Why in the world would I use a security key?

[petrobomb]

I honestly use to think that the security key was the biggest load of BS until my account got hacked back when I played WOW. I don't see how so many people on these forums can say that they don't do anything to your account because when I logged on my main character he was sitting in the bank naked with nothing left, even all of my alts on every server had nothing left and they even took as much as they could from the guild bank (which got me kicked from the guild). The security key does work it's as simple as that. If you don't want it then don't buy it.

[Wyrmsfire]

how is the app version of an authenticator any more secure than just user/pass? If they have that info can't they just download it themselves and login to your account?

 

The key fob or the phone application has a unique serial number that is tied to your account.

 

Say someone DID get your user name/password, but had their own authenticator and not yours. It still would not work because the number generated from that device/app is coming from a different device/app with a different serial number than what is registered to your account.

 

Additional security should ALWAYS be taken. If not for your own peace of mind, then for the people you play with. It also helps protect personal information/credit card info that might be stored in the SWTOR site (which you ALSO have to use the authenticator to access).

 

I hope when guild banks are implemented, they enable it so that you can prevent guild members from accessing certain places who dont have an authenticator. This is one thing WoW did that I really liked.

[Nighthawked]

I have a quick question. I did not want to create a new topic for this, so hopefully it will not get ignored.

 

I plan on getting the latest iPhone. I already have the security key on my current iPhone, but I would like it on my new phone. I wrote down the serial number, but I remember entering a longer set of characters when I first added this. Does anybody know if I need that longer set of characters again? If so, can I find it easily on the website?

 

I know with the WoW authenticator, I could transfer it to my computer, and transfer it to a different device and it would still work. Can I do the same here?

 

Thanks!

Edited December 28, 2011 by Nighthawked

[Jimer_Lins]

I have a quick question. I did not want to create a new topic for this, so hopefully it will not get ignored.

 

I plan on getting the latest iPhone. I already have the security key on my current iPhone, but I would like it on my new phone. I wrote down the serial number, but I remember entering a longer set of characters when I first added this. Does anybody know if I need that longer set of characters again? If so, can I find it easily on the website?

 

I know with the WoW authenticator, I could transfer it to my computer, and transfer it to a different device and it would still work. Can I do the same here?

 

Thanks!

 

I believe that to change the authenticator associated with your account you will have to contact customer service.

[wtb_skillz]

Two Words.... Fleet Pass

[petrobomb]

I have a quick question. I did not want to create a new topic for this, so hopefully it will not get ignored.

 

I plan on getting the latest iPhone. I already have the security key on my current iPhone, but I would like it on my new phone. I wrote down the serial number, but I remember entering a longer set of characters when I first added this. Does anybody know if I need that longer set of characters again? If so, can I find it easily on the website?

 

I know with the WoW authenticator, I could transfer it to my computer, and transfer it to a different device and it would still work. Can I do the same here?

 

Thanks!

 

The authenticator seems to be made by the same company as the WOW authenticator. I've never had to transfer them before but it might work the same way.

[Grumzz]

It takes me all of 5 seconds to enter my security key and log in...

 

I will GLADY take a whole extra FIVE SECONDS to log in .. and know my account is safe and secure...

[Evenios]

For once i agree

 

The bad thing also is i read that once you connect your security key to your account YOU HAVE to always use it.

 

I dont understand that. It should be an option. what if the battery dies? what if you lose it? that means you have to order another one or get a new battery and wont be able to play until you do

 

seems much much more of a hassle then its worth unless your just worried about having your password stolen.

 

but for some people the added security is worth it.

[Estinius]

If you call customer support they can reset the authentication key so you can get in to your account. You can disable it once you activate it, and still get the free stuff. Why everyone is making a big deal about it, I don't know. I think the thread is going on way to long. I use mine on my Iphone all the time. I even had to contact customer support one day because it initially didn't work. Bioware support was very helpful and got me setup. They even asked me if I wanted it disabled.

[Baizak]

I've never come accross them before in any of the MMORPGs I have played (and there have been a few lol)...

 

So I have yet to activate mine, any feedback to the OP on the benefits apart from access the CE Vendor greatly appreciated

 

Driz

 

My account was hacked twice in the MMO that shall not be named. I got the security key and never had my account hacked again. Coincidence? I don't believe in coincidence.

[Dosadi]

If you don't want it then don't use one.

 

But if someone gets a keylog on your computer or hacks biowares login database(which seems to be all the rage nowadays), your account will still be safe because they may know your password but they will not be able to generate the random code required to log in.

