Security Key: I think it's a waste

[Asuka]

If EA can't offer adequate account security without external devices and extra expense, they don't deserve our custom.

 

(and yes, there are many ways to increase security without requiring external devices: A second password, for example: The trick is the second password is never requested in it's entirety. Instead, two or three random characters from within the password are required, making it impossible for keyloggers to capture the entire password in a single login session).

 

An external security key is simply both an inconvenience and an unnecessary extra expense.

 

Nothing is 100% hackproof and it's 100% your fault if you get hacked. It always will be.

[cipher_nemo]

Im merely speaking into the OP's post about my own experience, realizing fully that I'm not everyone. The keygen second security is no more pointless for everyone than it is necessary for everyone.

 

People need to make informed decisions based on their own experience and technical abilities. For some, like myself, its next to pointless, for others though, I'd be the first to say have at it! Someone playing on a laptop that they carry around all day, surf, play, everything else with, sure, keygen that bugger up. Just dont try to say that because I dont choose to use the keygen, im a fool, I just believe I have better security and dont need it.

 

Well said. It's nice to see people step out of their own shoes once in a while. And it's certainly why I added the words "I think" before "it's a waste" in the thread title. Certainly the key works just fine as an added layer for many people. But at least you and I can see past the hype and FUD to look at the situation as a whole.

 

You can be an expert security guru and you can still get hacked easily. Even with an authenticator it's possible to get hacked. All I was saying was, don't say you can't be hacked, you can.

 

True. But the better question is why and how my account(s) would be hacked? Are those trying to hack SWTOR accounts doing it for profit or just for the "lulz"? There's always a component of motive and risk assessment. Just because something can happen in the scope of all possible variables doesn't mean it would be logical for it to happen, nor does it imply motive.

 

Now I'm off to one of my other physical locations where having multiple mobile authenticators would be a welcome convenience.

Edited February 15, 2012 by cipher_nemo

[Asuka]

Well said. It's nice to see people step out of their own shoes once in a while. And it's certainly why I added the words "I think" before "it's a waste" in the thread title. Certainly the key works just fine as an added layer for many people. But at least you and I can see past the hype and FUD to look at the situation as a whole.

 

 

 

True. But the better question is why and how my account(s) would be hacked? Are those trying to hack SWTOR accounts doing it for profit or just for the "lulz"? There's always a component of motive and risk assessment. Just because something can happen in the scope of all possible variables doesn't mean it would be logical for it to happen, nor does it imply motive.

 

99% is gold farmers hacking someone's account to use it to acquire and sell currency then there's the small tiny percentage that might do it for luls by stripping your char and vendoring everything which in itsself isn't really prudent because the trail isn't hard to trace.

[Pink_Saber]

Well said. It's nice to see people step out of their own shoes once in a while. And it's certainly why I added the words "I think" before "it's a waste" in the thread title. Certainly the key works just fine as an added layer for many people. But at least you and I can see past the hype and FUD to look at the situation as a whole.

 

What hype and FUD? That there is an entire industry based around stealing game accounts? And there are multiple ways to steal an account that no amount of personal security (short of making your authentication useless to someone who gets it) will ever be able to prevent?

 

 

True. But the better question is why and how my account(s) would be hacked? Are those trying to hack SWTOR accounts doing it for profit or just for the "lulz"? There's always a component of motive and risk assessment. Just because something can happen in the scope of all possible variables doesn't mean it would be logical for it to happen, nor does it imply motive.

 

You're really showing some major ignorance here. I don't mean that to be insulting, I mean it as in "you obviously have no idea how much money is made stealing game accounts." It's a real thing, it happens every day, and people are making fortunes off it. If you don't think there's a very strong motive for hacking your SWTOR account, you're obviously not too informed about the topic.

 

If there's any "hype" going on in this thread, it's coming from the "you can make your account unhackable all by yourself" camp, and that's just completely false.

