Jump to content

Why in the world would I use a security key?

GamerInDallas

By GamerInDallas
in General Discussion

 Share

Recommended Posts

LeFizz

LeFizz

Posted
Posted
when you get your account hacked, and find your characters stuff gone, all your money gone, all your gear..... come back and tell me again you dont need a security key, -- because i can tell you from first hand experience, its not a very nice feeling, knowing someone has stolen all your gear, kicked you out of your own guild...... after all the hard work you have put in.

its extra security, because i can tell you, once the hackers etc, start getting a hold of hacking accounts etc, you`ll wish you had taken that extra security.

 

I'm with you.

 

My WOW account got hacked prior to me having a security key, and it was devastating seeing my toons all naked and without the gear I'd worked hard to get.

 

A security key is a fantastic idea, and I downloaded the iPhone app the day it became available.

 

On a funny note, the hacker must have taken a shine to my hunter, as I found him logged out in an instance, with some nice BoE epics in his bag....

Link to comment
Share on other sites
  • Replies 169
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

VisionStorm

VisionStorm

Posted
Posted
around a year ago or so, the average wow account was worth more to hackers than a single stolen credit card number. (something like ~$105 for a WoW account compared to like ~$55 for a single stolen credit card number)

 

They would still need to find something willing to cough up those $105 for someone else's WoW account, so a WoW account doesn't necessarily = $105.

 

Also, I realize that's the reason they did it, but seriously, its too much of a hassle for the small possibility that maybe they'll actually be able to hack into my account. And I actually have different credentials in this game than I use on others, with a unique password I came up with for this game, so there's very little they can do with that info if they actually hack into my account.

 

I also wish that at the very least we got an option to turn it off.

Link to comment
Share on other sites
Rojocamisa

Rojocamisa

Posted
Posted
And I don't even get an option to turn it off, so now I'm stuck with it for the rest of my time playing this game, only because I wanted a dancer outfit.

 

I think you might want to look into that a little more. There is certainly a way to de-activate it. If for no other reason simply because you would have to if you ever lost your phone or your security FOB. I'd take a look at your account settings and/or contact Bioware support. There's definitely a way to remove it from your account (don't know if you'd lose the ability to use the outfit or not, but I'd be pretty surprised if the game had code to check for that).

Link to comment
Share on other sites
Ifalna

Ifalna

Posted
Posted
They would still need to find something willing to cough up those $105 for someone else's WoW account, so a WoW account doesn't necessarily = $105.

 

Its not the accounts they are selling, its the gold total after everything has been stripped and they have farmed on the higher level characters for as long as possible. And they sadly have plenty of buyers.

 

Also, I realize that's the reason they did it, but seriously, its too much of a hassle for the small possibility that maybe they'll actually be able to hack into my account. And I actually have different credentials in this game than I use on others, with a unique password I came up with for this game, so there's very little they can do with that info if they actually hack into my account.

 

You really need to read into why so many people in this thread are saying " I felt the same way untill I got hacked.."

 

I also wish that at the very least we got an option to turn it off.

 

Request to have it removed if it is impeding your gameplay this much o.o

Link to comment
Share on other sites
borghe

borghe

Posted
Posted
They would still need to find something willing to cough up those $105 for someone else's WoW account, so a WoW account doesn't necessarily = $105.

umm... at the very least they can sell all of your stuff (or guild's stuff if you have access to the bank) and then sell that gold to a gold seller. and then sell your characters to a gold seller. and then whatever chars they couldn't sell bot to generate gold to sell to a gold seller.. it's really not that hard to generate money off of a wow account. I could close mine today and probably make around $200 just selling to gold sellers across all of my characters.

 

Also, I realize that's the reason they did it, but seriously, its too much of a hassle for the small possibility that maybe they'll actually be able to hack into my account. And I actually have different credentials in this game than I use on others, with a unique password I came up with for this game, so there's very little they can do with that info if they actually hack into my account.

 

I also wish that at the very least we got an option to turn it off.

 

as that first paragraph sounds like every poor hacked soul before they were hacked, I'll just leave that alone....

 

in regards to the second paragraph, WoW with like 4.2 or 4.3 implemented a system where you can choose for it to remember a computer you logged in with an authenticator on. this is handy. also blizzard doesn't require the authenticator to login to the forums, (nor do they log you out of the forums). It's only required for account access. Both would be better situations on here I agree.

Link to comment
Share on other sites
pocketthesaurus

pocketthesaurus

Posted
Posted
No the return address would be "biowarecommunityaccounts" or something similiar that was really close and would probably, to some, seem legit. Better to just go by the truth that NO company will ever ask you for your password or the answers to your challenge questions.

 

But all in all it sounds like you have a decently secure password with numerals and symbols. Some people like to use names or important dates which is bad. I just did it because it was free and I don't find it that much of a hassle.