 

And the danger of someone logging into your account is much more severe then them leveling your toons for you. I got hacked on wow once they sold all items on all my characters except the gear my high level was wearing so that they could use him to farm minerals to sell for further gold. They deleted toons and they deleted my friends list so that people wouldn't see them online. They then access your guild bank and sell everything they can from there as well. So it's not just you they mess with.

 

Now you'll get it all back sure, but you'll need to wait hours on the phone with some guy from india, and in some cases need to prove your identity with a fax of a goverment issue id. It may even take a day or 2 to get it all mailed back to you.

 

Personally i just find it easier to use the authenticator.

[ghostpreacher]

It's simple.

 

This is a case of good authentication. 2 pieces of information you have/know (Username/Password), plus 1 you don't until it's needed for use, and it's only good for a limited time (security key).

 

Somebody linked to a page about the authenticator getting "hacked" for WoW. That is not what happened. A virus intercepted the security key (and other login details), which could then be used for a single login to the site and game because of the limited time the key is good.

 

How many of you use the same password for your email account, your TOR account, Facebook, online banking account, etc. Those of you who don't - you're doing what you're supposed to.

 

It's a stopgap measure to add another layer of security. Account break-ins aren't always about same random dude farming gold on your account and stealing your credits - sometimes they're about that guy you pissed off for some reason wanting to exact revenge. Even if he could guess your password, what good would it do him?

 

It's to help that one small group of folks who can't remember good, strong passwords, or people like me, who like to take as many steps as possible to prevent account breakins anywhere.

 

And also:

Now you'll get it all back sure, but you'll need to wait hours on the phone with some guy from india, and in some cases need to prove your identity with a fax of a goverment issue id. It may even take a day or 2 to get it all mailed back to you.

 

Think of it from the other perspective. You can help reduce cost by preventing a whole swath of account break ins in a simple way. That means more money in their pocket. Hell, they're selling the authenticators for 5 bucks online, and giving away the Android and iOS apps for free. That should tell you something.

Edited December 28, 2011 by ghostpreacher

[foulcault]

Why have a security token/authenticator - security, peace of mind, security, and did I mention security.

 

Perfect example here:

 

I used to play Guildwars and NCsoft (like Blizzard) has it so you have a company account now. There is however no token for NCsoft games. I hadn't been on in a while and was planning to go back to gear up for GW2. I had been playing GW1 since beta and loved it. Now lets be honest here the accountwas well over 5 years old and no I hadn't changed the password in a bit cause I hardly played it.

 

So no token, old password, coming back to play. I am at work on a late november day in 2010 and get an email my account is being logged into from china. Seeing as how I live in the US and never have travelled to asia I found this a tad odd. I contact support to inform them my account has been compromised. This was being done all by email and what they asked me for next floored me. they asked for my name, address at time of purchase, last for of my CC used to buy stuff online, and all my CDkeys!

 

So after two days of searching for this ancient information I was able to get my account unlocked, log in, and everything is gone, special birthday gifts, armor, crafting gear, I was in my skivvies in a PvP area. They even raided my newbie zone character. So I asked for a restore and was denied cause they don't restore lost items even if from an account taht was obviosuly compromised.

 

Two days later I get an email....my account was locked....for suspected gold selling. At that point I just gave up and thought I would go elsewhere.

 

A year later I finally took the time to call them (open noon to 3pm) and they unlocked my account cause they wouldn't unlock it from email now cause the account was possibily compromised unless I reprovide all that same info (Which I was not comfy with giving over mail in the first place)

 

 

Needless to say had I of just had a token (which they don't offer) I would not have lost all that and my $200 dollars worth of legit games and shop items would not be on a shelf collecting dust. It's not worth grinding back up to gear up and buy all the stuff I lost. It was the worse customer service and security breach I have ever had and never wish to repeat again if I can afford it.

[CyberData]

Firefox + Noscript + Adblock + Common Sense Browsing habbits.

 

You're good.

 

An authenticator is just another layer of protection. Here's why I use all of the above:

 

I ask myself a very simple question. What's more inconvenient? Logging in an extra string of numbers or having to re-level and re-obtain all the credits/gear I already spent a large amount of time obtaining?

 

For me, the latter is always more inconvenient than the former.

[Zhit]

Whether TOR actually needs an authentication key won't be known for a few more months. Lets all hope TOR grows and adds subscriptions. The gold sellers and account stealers only show up in games where they can make money. And the successful games are the ones with a viable market for making that money.

 

Most folks have smart phones, easy to grab a free authenticator for the peace of mind.

