Why in the world would I use a security key?

[Babykoui]

Seriously? It's to make your account impossible to hack, that is its purpose, that is why it is called a security key. Essentially your asking why someone would install ADT at their house, or put a car alarm on their car. Is is really that hard to comprehend the benefit of a security key?

[borghe]

so if you lose your phone or the app becomes corrupt, something probably much more common than an actual hacking, you are again screwed? If it just decides to start force closing as apps on android are notorious for, and you have to reinstall it, what then? Sounds like you are worse off than if you didn't get a key at all.

 

you can actually restore with a code that's generated that you are specifically told to write down somewhere. the original wow app was actually exactly like you are saying... and they never told anyone to write down the serial number.

 

but no... all iphone authenticators now tell you to write down some code that makes it easy to either reinstall the app if it gets blown away (or you get a new device), or the serial number needed to remove it from your account.

 

it really is painless. if you guys actually downloaded the app first instead of going all chicken little about it, all of these questions would be answered for you.

[pocketthesaurus]

That's the worst case scenario, and in that worst case scenario all you have to do is open a support ticket and get your stuff restored within 24 hours.

HAHAHAHAHAHAHA.

 

HAHAHAAHAHAHAHAHAHAHAHAHAHAHAHA.

 

24 HOURS?

 

HAHAHAAHAHA.

 

Oh, boy...

 

YOU got lucky!

[Ifalna]

so if you lose your phone or the app becomes corrupt, something probably much more common than an actual hacking, you are again screwed? If it just decides to start force closing as apps on android are notorious for, and you have to reinstall it, what then? Sounds like you are worse off than if you didn't get a key at all.

 

 

If you manage to lose or break your phone, you can generally contact CS to have it removed but will likely need some sort of proof or id, or anyone could pretend to be you and gain access.

 

 

The key apps are generally not buggy, not heard any problems with the Swtor one, and the wow and rift ones had no issues that were not in the end down to the phone itself. So I guess in a nutshell, take care of your phone if you have it linked to your account. Common sense really.

[Adam_Nox]

Sorry dude, no.

 

You got hacked after months of inactivity because a forum /site you used the same details on was compromised or you were phished. Guild and gaming forums are a landmine for account hacking, but its something that slips peoples minds.

 

No goldseller will pay for account details, ever. They are incredibly easy to get for free.

 

No, that definitely isn't what happened. You can pretend to know, but after I posted my story, a lot of people came forward with evidence towards the same conclusion. For one thing, the account was my gf's. I never used it personally. She never goes on any sorts of game sites. Neither of us are morons who believe that blizzard is going to email us for our passwords on a game we don't play. I still get 2 blizzard emails a day. I have done social engineering on myspace and I fix windows machines.

 

It's possible that indeed some logins come by trying those gleaned from other sites and forums. In fact, it's more than possible, it's inevitable. But it's also coming from, or was, from blizzards own people/databases.

[DuskD]

Their way of "pretending" to offer more security than other competitors.

 

Erm... they are not pretending to offer more, they are just doing what every serious mmorpg out there is doing in the last years.

[Areka]

Because if people get access to your information, they can't jack your account.

 

The security code you get from the security key works for 30 seconds, then is randomly generated again. Try hacking an account with a security key. You could get it...maybe, if you're lucky.

 

But if the hacker has one of those security key generators from the CE or shop, wouldn't he just use the code from it and enter?

[Adam_Nox]

If you manage to lose or break your phone, you can generally contact CS to have it removed but will likely need some sort of proof or id, or anyone could pretend to be you and gain access.

 

 

The key apps are generally not buggy, not heard any problems with the Swtor one, and the wow and rift ones had no issues that were not in the end down to the phone itself. So I guess in a nutshell, take care of your phone if you have it linked to your account. Common sense really.

 

Right. My friend has a gen one milestone, it's considered a great groundbreaking phone, but it will still randomly start force closing on apps. That's just how it goes. it has nothing to do with taking care of the phone or common sense.

 

I liked rift's coinlock idea myself.

[Astasia]

you are probably the only person who "got it all taken care of" in 24 hours. Our most recent guild member who was hacked in wow took around 4 days to get all of their stuff restored. the average time based on most accounts seems to be in the ballpark of a couple days to a week.

 

but even with your story.... that's a full 24 hours (or longer) that you were unable to play. at like 10 seconds to enter in the code on the login screen, you would need to enter that code over 8000 times to equal that 24 hours you were not able to play for.

 

It's not the time spent, it's the annoyance. Reading and typing 8 random numbers out is for me extremely annoying, to the point where now that I have the thing attached to my account there are literally times where I will not login to do something quick before leaving the house or going to sleep because I don't want to deal with the code. It's like taking a short little test, and it doesn't help that the number only lasts a few seconds making it hard to double check.

 

I also tend not to play for 24 hours straight, in fact it might be as little as 2 hours in a day, which is 720 logins worth of typing out the code at 10 seconds each. Considering in 10 years of playing MMOs I've only been hacked once... ya I think it's way more than 720 logins.