Ignoring what it would be, WoW phishers make their e-mails seem like they are actually from blizzard.com or worldofwarcraft.com, so it seems pretty legit at base level. The trick is when you mouse over the link and see that it is not at all what it should be.

Link to comment
Share on other sites
Damon_Mott

Damon_Mott

Posted
Posted
...

Am I missing something here? Why would anyone buy or use a security key?

 

PM me your user name and password, you will be doing the same when you give them to some hacker who keylogged your account via a phishing email. Then wait a few days. When you cant get into your account because I sold it to some gold farmer you will understand why a security key is important. :)

Link to comment
Share on other sites
EzFlyer

EzFlyer

Posted
Posted

i got hacked in wow. it took TWO WEEKS of being on hold everyday for 45+ mins with blizzard before getting everything restored. it was incredibly upsetting, frustrating, aggravating.

 

it never happened after i got the security key.

 

in fact, i'm not ******** you, i might not play SWTOR if not for my security key. it makes me feel safe.

Link to comment
Share on other sites
Broom

Broom

Posted
Posted (edited)
Wow. This thread got REALLY log REALLY fast.

 

As the OP, this did clear things up for me a bit. I played the original EQ for over a year and never heard of anyone getting their account hacked. I played a few other MMORPGs a little since then and, again, never heard of anyone getting an account hacked.

 

Sounds like the problem is, in games like WoW, the UI is customizable and sometimes people put key loggers in the UI scripts that people get from others. Since, I don't have any custom code running on the game, and I use a difficult to guess password (good luck with your dictionary attack; my password isn't even in English and uses symbols and numbers), it sounds like I'm pretty safe. (Also, I'm a bit savy on social engineering, and likely to get pretty suspicious pretty quick if I get an email from "Bioware" asking my security questions or password. First thing I would do is check the return email address and notice that it's not actually going back to Bioware.)

 

Besides, I'm kind of a casual player and tend to level up slowly. So there are much more lucrative accounts out there to hack.

 

On the other hand, it sounds like hacking has become more common in the years that I haven't been spending much time in MMOs.

 

I still stand by my statement that it would be a pain to use the security key every time. I'd have to go FIND my phone, turn it on, put in my security code to unlock my phone, pull up the app, etc. It would probably be easier to pay $4 for the fob.

 

One last question though: is there anything worth while from the security key vendors? Something possibly worth the hassle?

 

Er, no. By far most WoW accounts get hacked through phishing. I've seen some VERY sophisticated mails pretending to be from Blizard. I never played any Blizard game, so for me they were obvious, but they were very close to the real thing.

 

In Aion, hackers managed to bypass the login server (and we suspect they also somehow had access to the login databases, since hundreds got hacked every weekend, including people who hadn't played in 6 months). Trion and SOE had their account databases hacked. Not sure what happened in Warhammer, but there too hundreds were hacked.

 

The most common ways to get hacked, in no particular order:

- clicking a link pretending to go to your account management page

- clicking a 'naugty nurses' link (or a similar 'interesting' link) and getting a keylogger

- botting; some bot programs actually send your login data to all other bots using the same program

- paying a company to PL your toons. Really smart, that, giving your data to a company that is almost certainly also involved in gold selling

- someone hacks the game company's account database

- hacked e-mail accounts; some companies specialize in strip-mining these for data, sorting the data and selling these to interested parties.

Edited by Broom
Link to comment
Share on other sites
Tiron_Raptor

Tiron_Raptor

Posted
Posted
I still stand by my statement that it would be a pain to use the security key every time. I'd have to go FIND my phone, turn it on, put in my security code to unlock my phone, pull up the app, etc. It would probably be easier to pay $4 for the fob.

 

One last question though: is there anything worth while from the security key vendors? Something possibly worth the hassle?

 

It really, really isn't, at least with the Fob. Heck, I have ADHD, I lose little stuff like the authenticator fobs. I stopped playing WoW a few months shy of 3 years ago. My blizzard authenticator is still here on my desk, not terribly far from the SWTOR one.

 

Back on WoW, long after I got an auth, my guild's XO had his account get compromised. Guild bank was emptied. Every tab was nearly full of stuff, from crafting materials to items of all quality levels. Blizzard didn't restore one bit of the guild bank stuff. We had to rebuild it from scratch. Hundreds of items, some of the crafting mats in large quantities, all gone.

 

Seriously though. all you do, you push the button on the thing, it shows a 8-digit code (two more than blizzard), all numbers. You work some numpad magic, and you're done. it's not hard and it's not really a hassle at all, even for someone prone to losing things like that.

 

And the payoff? Not being locked out of the game while they do an investigation prior to restoring your account. Not having to wait weeks for them to investigate before restoring your items, characters, skills... not having to worry that they won't restore everything (they don't always).