 

WoW has had a trend among higher end raiding guilds that everyone have an authenticator attached to their account. I can hear folks lamenting now, but nice to know that someone isn't going to log on for a raid night only to find they need to be replaced for a week or so while they deal with account recovery. (Although I hear the recovery period is down to 2-3 hours now.)

Edited December 28, 2011 by Zhit

[Dasri]

Firefox + Noscript + Adblock + Common Sense Browsing habbits.

 

 

The extra layer is always better, even if you think your safe. In my case it was: A late night + various alcoholic drinks + googling an armory link that turned out to be fake + me not noticing that fact because of the first two.

 

I admit that it was a foolish move, but as a human I'm not always 100% perfect. An authenticator would have saved me the three weeks it took to get my characters restored.

[Jilla]

I am a bit contradictory... I think it's overkill but I got one. I've never been hacked that I know of. I follow all those security rules, change my passwords all the time, don't bother opening any e-mails about any games--even ones I play, I never use the same password more than once, etc, etc.

 

I may have been hacked in WoW... got an e-mail that looked like it was from Blizzard saying my account was banned. But I had not played in over a year and didn't care (so I ignored/deleted the e-mail without even opening it... my standard procedure for all such e-mails). It could have been real or it could have been phishing. And honestly, if I were to lose my characters and all that, I would either just start over again or just quit the game (depending on how I am enjoying the game at that point). I play for fun, not for the stuff so much.

 

But you know, the security thing was only $6 with shipping (I have a "dumbphone" so I couldn't download the freebie). And you know, as safe as I feel, I rather buy that cheap insurance since there is the little detail about credit card information and other personal information that I used to create my account.

 

The fleet pass is a nice bonus too. I just need to buy one in game at some point (only really wanted it for the first time last night--but didn't get a chance to buy it).

[Adam_Nox]

If you don't want it then don't use one.

 

But if someone gets a keylog on your computer or hacks biowares login database(which seems to be all the rage nowadays), your account will still be safe because they may know your password but they will not be able to generate the random code required to log in.

 

There's nothing random about it. And if they can db hack, they likely can get a key that can be plugged into a reverse-engineered algorithm to duplicate your authenticator keys.

 

obviously this isn't as easy, but I would expect it to happen, especially with this game, if the db isn't properly secured.

 

On a side note, if you use noscript and adblock and don't do stupid stuff on the internet, then an authenticator won't make a difference. People saying you are a fool if you don't use one, I say you are a fool if you need one. I understand why bioware wants you to have one, because they don't care how stupid their customer base is, profits is profits, but don't get defensive if you have one and start insulting others.

[Tiron_Raptor]

There's nothing random about it. And if they can db hack, they likely can get a key that can be plugged into a reverse-engineered algorithm to duplicate your authenticator keys.

 

obviously this isn't as easy, but I would expect it to happen, especially with this game, if the db isn't properly secured.

 

On a side note, if you use noscript and adblock and don't do stupid stuff on the internet, then an authenticator won't make a difference. People saying you are a fool if you don't use one, I say you are a fool if you need one. I understand why bioware wants you to have one, because they don't care how stupid their customer base is, profits is profits, but don't get defensive if you have one and start insulting others.

 

If the DB gets hacked to the point they can duplicate the authenticators, we've got bigger problems.

 

And that man-in-the-middle attack mentioned earlier is exactly the kind of thing I gave blizzard hell about initially: when the authenticators first came out, you could remove it from the account via the account management page with no additional verification. I had to point out, on the forums no less, than an attack just like that would allow someone the ability to remove the auth key from the account. They made it so you had to enter two more, consecutive codes to remove it.

 

That kind of attack has limited usefulness though: the codes are only valid for a short period of time, so they have to log in IMMEDIATELY. They need a new code every time they log in, they're going to have a harder time changing your password, and if you manage to get in on another system it boots them off, making them need a new code again.

 

Nothing is foolproof, but it's better. Like I said over on blizzard's forum, a lot of the protection it offered was simply because there were plenty of accounts without one they could get into. Soon as a lot of people have them, they'll start trying to find ways to get around it. Man-in-the-middle is one of the few reasonable ways, and gives them a LOT less time to work with, because you're going to know something's wrong much faster.

[DarkSeverance]

You know what is worse than when someone hacks your account, sells all your stuff? It is when they hack your account, but you can't do anything about it, because they put their own security key on the account. This is actually a common practice now by hackers and farmers because they can generate free keys with Android/iPhone apps.

 

It takes weeks to go through customer service, prove that you are who you are, that the account really is yours to get it removed. Now if you have own key and it is activated. That is a whole different story. At least you don't have to be fearful about someone deleting your character, taking your items and selling them or doing other things with your characters.