Edited February 15, 2012 by Pink_Saber

[lollermittens]

The Security Key is really for non-techies who are not comfortable with the security that is currently on their computer (lack of AV; hasn't updated Windows in a while; etc) and a lack of knowledge on how to install in-browser security... Install NoScript for Mozilla Firefox or NotScripts for Chrome OS, then you'll never have to worry about people keylogging you or going a shady website that is trying to force an ActiveX connection to install a trojan that would give full access to your computer to another hacker.

 

It's completely unecessary if you stay away from gold selling websites; from shady websites that advertise cheats, bots, and other crap; and even websites like torhead.com can get hacked (just like curse.com did) hence why it is critical to have tools like NoScripts/NotScripts enabled.

Edited February 15, 2012 by lollermittens

[spacefiddle]

What's your opinion on this security key?

What's your opinion on locking the doors to your car when you leave it parked in a bad neighborhood for a week?

[CogitoErgo]

Security key/authenticator is pretty darn useless. Got one for WoW just so I could get a free pet. Got one here just so I can have fleet passes. If I had had to pay money for either of them I wouldn't have them.

 

Don't be an idiot and you don't need an authenticator.

[spacefiddle]

The Security Key is really for non-techies who are not comfortable with the security that is currently on their computer (lack of AV; hasn't updated Windows in a while; etc) and a lack of knowledge on how to install in-browser security... Install NoScript for Mozilla Firefox or NotScripts for Chrome OS, then you'll never have to worry about people keylogging you or going a shady website that is trying to force an ActiveX connection to install a trojan that would give full access to your computer to another hacker.

 

It's completely unecessary if you stay away from gold selling websites; from shady websites that advertise cheats, bots, and other crap; and even websites like torhead.com can get hacked (just like curse.com did) hence why it is critical to have tools like NoScripts/NotScripts enabled.

 

This account joined in Dec of 2011 and is giving the worst advice imaginable. It is probably some lolhacker scriptkiddie who'd like to see more insecure accounts; post reminds me of those market-manipulator eve-online players, who post misinformation of gamer sites to try and sway trends to their favor...

 

I've been in IT for over 20 years. Yeah, congrats, you have a browser plugin. You're not secure. How's your firewall? Update its firmware lately? What about the database your password's stored in, is it 100% secure? Ever hear of Steam? Ever hear of the Playstation Network being down for a couple months?

 

Get a damn key and use it. It fits on your keychain ffs, you have to type in a few number when you log in, BFD.

[PostalTwinkie]

Security key/authenticator is pretty darn useless. Got one for WoW just so I could get a free pet. Got one here just so I can have fleet passes. If I had had to pay money for either of them I wouldn't have them.

 

Don't be an idiot and you don't need an authenticator.

 

Uh hu.........

 

There you have it folks, don't be an idiot.

[Invictos]

If you're getting keylogged then you're right, it does nothing. But if you got phished or someone was making a brute force attempt then there would be no way to discern between successful and unsuccessful logins without the key.

It depends on how exactly the attacker got your password...

First of all the security key does nothing to secure anything other than your SWTOR account. Anyone claiming otherwise is jacking you around.

 

Thanks. Appreciate the insight. Also, I have to admit that I have no idea what Gawker is.

 

I'm not gonna rule out the key entirely at this point; maybe there'll come a day when I feel I've invested enough in the game that the extra protection is worthwhile, but for the moment it's a pass. I did use a new email account for SWTOR and a fresh password; that'll do for now.

 

Do you like leave your cell phone at work? Do multiple people use the same cell phone in your family? Do you have to charge it elsewhere?

 

What's the deal?

 

And it is hard to image when someone says that I do not have my cell phone with me 24/7. We are not even talking about a cell phone anymore. A smart phone has all your emails, contacts, information, etc. Smart phone is basically an extension of yourself. That is why it is hard to imagine why you would not have access to your phone 24/7

 

"I like my phones like I like my women ..." Er, probably not a good idea to finish that sentence.