 

And the Vendor does have some fairly shiny stuff, but nothing hugely essential. One customization for the first companion for each class, a mouse droid, an astromech that sounds like it plays music, a 'fleet pass'(how it differs from the 'emergency fleet pass' I don't know), a five-piece, fully modifiable light armor slave girl outfit usable at level 14...

 

Now for a very detailed technical breakdown of how the fobs work, that you can skip if you don't care. :p

 

The fob is a Vasco Digipass Go-6, the same model blizzard and many other MMOs use. It features a single button and an 8-digit screen. Pushing the button causes the currently valid code to appear on the screen. Length of code is customizable by the user (Blizzard uses 6 digits, Bioware uses 8).

 

The code is generated by running a DES, 3DES, or AES(also customizable) hash function on a two-part input: a unique fixed part tied to the specific fob (possibly the serial number, but I'd make it different and use a lookup table if it was me) and a dynamic part based on an internal clock built into the key.

 

The key works on the principle that given the same input, the hash function will always output the same thing. By knowing both the fixed part of the input and the state of the fob's clock, the server can determine what code(s) the fob should be generating at the present time. Both things must be known in order to accurately predict what codes will be generated.

 

The fob is designed to be non-openable: according to Vasco, estimated battery life is 7 years. Additionally I have heard that it is not possible to reset the fob: the parts used to program it are physically severed/fused at the factory, and even Vasco can't restore them. Any interruption of power would change the state of the clock versus what the server expects, meaning that even if the battery were replaced and the fob still worked, the codes generated wouldn't match what the server was expecting.

 

The codes change regularly: at LEAST once per minute, but I believe it's every 30 seconds. This makes it almost impossible to brute force the code if it has any appreciable length: SWTOR's 8 digit code for example, has 100 MILLION possible codes. Even with the account password, no more than a few could be tried before it reset, requiring them to start over. Guessing the currently valid authenticator code thusly has worse odds than winning the lottery.

 

One thing however: because of the resetability of the phone app version, if the serial for your phone auth were to be acquired somehow, they COULD duplicate your phone auth, at least in theory. Social engineering and Phishing are the most likely attacks here, but phone hacking can't be ruled out (and could in theory allow them to access the app on your phone remotely).

 

Either way, your security is DRAMATICALLY increased. The fob in particular is all but unbreakable, and has more than enough battery life to last the likely time you'll be playing the game for. The only problem with the fob is that occasionally one will cease to function way early: due to a malfunction, not the battery dying. It pops up an error on the screen if this happens, and then you have to contact bioware to get it removed... I don't know anyone this has happened to, but have seen a few reports on the net.

Link to comment
Share on other sites
gantuth

gantuth

Posted
Posted
I've never come accross them before in any of the MMORPGs I have played (and there have been a few lol)...

 

So I have yet to activate mine, any feedback to the OP on the benefits apart from access the CE Vendor greatly appreciated :)

 

Driz

 

wow did it first

 

http://us.blizzard.com/store/details.xml?id=1100001470

 

The thing is it saves you from being hacked and having your stuff destroyed.

Link to comment
Share on other sites
Tiron_Raptor

Tiron_Raptor

Posted
Posted
Never had a need for computer security as I know what I'm doing, but some people just can't help using unsecure practices (phishing, account sharing etc) and this key will help them.

 

Oh there are SOOO many other ways you can get comprimised. keyloggers aren't an uncommon method, frequently packaged with mod installation packages, though they don't have to be.

 

All it takes is one bad ad: my father once got a virus from merely VISITING myspace music! He noticed and got me removing it right away, but he literally didn't do anything wrong from a security standpoint: the bloody thing autoinstalled, in firefox no less, from one of the advertisements, without any user intervention at all.

Link to comment
Share on other sites
Welderman

Welderman

Posted
Posted
I'm with you.

 

My WOW account got hacked prior to me having a security key, and it was devastating seeing my toons all naked and without the gear I'd worked hard to get.

 

A security key is a fantastic idea, and I downloaded the iPhone app the day it became available.

 

On a funny note, the hacker must have taken a shine to my hunter, as I found him logged out in an instance, with some nice BoE epics in his bag....

 

mine got hacked too, lost everything - though i got most of it back eventually, but its a sickening feeling. Funny thing was, i hadnt been playing for 6 months, it was only when blizz emailed me telling me i`d changed my password etc, and to confirm it. I had however been playing Starcraft II, and i believe it was my Blizz account that got hacked. Not had anymore problems since getting the Authenticator, which is why i downloaded the SW:TOR iphone app. just makes it that bit more secure.

Link to comment
Share on other sites
Tiron_Raptor

Tiron_Raptor

Posted
Posted (edited)
Yeah, contact support and get your stuff back in 2 days

 

not a big deal anyways

 

If your account gets permabanned for say gold seller spamming while they have it, you don't get anything back at all.

