Jump to content

Why do i need to enter my security key every time?

Woyoshi

By Woyoshi
in Community Content

 Share

Recommended Posts

VanorDM

VanorDM

Posted
Posted
it is pointless to write down security key every time to login ingame.

 

No it's not.

 

The more often the code changes, the more secure the system is. If you had one code for a whole week, it would remove the whole point of having it in the first place, because then you have nothing more then a 2nd password.

 

With it changing every time you log in, it means a keylogger can no longer give someone access to your account.

Link to comment
Share on other sites
Ransom_BiC

Ransom_BiC

Posted
Posted
No it's not.

 

The more often the code changes, the more secure the system is. If you had one code for a whole week, it would remove the whole point of having it in the first place, because then you have nothing more then a 2nd password.

 

With it changing every time you log in, it means a keylogger can no longer give someone access to your account.

 

 

Perfect explanation.

Link to comment
Share on other sites
VanorDM

VanorDM

Posted
Posted (edited)

It doesn't work like that. I suppose in theory you could make it work like that. Somehow register the IP address to the generated code and as long as the IP = X accept that code.

 

Of course there's some major issues with that...

 

First, if someone has a keylogger on your system then they can quite easily spoof your IP address, so they could use the same code you did, so this alone would make the key worthless to have.

 

Second, most systems don't have a static IP address so this would at best only be valid for as long as your IP address stays the same.

 

So I think it could be done, but it would still make the whole system a lot less secure then it currently is.

Edited by VanorDM
Link to comment
Share on other sites
Qwekqwek

Qwekqwek

Posted
Posted
it is pointless to write down security key every time to login ingame. why not write down security each week? or each new network, ip.

i hate to do that so i want to remove it but i cant.

this is really bad....

 

Have it removed by customer service :)

Link to comment
Share on other sites
_droider_

_droider_

Posted
Posted
it is pointless to write down security key every time to login ingame. why not write down security each week? or each new network, ip.

i hate to do that so i want to remove it but i cant.

this is really bad....

 

I think it's passed your bedtime. Come on, I'll tuck you in.

Link to comment
Share on other sites
Mercyflush

Mercyflush

Posted
Posted

It is annoying to do each time. But with a 5yr old in my house that is interested in this game I had no choice but to add a security key. He already has his xbox account on parental block after he figured out how to order more points with a click of the button.

 

If you don't have any risks of family or friends figuring out your generic login password and security questions then call customer service and have the key removed from your account. Just remember that once it is removed you can never have it added again.

Link to comment
Share on other sites
Woodspoon

Woodspoon

Posted
Posted
security it means that other network or ip, computer wont get to that account without a security key. it is pointless that it appear every innlog.

 

It means Nobody whoever they are, wherever they are using whatever computer will not get into that account unless they have the key generator for it.

 

what could be safer than that?

A minor inconvenience to save you potentially losing several hundred $/£

An extra layer of safety is never pointless

Link to comment
Share on other sites
DuronXM

DuronXM

Posted
Posted

Steam by valve has a security measure if your computers location changes, or you log in with a different computer they ask you do unlock it via going to your email address and verifying your identity that way.

 

I approve of this method of security^

 

Not the "security key" which seems really outdated by now :/

Link to comment
Share on other sites
Kaitayn

Kaitayn

Posted
Posted

Computer security always comes at a cost to convenience or user friendliness. Security keys are a simple and very potent form of security that has minimal cost in terms of inconvenience. If that cost is too high for you then you should remove the security key (call customer service). Then make sure your computer has no keylogger and you use a really strong password.

 

To do as you (the OP) suggest would emasculate the security provided by the system. IP spoofing is not that difficult for a hacker.

Link to comment
Share on other sites
Kaitayn

Kaitayn

Posted
Posted
Steam by valve has a security measure if your computers location changes, or you log in with a different computer they ask you do unlock it via going to your email address and verifying your identity that way.

 

I approve of this method of security^

 

Not the "security key" which seems really outdated by now :/

 

Because your email is so very secure? To this day most users do not use encrypted email streams with even PGP.