 

Ahem. FWIW, my phone isn't smart. It's a phone. All of the bells and whistles on smart phones these days are cool in an abstract kinda way, but I could never see myself being that connected, all the time. Yeah, my friends roll their eyes at me because I won't text or do Twitter, but they'll survive. Different strokes for different folks, and all that jazz.

 

In any case, even if my phone were of the smart variety, I own a three-story house. I have two computers -- one on the first floor, and one on the third. It may sound silly, but just for the sake of not having to climb two flights of stairs every time I want to browse the game's forum, I might not want to tie myself to a security key.

 

That's just a small example to take or leave. Believe it or not, there are people who aren't attached to their phones as if to an iron lung.

[cipher_nemo]

I've been in IT for over 20 years. Yeah, congrats, you have a browser plugin. You're not secure. How's your firewall? Update its firmware lately? What about the database your password's stored in, is it 100% secure? Ever hear of Steam? Ever hear of the Playstation Network being down for a couple months?

 

Get a damn key and use it. It fits on your keychain ffs, you have to type in a few number when you log in, BFD.

 

You replied to someone else, but I needed to point something out:

 

Account Username

Account Password

Security Question Answers or IP Address to spoof

 

You would need all three to gain access to some random SWTOR player's account. And they have to get all of those that match each other. The security key only adds one more to that list (ie: they get your key or they get your key's number).

 

Three vs. Four. That's it. People are making such a huge fuss over one more. The only advantage to a key is that it's a separate system. You still have to type in the key's generated codes if you have it enabled.

 

The two biggest threats for SWTOR users is getting a malicious script or program running on your PC to record keystrokes or having the database servers of EA/Bioware hacked. I can easily protect myself from the former. But if the latter happens, especially if the attacks get either unencrypted data or the keys to unlocked encrypted data, you'll be fooling yourself if you think the mobile authenticator would safeguard your account.

Edited February 15, 2012 by cipher_nemo

[Drewser]

5.) The in-game vendor for current Key users sells near-worthless junk. And it's not unlocked permanently for those who once used the key. It's only unlocked while you continue to use your security key. No incentive there to keep using it.

 

What's your opinion on this security key?

 

It is worth it just for one time fleet passes you can buy.

[chton]

My opinion? If you dont have one and you get hacked. No restores. Simple.

 

Cool since I don't buy gold, give my PW away, pay for someone to level me or got to sites looking for hacks or cheats. I will never be hacked, never been in well over a decade of MMOing. Don't know anyone who didn't do those things who got hacked. So no worries.

Sorry if you claim you are totally innocent and got hacked I simply don't believe you.

[cipher_nemo]

It is worth it just for one time fleet passes you can buy.

 

Good point. That's probably the only worthwhile thing there. So I stand correctly, it's not "completely worthless".

 

I just use my 18-hour cooldown one infrequently. At end-game, it's either Illum/Belsavis for dailies/PvP or Interfleet for ops/hard modes, so I don't really bother with those fleet passes as much.

[Andryah]

Yeah, "get hacked", as in I would have to be a moron to practice unsafe browsing and online habits. Very slim chance of that happening. I use Firefox w/ NoScript, WoT, AdBlock, and variety of other addons. But the most important tool and my first line of defense is being able to spot phishing attempts, questionable domains, funny javascript, and browser exploits a mile away. My last line of defense is NOD32. No, the security key is for the average computer user who doesn't know a lick of anything about safe browsing or security.

 

More layers of security is always nice, and I would welcome it, provided that it doesn't seriously detract from my day-to-day conveniences.

 

As for my account, if I attempt to access from anywhere other than my known IPs Bioware would prompt me with a security question. And my password is unique to just TOR. Of course nothing is a pure 100% when we talk about security, but what someone would gain from the attempt doesn't outweigh the efforts, so no, I'm not worried of getting hacked.

 

Well, since you are getting all smug and arrogant about the topic now......

 

You do know that the use of a security key is optional on the part of the user, yes? Since you already feel you have sufficient security on your end, why use the key? Call Bioware and have them deactivate it on your account. Bioware is not forcing you to use a security key.