 

Even then, what you get back in two days or so is ACCESS. You will NOT get your items back immediately: it will most likely take weeks before you get anything.

 

And even then you may not get back all of it. They frequently don't restore everything. My guild's XO on WoW got compromised and they cleaned out the guild bank. We never got ANY of it back. Someone made a lot of money off our guild bank, and we had to start it over from scratch (it was really, really loaded).

 

They do it this way because it takes them a lot of work and costs them a lot of money to find and restore all your stuff: they WANT it to be painful for you because it's painful for them.

Edited by Tiron_Raptor
Link to comment
Share on other sites
rhirne

rhirne

Posted
Posted (edited)

Saying it's not worth the hassle is just pushing off the fact that they are worth the hassle.

 

 

Never had a need for computer security as I know what I'm doing, but some people just can't help using unsecure practices (phishing, account sharing etc) and this key will help them.

 

I understand people saying they have passwords it has special characters and numbers symbols, etc... But do you know there is such a thing called a rainbow table. And there are several free ones (you can even make them yourself). Dictionary attacks are old school as are brute forcing. If I can use a rainbow table, it's supremely faster. They contain every combination possible for passwords for a given character set. And since I already have the password in my database, I just have to match my hash to yours.

 

I can create an email, that looks like it's from BW, will have BW site links, will click you to a website which looks like BW (will even say http://www.swtor.com in the address bar), and by all means looks real, but is 100% fake. Even when you hit the reply button on the email, it will be a BW email address, but will NOT go to them.

 

I work with this type of stuff everyday - and you would be amazed at how fast a a persons password is cracked when they say they are "secure." And btw, we already know BW password policy, not to mention people, in this thread, giving us information about their account / password - the same people who say they are not internet dumb. ;)

 

That's why this FREE extra layer of security is worth it.

Edited by rhirne
Link to comment
Share on other sites
Aniline

Aniline

Posted
Posted
They would still need to find something willing to cough up those $105 for someone else's WoW account, so a WoW account doesn't necessarily = $105.

 

The worth comes from other players. Players who are willing to spend real money for gold/credits and characters.

 

Almost all of the gold/credits that gold spammers are selling comes from hacked accounts. Those gold spammers aren't earning their gold through honest means. They are stealing it from players to sell to other players.

 

And with the number of people that are too lazy to earn their own gold/credits, hackers always have someone willing to cough up the money for the goods from those hacked accounts.

 

Honestly, the best way to stop hackers is to lower the worth of game accounts. If there is no demand for buying gold/credits, then their market will crash and it won't be worth the effort to hack accounts because they won't be able to get rid of them or earn anything from them.

 

If people stopped buying gold/credits, powerleveling services, etc., then fewer people will be hacked. (This doesn't mean it's not a good idea to keep yourself protected, but it will help prevent hacking from occurring.)

Link to comment
Share on other sites
VanorDM

VanorDM

Posted
Posted

When I played WoW one of my guild mates got hacked twice.

 

It was much more painful for him, but still was a pain for the rest of us, because they cleared out the guild bank, and because he was the guild leader they also deleted our whole guild.

 

It's a bit like driving, you may not be a bad driver, but that may not stop someone who is from slamming into you.

Link to comment
Share on other sites
Tiron_Raptor

Tiron_Raptor

Posted
Posted
Saying it's not worth the hassle is just pushing off the fact that they are worth the hassle.

 

...

 

That's why this FREE extra layer of security is worth it.

 

I'll grant that the phone version is probably a bit of a hassle. I can see why, and understand why. It's also more vulnerable to being duplicated. It's also free.

 

The $6.50 fob is NOT a hassle and is almost impossible to defeat, to the point of absurdity(for a game anyway).

 

I know which I'd go with, since there's been a fob sitting on my desk since Dec 19 (and I ordered DDE).

Link to comment
Share on other sites
rhirne

rhirne

Posted
Posted (edited)
I'll grant that the phone version is probably a bit of a hassle. I can see why, and understand why. It's also more vulnerable to being duplicated. It's also free.

 

The $6.50 fob is NOT a hassle and is almost impossible to defeat, to the point of absurdity(for a game anyway).

 

I know which I'd go with, since there's been a fob sitting on my desk since Dec 19 (and I ordered DDE).

 

 

it goes back to a comment he made earlier - "I have to find my phne, TYPE IN A SECURITY CODE TO UNLOCK IT, start the app...."

 

Why use a security code on your phone then? Just turn it off. it doesn't have anything top secret on it I suspect either. The little bit of hassle for piece of mind is definitely worth it.

Edited by rhirne
Link to comment
Share on other sites
 Share
Go to topic listing
×
×
  • Create New...