 

In what way is the security key system outdated? Yes, it has been around for years, mostly used by government and big business because it actually works. It's only weakness is the physical security of the actual security key device. A concept doesn't become outdated simply because it has been around for awhile. There must be a better replacement first.

 

How long has the wheel been in use?

Link to comment
Share on other sites
CandiceAurora

CandiceAurora

Posted
Posted (edited)
I don't wanna take it off but i wanna configure it like i want it.

 

Either take it as it is, or take it off. The end. Steam's system is poor, and you'd know that if you had any sort of IT experience or knowledge. Don't even mention them, they get hacked on a yearly basis and last year had THOUSANDS of accounts stolen, so they're NOT a shining example of how to do security.

 

Something like 61% of people use the same password for everything, so not only could they get into your e-mail, they could validate themselves and add themselves to the account the legitmate way. On top of that, the amount of people that use information close to themselves is obnoxious. As a systems administrator, there is NOTHING more frustrating that users. Users break my best security, cause they do dumb things like use their DOB and dog's name as a password.

 

Here is a short IT lesson. These keys use RSA technology, which basically creates a two factor ID login. In the case of SWTOR, it creates a three factor (password, identity questions, RSA key), on a sixty-second one time password generator (usually sixty, though my bank uses eight). What you are suggesting negates the whole purpose of the key - you're suggesting that once a week, or on change of IP you must enter that key.

 

Here is the flaw in that plan. Your IP address is your network ID, this forum, the game, etc all have access to it. You leave a papertrail. All I'd need to do in 'intercept' the header of packets being sent to you, or better yet forge the header and just pretend to be you. Now I can access your stuff, from 'your/my IP' and I'm you now! How cool, I've just bypased the security key and made it null and void. Further your 'solution' does resolve those who live on dynamic IP addresses.

 

As for your other point, in terms of user/public use RSA encryption keys are on of the most up to date and secure ways of protecting information with the most minimal of inconviences to users. It is e-mail authentication that is out-dated and vulnerable to all kinds of attacks. Don't even make me list those.

 

P.S. For those IT nerds/administrator reading this, I have dumbed this down and I realise that some of it isn't 100% accurate when converted from techno jargon, but it is the best I can do. :p

Edited by CandiceAurora
Link to comment
Share on other sites
Taren

Taren

Posted
Posted
the security key of "wold of warcraft" have a better using of authenticator.

that is better then this.

 

This would be an incorrect statement. I have a WoW account and a security key associated with that account. I have a SWTOR account and a security key associated with that account.

 

BOTH keys work in exactly the same way:

 

1) Start game launcher

2) Type in your account login name (or the launcher has it saved already)

3) Type in Password

4) Press button on Security key to reveal the current row of digits

5) Type in the numbers from the security key into the space provided in the game launcher

6) Hit the play button

 

There is no difference other then the numbers provided on the WoW security key FOB are 6 digits long and the ones on the SWTOR security FOB are 8 digits long.

 

Additionally, both websites for these games require the use of the Security Key FOB digits(assuming you have one associated with your account) if you attempt to log into your account via the internet.

 

SWTOR has ADDITIONAL security in that if you attempt to login to your account from a different computer then the one you normally use, you have to answer a series of personal security questions that you set up on your own account.

 

I honestly do not understand how difficult it can be for someone to use the security key FOB. It is there for your own protection. You may NEVER get a chance to see it actually do it's job really. If someone attempts to log into your account they won't be able to unless they have that Key FOB. You may never know someone tried to do this and they were unsuccessful. On the other hand....if you DO NOT have the Key FOB and you DO get hacked, all of your items sold off and your characters deleted, you'll be kicking yourself for not getting a key FOB to begin with or removing the one you had from your account.

 

Ignorance is bliss my friend. Added security however, is a good nights sleep. Despite how tedious you may feel it to be.

Link to comment
Share on other sites
 Share
Go to topic listing
×
×
  • Create New...