 

Or are you just trolling for some spit and spat on the forum and needed a topic???

[KorbinArmand]

Its an optional service to help secure your account if youre one of the people that understand term '**** happens' and as such 'could' be hacked and would like to keep your gear.

 

Remember BW is only offering X amount of gear restore per Y amount of months. Its VERY much less than your equiped gear, so enjoy running around mostly naked trying to re-gear after you get hacked (those that do). I would expect your QQ should be Bannable period should you get hacked without security key and QQ about lack of full gear restore.

 

Also...to BW, FIX/RESTORE original option to use Forums WITHOUT security key should i desire, limit it to forums not account options. Then MANY PPL can post on forums when they are away from security key...like myself i dont move my key from my computer desk period.

[Obzenia]

Also...to BW, FIX/RESTORE original option to use Forums WITHOUT security key should i desire, limit it to forums not account options. Then MANY PPL can post on forums when they are away from security key...like myself i dont move my key from my computer desk period.

 

I agree with this completely. The only thing I would be worried about with being able to log in to the website without the security key is my account information (i.e., name, address, credit card) and the ability to change that information.

 

The whole idea behind having to call in to BioWare to add/remove a security key is that if a hacker does somehow manage to obtain one-time access to my account via the website, they cannot simply remove the security key or change it to their own and lock me out of the account having free-reign over all of my information and awesome loots. I believe this is a necessary step.

 

The whole point of having a security key in the first place is having something INDEPENDENT from your computer. Your computer gets compromised (which some arrogant fools think is IMPOSSIBLE...) at least the ability to log into your account is not there.

 

I read a poster earlier that mentioned how his bank account is secure... HAHAHAHAHA with your dinky little PIN code? A card reader and a camera is all that is needed to hack that baby, it happens all the time.

[cipher_nemo]

The whole idea behind having to call in to BioWare to add/remove a security key is that if a hacker does somehow manage to obtain one-time access to my account via the website, they cannot simply remove the security key or change it to their own and lock me out of the account having free-reign over all of my information and awesome loots. I believe this is a necessary step.

 

For the record, when I called to deactivate my key on my account they only verified my user name and one of my security questions. In other words this is not secure. If someone really wanted to hijack a specific account, the security key is not something that will stop them if they have your other information.

[viewtifuldee]

My only problem with the one you put at number 4. I had the iPhone security key app (because I'm too cheap to pay $4 on a physical key). Lo and behold, my iPhone went mad and I had to restore it. While the app was still on the phone, it had erased the settings, etc. Basically, I was locked out and had to call in to get it reset.

 

I'm holding out on the key until my physical key comes in. But, whenever an extra layer of security (especially during this time of self-righteous hackers and Internet "freedom fighters") it's really important to try to keep you account as safe as possible. Use the extra measures that you've been given. Don't disregard them because of some minor conveniences.

[Bionixx]

I was hacked once while I played WoW. After I got the key it never happened again. Good enough reason for me to get one.

 

This.

[Thunder-God]

I'll just say this to sum up my argument...you don't want to use it fine. Please do not encourage others not to use it. You have a higher level of knowledge on security issues than a lot of people do. You are doing less security conscious people a disservice by saying it is a waste. So STOP.

 

For the record, when I called to deactivate my key on my account they only verified my user name and one of my security questions. In other words this is not secure. If someone really wanted to hijack a specific account, the security key is not something that will stop them if they have your other information.

 

Every time I've called in when they needed to get access to my account they need at least 2 answers to my security questions. If they are lowering that requirement then that is a concern of mine, as it is lowering the security of my account. The security of an account is only as good as the weakest link...and if they are lowering the requirements then that is making it less secure by far...almost making it completely pointless. This issue should be addressed, either by requiring more answers to security questions, or by automating the system and taking the human element out...ie put removing the security key in our account management on the site. (this should be done anyway)

[DarkSeverance]

TL:DR - You don't have to use the key. Stop complaining about something no one forces you to use. Those that have played WoW, been hacked (which is quite a lot), know the benefit of the key and use it.

