thanks for sharing that. :)

 

Then don't get a key and don't worry about it. No one held a gun to your head and said, "Get a key now!" If you feel safe with standard password only security that's fine.

 

Indeed, that's where I am right now. Happily playing TOR in my free time and no worries about being hacked. And that's why I posted the op in the first place. I'll starting quoting myself since so many posters don't read everything from the person they're arguing with...

Don't get me wrong, I'd welcome the extra layer of security. But when Bioware doesn't let you have multiple keys for one account it severely hampers the convenience for me.
Link to comment
Share on other sites

I secure my entire world.

 

(Trimmed for space, not for irrelevance, entire post was relevant)

 

The key is an extra layer of security for your SWTOR login credentials. That's it. There is no way to deny that it is an extra layer of increased security. Regardless of how secure you make everything, adding the key makes it more secure.

 

Now it may not be necessary for everyone though. If you have a 1000 foot concrete wall, its not as secure as a 1001 foot concrete wall.

 

You don't think you need it, don't use it. You think its too inconvenient, don't use it. Arguing that its pointless, is incorrect.

Link to comment
Share on other sites

The key is an extra layer of security for your SWTOR login credentials. That's it. There is no way to deny that it is an extra layer of increased security.

 

Then why not another layer? Why not four layers? Five? Six? I think you can see where I'm going with that. More layers always means less convenience. All I'm asking for is that EA/Bioware make that second layer more convenient for those who want the option of having multiple authenticators. Those who don't, fine, keep your authenticator and no need to change anything.

Link to comment
Share on other sites

And as I told you multiple keys for one account invalidates the security and shows how poorly you understand the concept.

 

Wrong. Having two or more encryption numbers tied to your account does not "invalidate" that layer of security. It makes it more accessible for me.

Link to comment
Share on other sites

More layers of security is always nice, and I would welcome it, provided that it doesn't seriously detract from my day-to-day conveniences.

 

Seriously, press button, input 8 numbers is inconvenient?

And if you're security is so secure, why do you even care?

Link to comment
Share on other sites

As im sure you know about security than my bank, right...

 

Most banks these days do offer two-factor auth. I know the ones I deal with do.

 

Anyway, to the people saying it's lazy, or that people only need an authenticator if they don't secure their own computers, all I can say is that you're naive. I've seen cases first-hand where an ISP's DNS server cache was poisoned, and requests for IP addresses were being forged by hackers to redirect traffic to their sites. This wasn't to break into a bank account, or steal credit cards -- it was done to hack into WoW accounts.

 

You know what you could do to prevent this sort of thing from happening? Jack squat. The best you can do in a case like this is have measures in place so that when your data is intercepted, it's useless to the person who got it. That's what one-time passwords like the kind you get from authenticators give you. If someone steals your credentials, they better work fast, because in a few seconds they'll be useless. And you can't single-handedly prevent people from stealing your credentials. It doesn't matter if you think you have that power; you don't.

 

If you really think you can do anything on your own to prevent getting owned by an attack like that (and again, this isn't just theoretical -- it's actually happened), you're just wrong. As long as you're willing to accept the risk for yourself, that's fine. But to try to suggest to other people that their own security is entirely a matter of keeping their own machines safe is just irresponsible.

Edited by Pink_Saber
Link to comment
Share on other sites

Then why not another layer? Why not four layers? Five? Six? I think you can see where I'm going with that. More layers always means less convenience. All I'm asking for is that EA/Bioware make that second layer more convenient for those who want the option of having multiple authenticators. Those who don't, fine, keep your authenticator and no need to change anything.

 

That's why there's one. Because it's the least "inconvenient".

 

I disagree on your definition of inconvenience, I think typing a 10 digit key that you can bring up on your phone in 5 seconds is an extremely small con against the pros for security. You must get inconvenienced very often.

 

More keys makes it less secure, which as stated before, negates the point of providing an increased layer of security.

Link to comment
Share on other sites

Interesting. Maybe you can educate me here: how does the security key protect my password information? I'm honestly curious, because my understanding was that the security key will simply prevent an intruder who already has my password from accessing my account.

 

That's where I come to the conclusion that the the security key isn't doing anything to protect my non-SWTOR assets/information. From there, I conclude that the inconvenience isn't worthwhile, because if I am compromised, then I have much bigger concerns than my game account. You seem to be saying that the security key would prevent people from ever learning my other account into (password, email, etc).

 

First of all the security key does nothing to secure anything other than your SWTOR account. Anyone claiming otherwise is jacking you around.

 

The security key introduces a second factor of authentication. By default they use a system of "something you know", your password. In combination with your account name to identify which account you are accessing, that forms the first level of authentication. Also backed up by "something you know", your security questions. There are multiple of those since is it less likely that someone would know multiple answers unless they really knew you.

 

The security key introduces the authentication method "something you have". The likelihood of someone cracking into your account from the internet is pretty high. The likelihood of someone breaking into your house and cracking into your account from your own computer is rather low...the risks are just so much higher for that kind of crime. They just don't do it that way. Just like they probably won't run up to you and point a gun at your head and demand you login to your account so that they can gain access.

 

The security key offers physical security...it is in your possession and is a unique device to access your account. They would have to resort to those physical security violations I mentioned above (breaking into your home or wherever you keep your key or run up to you and sticking a gun to your head to get your key from you) to get access to your security key. The fact that those kinds of crimes are extremely rare, and someone trying to get your key through those methods would be even more rare. Even if they were to do those crimes....they would most likely not have access to your other authentication method...your password. Obviously if someone is really determined they could acquire both through those methods, but everyone knows that is extremely unlikely for a game account (and even for a personal bank account).

