ToR authenicator?

[Grevus]

Will Bioware offer some sort of authenicator? I remember seeing something in the CE version, but will that be available to everyone? And If so I'd like to see a mobile version.


Hell for that matter have they said anything about account security? Other than stricter password requirement?

[StationaryHawk]

More likely than not they won't be exclusive to people who could dish out the extra cash for the Collectors Edition. We'll probably see one available to everyone in the near future.

[JustintimeSS]

The CE one is the only known one at this point. I highly doubt that will be the only one out though because well, that is just dumb.

Speculation of course - They will be purchasable from Origin or Swtor.com and most likely on an App for phones.

[anewok]

Will Bioware offer some sort of authenicator? I remember seeing something in the CE version, but will that be available to everyone? And If so I'd like to see a mobile version.


Hell for that matter have they said anything about account security? Other than stricter password requirement?

Yes. They will offer both physical and mobile versions. A couple days back before the server was reset, there was a page under My Account that had them both listed. It's not up at the moment, but if you open the launcher and click the Learn More link next to the Security Key box, it takes you to where you could get them (it doesn't atm though.)

[domwindle]

Mr Reid posted on his twitter account that they would make an official announcement next week. It seems likely that they will have both mobile and keychain authenticators.

[Starry101]

yes, there will be one for purchase, there will also be a mobile version. An announcement should be coming soon. They accidently had the page up the other day.

[Atoj]

Since every other modern MMO has gone the mobile authenticator route, and since it probably would cost the company more to deal with customer service complaints of "I got hacked. Please help!" than it is to provide a service that prevents people from getting hacked in the first place, I think it is safe to say that a mobile authenticator app is in the works.

[Neofate]

Just curious. Can you guys explain to me how the accounts are at major risk on your personal computer?

I don't doubt that they are, I'm just not seeing the big security threat to need an encryption authenticator. It's cool, it probably makes it where you don't even have to type the password .. with your phone? Maybe? no?

Just give me the skinny on the things.. I have no clue about them.

[Meleti]

Just curious. Can you guys explain to me how the accounts are at major risk on your personal computer?

I don't doubt that they are, I'm just not seeing the big security threat to need an encryption authenticator. It's cool, it probably makes it where you don't even have to type the password .. with your phone? Maybe? no?

Just give me the skinny on the things.. I have no clue about them.

There are people who make a lot of money writing malware targeting MMO accounts and distributing it with bad ads, phishing attempts, infected sites, etc.

[Marxman]

Just curious. Can you guys explain to me how the accounts are at major risk on your personal computer?

I don't doubt that they are, I'm just not seeing the big security threat to need an encryption authenticator. It's cool, it probably makes it where you don't even have to type the password .. with your phone? Maybe? no?

Just give me the skinny on the things.. I have no clue about them.

People without authenticators are where gold selling companies get the majority of their currency to sell. It's also where a majority of their farming bots come from.

[Oerba Yun Fang]

They will most likely offer them for everyone, however the style of the CE one will probably remain exclusive to the CE (whatever artwork is used on it for instance).

[Atoj]

Random keyloggers and the like will quickly log your e-mail address and commonly used passwords. You can take precautions to protect your account simply be using a unique e-mail and password that you use specifically for the game and no where else on the web. I have never been hacked likely because of that precautionary step, even before I got an authenticator.

However, Authenticators work by randomly generating a number that is generated on your device upon linking it to your account. Your account will then require the number that is generated on your authenticator before allowing anyone to log in. This is useful to prevent people remotely logging in on your account with your information as they will not have the authenticator's number in order to complete the log-in process. In effect, it acts as an extra password that is randomly generated upon log-in.

In truth, the number isn't all that random, but generated based off the device's SID and the current time. If a hacker had your authenticator's SID they could theoretically reproduce the number they need to access your account, however most gold farmers and account hackers would rather devote efforts to unprotected accounts that are easier to tackle.

---------- Post added 2011-12-12 at 12:30 AM ----------

People without authenticators are where gold selling companies get the majority of their currency to sell. It's also where a majority of their farming bots come from.

This is why you shouldn't buy gold from third party sites. You are promoting terrorism!

[Elim Garak]

There will be news about Authenticators this or next week.

[Neofate]

I see. Makes sense. Using a key with a similar tech scheme as a PGP Hash, or anything else with a single key that you pass between parties to unlock a data link.

At any rate, sounds good.

Say you have an app for your phone, will it also add convenience of logging you in with the press of a button by proximity, or do you still always type a password?

[Elim Garak]

Say you have an app for your phone, will it also add convenience of logging you in with the press of a button by proximity, or do you still always type a password?

You have to enter normal password and authenticator code (which will be generated by mobile app in your scenario) - manually

[Atoj]

Blizzard has made innovations to their authenticator process by making it so that repeated log-ins from the same IP don't always ask you for the authenticator. This is a matter of convenience as few people are worried about being hacked from their local computer and instead only want defense from a remote attack. If you log into your account from a different IP than the one you last entered your authenticator code from it will again ask you for the code. Whether SWTOR will have this or not I do not know.

[Oerba Yun Fang]

Blizzard has made innovations to their authenticator process by making it so that repeated log-ins from the same IP don't always ask you for the authenticator. This is a matter of convenience as few people are worried about being hacked from their local computer and instead only want defense from a remote attack. If you log into your account from a different IP than the one you last entered your authenticator code from it will again ask you for the code. Whether SWTOR will have this or not I do not know.

That's also optional now. Blizzard added a by-pass to Battle.net that you can opt in or out of, so that people who want it to ask every time, can have it ask every time.

[Neofate]

You have to enter normal password and authenticator code (which will be generated by mobile app in your scenario) - manually

Thank you. I'll just have to live with it

[Scripts]

Its the same concept used for office computers and are considered best practices for general computer security. Computer security for passwords is always better if your password requires a combination of things you know (secret questions/password/etc.) and things you have (the authenticator keyfob/smartcard/IP address/etc.).

As others have said, there's a lot of malware out there that can get loaded from an ad or something else that is exploiting some kind of zero day bug from Adobe Flash, or Windows Media Player, or Chrome, or FireFox, or whatever, and it captures your email logins, or your banking logins or something else equally sensative, and then you're screwed.

I'm glad that they're going to offer authenticators via mobile device and selling the key fobs as well. The forced password changes were also helpful. It shows that BioWare and EA are taking security seriously straight out of the gate.

[Cyberace1985]

im just waiting for an authenticator app for my droid. only ever had my wow account hacked 1 time and it was cause i wasnt just logging in from home but from school. which tells me that the school was infected and it was on the teachers netwprk which makes me wonder.