[Adam_Nox]

you can actually restore with a code that's generated that you are specifically told to write down somewhere. the original wow app was actually exactly like you are saying... and they never told anyone to write down the serial number.

 

but no... all iphone authenticators now tell you to write down some code that makes it easy to either reinstall the app if it gets blown away (or you get a new device), or the serial number needed to remove it from your account.

 

it really is painless. if you guys actually downloaded the app first instead of going all chicken little about it, all of these questions would be answered for you.

 

I would thank you but your post turned into stupid at the end. I don't know why everything on forums has to be straw man arguments and mischaracterizations.

[Ifalna]

It's possible that indeed some logins come by trying those gleaned from other sites and forums. In fact, it's more than possible, it's inevitable. But it's also coming from, or was, from blizzards own people/databases.

 

 

Sure. Once again, no goldseller/hacker will pay for account info when it is so incredibly easy to get for free. You can argue till you are blue in the face that your security was perfect and you are an IT expert and this could only possibly be an inside job, but it was a simple mistake at some point, not an employee wheedling out random and likely worthless (not logged in years ) accounts information.

[Sorwen]

My girlfriend got hacked in WoW, they were selling off all her stuff and using her characters to transfer gold (gold sellers I assume). We changed the password and they got back in anyways. After we added the Authenticator they were SOL.

 

They do work, and they are worth it.

Yes, well WoW has more leaks than a colander. They broke into my account that had a private domain email address that had no record anywhere on the net except with Blizzard within 2 days. My friend had his account hacked 5 times within one day of using a different email address each time.

[krisslanza]

It's not the time spent, it's the annoyance. Reading and typing 8 random numbers out is for me extremely annoying, to the point where now that I have the thing attached to my account there are literally times where I will not login to do something quick before leaving the house or going to sleep because I don't want to deal with the code. It's like taking a short little test, and it doesn't help that the number only lasts a few seconds making it hard to double check.

 

I also tend not to play for 24 hours straight, in fact it might be as little as 2 hours in a day, which is 720 logins worth of typing out the code at 10 seconds each. Considering in 10 years of playing MMOs I've only been hacked once... ya I think it's way more than 720 logins.

 

I got a security key with my collector's FFXIV, and I can say from using it, you don't even notice the time spent typing in the key. Unless you have some ungodly long password or something.

[CorranTyev]

But if the hacker has one of those security key generators from the CE or shop, wouldn't he just use the code from it and enter?

 

No because a security is bound to a specific account and each key is generating a different number. The hacker couldn't even add his key to your account without having your security key to log in...

[Jackobite]

I've never come accross them before in any of the MMORPGs I have played (and there have been a few lol)...

 

So I have yet to activate mine, any feedback to the OP on the benefits apart from access the CE Vendor greatly appreciated

 

Driz

 

You get an e-mail from sw-tor in the mail is a link to log into your tor account, you click it and the usuall tor page loads up so you enter your name and password but it times out .......

 

now a scammer has your name and pass, its easy to make a web page look like the real thing, mostly coz its tor's source code only they make a small adjustment to record what you type in.

 

just one small easy way to scam your password, with a secutiry key they cant get into your acount even if they know the password and username.

[DrakusMa]

I setup the security key on mine and my wifes iphones.

 

I have never had to enter the security key to login and i have no idea why.

 

You are doing it wrong. Go to your account settings and follow the instructions for activating it.

[borghe]

Sorry dude, no.

 

You got hacked after months of inactivity because a forum /site you used the same details on was compromised or you were phished. Guild and gaming forums are a landmine for account hacking, but its something that slips peoples minds.

 

No goldseller will pay for account details, ever. They are incredibly easy to get for free.

 

I used to think this same way, and I AM in IT security... my account has never been hacked, but surprisingly my wife's account was hacked once while inactive for around 14 months.

 

1) her wow password was only used in wow

2) she doesn't install a ton of crap on her computer and has never had a single problem with viruses malware

3) has never been "phished" for wow... i.e. had only ever logged into the actual game client.

4) had a security key on her account the entire time she played the game. it was only removed when we canceled her account and her phone was wiped so we needed to get it removed to cancel.

 

I won't get behind this conspiracy that company employees are selling information.. but she was absolutely not keylogged, was not phished, had a unique password, and met all of the strength requirements... I have been in network and application security for over 20 years and the BEST I can come up with is that she did happen to use that password somewhere else and forgot and they happened to get hacked, etc.

 

anyway, this post is just proof.. no matter how careful you are about your computer and your surfing habits, if you use the same passwords anywhere else, your account safety is only as good as THEIR security.

 

activate the **** security device.

[Kraylessa]

No, that definitely isn't what happened. You can pretend to know, but after I posted my story, a lot of people came forward with evidence towards the same conclusion. For one thing, the account was my gf's. I never used it personally. She never goes on any sorts of game sites. Neither of us are morons who believe that blizzard is going to email us for our passwords on a game we don't play. I still get 2 blizzard emails a day. I have done social engineering on myspace and I fix windows machines.

 

It's possible that indeed some logins come by trying those gleaned from other sites and forums. In fact, it's more than possible, it's inevitable. But it's also coming from, or was, from blizzards own people/databases.