 

The security of the system is based upon there being only one device per account. The minute you make it possible to add multiple physical authenticators the lower your security is. Like having multiple keys to your home...the more you have the more likely one of those will be compromised.

Edited by Thunder-God
Link to comment
Share on other sites

a second password wouldn't work against key loggers.

 

heres why

 

 

keylogger attempts

 

1st attempt it gets f**lu**

2nd *ai**r*

3rd *a*l**e

 

not too hard to figure out your second password is Failure much like your idea for using a second password.

Link to comment
Share on other sites

I disagree on your definition of inconvenience

 

What's convenient for one person is not necessarily convenient for the next. Should be pretty easy to grasp that simple, logical concept. It's not a "definition of inconvenience", it's a qualitative measure that's relative to each individual. If you can't wrap your head around what I consider convenient or inconvenient, that's your problem, not mine.

Link to comment
Share on other sites

Im merely speaking into the OP's post about my own experience, realizing fully that I'm not everyone. The keygen second security is no more pointless for everyone than it is necessary for everyone.

 

People need to make informed decisions based on their own experience and technical abilities. For some, like myself, its next to pointless, for others though, I'd be the first to say have at it! Someone playing on a laptop that they carry around all day, surf, play, everything else with, sure, keygen that bugger up. Just dont try to say that because I dont choose to use the keygen, im a fool, I just believe I have better security and dont need it.

 

Ill be the first to post back here if I ever get hacked and am wrong, but I doubt it will happen. I been playing MMO's since they first came out (UO, EQ, Eve, Wow, Anarchy Online, various free to play MMO's, etc.) and have never been compromised using my previous stated means of securing my world.

 

Good practices like having different passwords for each game with capital letters, lowercase letters, numbers and symbols are just as good as a keygen used with bad practices. Arguably the biggest reason for the keygen are the people that use the same password for everything including their games, are generally clueless about securing their computer, much less their LAN in general, then ya, keygen it up since thats about all thats standing in a hackers way at that point.

Link to comment
Share on other sites

Or in my case, if I do not carry my phone around with me all the time. It's sort of comical how many forum posters can't imagine a scenario that's so different than their own little bubble in life.

 

Do you like leave your cell phone at work? Do multiple people use the same cell phone in your family? Do you have to charge it elsewhere?

 

What's the deal?

 

And it is hard to image when someone says that I do not have my cell phone with me 24/7. We are not even talking about a cell phone anymore. A smart phone has all your emails, contacts, information, etc. Smart phone is basically an extension of yourself. That is why it is hard to imagine why you would not have access to your phone 24/7

Link to comment
Share on other sites

Do you like leave your cell phone at work? Do multiple people use the same cell phone in your family? Do you have to charge it elsewhere?

 

What's the deal?

 

And it is hard to image when someone says that I do not have my cell phone with me 24/7. We are not even talking about a cell phone anymore. A smart phone has all your emails, contacts, information, etc. Smart phone is basically an extension of yourself. That is why it is hard to imagine why you would not have access to your phone 24/7

 

I, unfortunately, have my phone with me at all times, for the above reasons. With the exception of when I am diving, it can't go with me below surface. That is one of the few times when it is just myself and thought, relaxing.

Edited by PostalTwinkie
Link to comment
Share on other sites

First of all the security key does nothing to secure anything other than your SWTOR account. Anyone claiming otherwise is jacking you around.

 

100% agreement. :)

 

The security of the system is based upon there being only one device per account. The minute you make it possible to add multiple physical authenticators the lower your security is. Like having multiple keys to your home...the more you have the more likely one of those will be compromised.

 

True, but only to a point.

 

Analogies always fail us in one aspect or another, even though we all love to use them, myself included. The house/apartment key: if lost, someone could gain access to your home. But they'd have to match the key to your home. Not too hard since keys are usually lost close to the actual door they unlock. In turn the mobile authenticator is tied to an account online that has little to no correlation as to where it was dropped/lost. And even then, SWTOR is a niche that the general populace knows little about, while homes are common to us all, or at least those who're not homeless.

 

Multiple mobile authenticators isn't really much of a risk, and it's still another layer of security compared to just a password and security questions.

Link to comment
Share on other sites

QFT.

 

 

 

 

Word of mouth. Everyone's an expert. "But I've seen..." Yeah, yeah, we all know the pitfalls of those arguments.

 

Keep in mind this is a game, not a bank account. You have to understand the motives behind the hackers attempting to gain control of an account before you can assess the threat. The way panicked, naive people worry about getting hacked is quite amusing. Hackers who want to get control over online accounts such as SWTOR, Facebook, your e-mail, etc., only make money in quantity. They have little reason to orchestrate elaborate attacks on specific accounts. Someone would have to be hell-bent on personal revenge to want to try to target some individual gamer's MMO account. So we use layers of security to protect against those mass attacks, not individual attacks.

 

Point of this thread is: security keys are a waste because I can A.) handle my own account security just fine without relying on a crutch, and B.) the inconvenience of EA/Bioware's implementation of the security key is not enough of an incentive to get me to keep using it.

 

And if you're really worried about a hacking attempt that's targeted specifically at YOUR account instead of thousands of accounts, the security key is not a guaranteed, 100% fail-proof means of stopping that hack.

 

 

 

I tried it and it's not available when you have your mobile authenticator deactivated on your account.

 

You can be an expert security guru and you can still get hacked easily. Even with an authenticator it's possible to get hacked. All I was saying was, don't say you can't be hacked, you can.

Link to comment
Share on other sites


×
×
  • Create New...