 

1.) Bioware won't (or can't?) let us use multiple keys on the same account, nor can we use a mobile key and their mobile device app on the same account.

So pick one or the other. I have the key but I use my mobile phone, plain and simple. My phone is always with me so it is easy.

 

2.) If we have it enabled, we need to use the key to get to the forums. Why can't we just have login approvals from pre-set devices (eg: we could easily authorize specific IPs/devices we want to use with the forums and the client). After all, if I connect to the client from another IP address, the launcher will ask me to answer one of my security questions.

The average user doesn't have a Static IP, they have dynamic IPs. That means making coding that is specific for a small amount of users, not worth it. Not to mention it doesn't protect you if your actual computer has been cloned or hacked, meaning someone is accessing from your IP and just defeated the whole purpose for a security key. The forums use the same login server as the game currently so you need the security key.

 

3.) There were issues with people getting locked out when switching from mobile key to mobile device app. Is that fixed yet?

It wasn't BW fault. It is the fault of the user not keeping the information for their key properly.

 

If I have to waste time phoning your support, the convenience is nullified. I might as well just call you first before launching the client each time, since that's roughly just as convenient.

Really? Completely different times as well as convenient involved. If you think pushing a button is equivalent to calling someone, waiting to talk to them, verifying information and a few other things then ... wow, just wow.

 

5.) The in-game vendor for current Key users sells near-worthless junk. And it's not unlocked permanently for those who once used the key. It's only unlocked while you continue to use your security key. No incentive there to keep using it.

And? So. The key is really there for your account safety. Having to go through a week's worth of verifying information, getting information restored and essentially being down for 1-3 weeks because of getting hacked is by no way convenient. If you think you won't get hacked, good luck with that. Personally my wifes account and I've never been hacked and have been luckily. Unfortunately almost every person that I personally know who plays WoW however has been on the other end of that.

 

 

You know what is worse that being hacked? It is being hacked and they put a Security Key on the account, which is what they do now. That gives them more time and access to your account before you get it back. Because you can't simply just change the password, you have to go through the whole process to get the key removed and to verify that you are who you before they even process that your account has been hacked.

[Mrpoodles]

after a hack you will cry bioware didnt do anything to stop hackers.

 

 

 

love my key and love the store it comes with.

[DarthKhaos]

I don't want to carry my key around with everything, so locking my account into one mobile key is a huge inconvenience.

Don't you have to carry your house key around everywhere you got? Attach your house key to it.

[Kelvian]

Yeah, "get hacked", as in I would have to be a moron to practice unsafe browsing and online habits. Very slim chance of that happening. I use Firefox w/ NoScript, WoT, AdBlock, and variety of other addons. But the most important tool and my first line of defense is being able to spot phishing attempts, questionable domains, funny javascript, and browser exploits a mile away. My last line of defense is NOD32. No, the security key is for the average computer user who doesn't know a lick of anything about safe browsing or security.

 

More layers of security is always nice, and I would welcome it, provided that it doesn't seriously detract from my day-to-day conveniences.

 

As for my account, if I attempt to access from anywhere other than my known IPs Bioware would prompt me with a security question. And my password is unique to just TOR. Of course nothing is a pure 100% when we talk about security, but what someone would gain from the attempt doesn't outweigh the efforts, so no, I'm not worried of getting hacked.

 

I don't deny the fact that you practice safe browsing practices but you do understand if you use WI-FI hotspots you double your risk of being "hacked", if you can see the hotspot other users can see you. You may not have your system up to share but that really doesn't matter..

 

Just last month some students from the university here got caught hacking other peoples computers at the starbucks where students and faculty hung out. they were stealing music and papers, tests etc. How they got caught was literally and ironic situation, when one used information from the IT department faculty to write a paper on internet security.

 

No one is really safe from getting hacked.