 

I love these conspiracy theorists who want to blame hacks on Blizzard and not their own incompetence. The truth is, it's VERY easy to get hacked. I'm in IT too, but I'm not conceited enough to believe I can outsmart every hacker on the planet. Sure I take all the precautions, but people are coming out with new viruses and keyloggers every single day.

 

If Blizzard's servers had been compromised, as you suggest, it would have been in the news. You would have received email and probably a message on the launcher saying so. Remember when SOE got hacked? That was EVERYWHERE. No way Blizzard could sweep something like that under the rug if their servers really had been compromised.

[Nisha_Fang]

the app, just like the physical key, uses a unique serial number. once attached to your account, the only way to retrieve the serial number is from the app itself. so they would have to download the app AND get it setup to your account all without actually having access to your account.

 

FWIW you can still do that with Blizzard. once. Typically the will only remove an authenticator from your account if you give them the serial number. However, just one time they will remove an authenticator from your account without the serial number if you email them a copy of your driver's license and provide them with one of the CD keys activated on your account.

 

Blizzard let you backup/restore your app for reinstall in case of loss or crash. You can even detach your authenticator from your account.

 

BW does not let you do all the above, which is a major flaw and therefor I wont use the authenticator, especially with BW's bad support.

 

I rely here on my credentials, which never failed me and rely on common sense in case of fishing mails and so on. If your account is hacked, 99% for sure you did something wrong and you can not secure stupidity in any way.

 

If the company which holds your information has a good policy concerning security it is almost impossible to hack if said information is secured with a username/password. Mobile authenticators or tokens in general is an extra security measurement to take away either user failure or lack of information security. Either way tokens are not a necessity and are not fool proof either as they can be reproduced, same way as username/passwords can be hacked.

 

There is already a mail out which asks you a lot of account information, like what your securiity question/answer is and so on. You would not believe how many players will mail those back resulting in compromised accounts.

 

tl:dr

Username/passwords are fine as it is, as long as the user and the company are following certain rules and policies. Mobile authenticator will bring extra security if one of them fails to follow security guidelines but are not fool proof either.

[DuskD]

But if the hacker has one of those security key generators from the CE or shop, wouldn't he just use the code from it and enter?

 

Nope.

Why do people feel the compelling need to criticize something they don't know anything about?

Edited December 28, 2011 by DuskD

[Arugess]

In my professional work I get VPN access to the networks of the clients I work with. Each and every one of them requires use of a security key. Most of the time it is a RSA token, but sometimes there are other vendors such as Safeworld, Vasco, etc..

 

There are even some software/web based Security Keys now - those are nice since you don't have to worry about losing a little thingy that has a battery.

 

That said, I practice sensible password security (its the length more than anything else) and I don't actually use a security key with my SWTOR account.

[Coolmoos]

HAHAHAHAHAHAHA.

 

HAHAHAAHAHAHAHAHAHAHAHAHAHAHAHA.

 

24 HOURS?

 

HAHAHAAHAHA.

 

Oh, boy...

 

YOU got lucky!

 

You got hacked already?! LOLS

[Aniline]

One last thing, it was rampant in WoW due to phishing emails and to a much rarer extent, actual keyloggers. If someone can get you with a keylogger they have such better things to do with their time than exploit WoW.

 

A huge number were either due to database insecurity, or insider workers selling lists of logins. I had an account that was inactive get 'hacked' twice. Since it hadn't been logged into for months it's highly unlikely it was due to phishing or keylogging (nor had/have their been any other indicators of either of these at that time, previously, or to date).

 

Gold sellers got a lot of their stuff direct from the source. Whether it was a personell problem or a software problem is the only question.

 

Hackers will sit on an account for months, especially if it's inactive, so that the original user is less likely to come back and immediately re-secure the account. This way the hacker will have control of the account for longer before it's taken away from them. It allows them to do more nasty stuff with the account.

 

So, no, it wasn't due to "database insecurity" or "insider workers" on the part of the company. If the company was compromised, they would be required by law to reveal that to their customers (similar to the other recent company compromises - such as Steam or PSN).

 

In addition, the hackers will get login info (or at least email addresses) from third-party sites if you use that same login or email for your game as you do for the sites. Those sites will often sell email information for profit.

[Jasuk]

I used to be like that - thinking "the only people that get hacked are the ones who are stupid enough to click on links they shouldn't!" and the like.

 

Then my WoW account got hacked - and I'm no noob to the internet. I know what to avoid. I keep my antivirus software updated. It still can happen.

 

The insane amount of frustration I went through to recover my account - having to fax in a copy of my driver's license, etc. - and being without my account for well over a week changed my mind on security keys.

 

Take it from someone who's been there - they are absolutely, 100% worth the extra 10 seconds it takes to log in.

[Lamorick]

Anyone who played WoW will tell you its a must in todays cyber criminal world. Account hacking can and will happen if you arent protected. Several of my friends and myself included had our WoW accounts hacked. And no I never bought gold or did any kind of power level service.