Jump to content

The Best View in SWTOR contest has returned! ×

Cant download security key app


LeeLoou

Recommended Posts

Use any TOTP authenticator app, whether it is for SWTOR or not.

SWTOR support recommends Google Authenticator, but any of them will work (I use OTP Auth).  Others include at least:

  • Authy
  • SaaSPass (?sp?)
  • WinAuth <<== Runs on your PC

The one downside is that you will need to set your phone (or your PC if you use WinAuth) to rigorously and consistently keep the right time, as only the SWTOR app (for Android(1)) has the "Sync" command that can interrogate SWTOR's security key app server to find out the difference between what the phone thinks the time is and what the server thinks the time is.  (All TOTP authentications depend on both ends having the *same* idea of what the time is, since the first "T" of TOTP is short for "Time-based".

(1) The iPhone version of the app didn't have that command, presumably because in their default configurations, iPhones keep better track of the right date and time than Android phones do.

Link to comment
Share on other sites

On 9/11/2024 at 12:25 PM, SteveTheCynic said:

The one downside is that you will need to set your phone (or your PC if you use WinAuth) to rigorously and consistently keep the right time, as only the SWTOR app (for Android(1)) has the "Sync" command that can interrogate SWTOR's security key app server to find out the difference between what the phone thinks the time is and what the server thinks the time is.  (All TOTP authentications depend on both ends having the *same* idea of what the time is, since the first "T" of TOTP is short for "Time-based".

There seems to be some tolerance for expired codes. I haven't tested it, but I'm thinking they accept codes 1 before and 1 after the true code in the sequence. Or it could be based on a certain amount of time, so maybe an old code can be used up to 10 seconds after it expired. Either way the time sync doesn't have to be perfect. It can be off by some amount and the code will still be accepted.

Link to comment
Share on other sites

20 hours ago, ThanderSnB said:

There seems to be some tolerance for expired codes. I haven't tested it, but I'm thinking they accept codes 1 before and 1 after the true code in the sequence. Or it could be based on a certain amount of time, so maybe an old code can be used up to 10 seconds after it expired. Either way the time sync doesn't have to be perfect. It can be off by some amount and the code will still be accepted.

The RFC says you should accept one that has just expired, during the whole interval (rather than just ten seconds) after it expires(1), in case someone is a bit late getting it typed in.  I believe this is what SWTOR does.

(1) That is, it will accept today's code for the time interval 20:43:00-to-20:43:30 at any time during the time interval 20:43:00-to-20:43:30 (where it's still "current") OR the time interval 20:43:30-to-20:44:00 (where it's expired-but-acceptable).

  • Like 1
Link to comment
Share on other sites

On 9/11/2024 at 12:33 PM, LeeLoou said:

I just got a new phone and cant download the security key app. Is there another way to get the security key on my new phone?

The SW:TOR Security Key App and the SW:TOR Physical Security Key are no longer supported as verification methods

Swtor recommend switching to Google Authenticator if you currently use either of these as a SW:TOR Security Key.

See https://help.ea.com/en/help/star-wars/star-wars-the-old-republic/swtor-security-key-faqs/

Edited by OwenBrooks
Link to comment
Share on other sites

×
×
  • Create New...