Something else I hope SWTOR will do....

[ZeroWashu]

well I don't see how a keylogger can track your mouse movement, especially something like that would be based on so many variables, mouse speed, screen res, etc etc.

keylogger there are no variables, when you type and A in your password its an A on all keyboards.

And I think something like connecting a series of dots and placing random ICONS in a series of boxes would have combinations up in the millions so it would be really hard to brute hack, and I hope Bioware will institute a account lock of 5 mins after so many fail tries.

maybe they should just put in CAPTCHAS! lol thats a joke, its ok to laugh, I hate those too!

Frankly, I would be more worried about my bank and mail accounts than a game. I could care less if someone hacks my account, that is what customer service is for. Then again having been on a Mac for ages I don't get that experience some here seem to irrationally fear.

[Deleted]

Gonna be difficult for Smugglers, Imperial Agents, Troopers and Bounter Hunters to log on then

Didn't you hear ? The force surrounds us ... it penetrates us ... hummmm ...

Anyway, authenticator pls bioware.

[Deleted]

As someone in this tread said, everything you connect to the computer is unsafe, and can be copied, recorded or monitored.

The RSA token system is as safe as it gets at the moment, without very expensive security equipment.

I find it good, and the token is very small (if you dont have it in your smartphone) and is a nice keyring.

What I dont like is that everyone want to have their own RSA token, when it is the serialnumber combined with the internal clock in the token that generates the code anyway. So a generic (personal?) RSA token would be a great thing.

[Deleted]

And I think something like connecting a series of dots and placing random ICONS in a series of boxes would have combinations up in the millions so it would be really hard to brute hack, and I hope Bioware will institute a account lock of 5 mins after so many fail tries.

The problem with this is that they usually have visual feedback. Keyloggers which take screencaptures are even available for sale. I don't think it would be that hard for malicious people to fabricate something that'll get your information.

From a security standpoint, it's still something you know and as such it isn't defense in depth, which having an authenticator (something you have) and a password (something you know) is.

[Styxz]

Frankly, I would be more worried about my bank and mail accounts than a game. I could care less if someone hacks my account, that is what customer service is for. Then again having been on a Mac for ages I don't get that experience some here seem to irrationally fear.

I thought hackers started wrting for MACs a few years ago.

OT get a cheap android and use that to auth imo.

By the time BW releases an auth app we'll probably start seeing farmers comming out in (the) force.

[nogard64]

I was just hoping for people to come up with more innovative and unique ways of authenticating, like really think outside of the box, so far it looks like the Rift coin system sounds promising.

[Tore]

Well the problem is that an authenticator is basically a key. Someone can't open a door if they don't have the key. It's not meant to stop keyloggers, it's meant to create a physical, unique layer of security.

Your idea, the clicking and dragging stuff in series, is more of a "Human Check" than a security layer. It would stop bots but not unauthorized logins. This is why Random Number Generation key fobs are a common security tool in large businesses--they work better than any digital alternative.

The reason RNG fob security is so tight is because its impossible to predict the next number. Clicking and dragging in a pattern means that there is a set pattern you are trying to match. As soon as someone finds out that pattern it becomes entirely useless. That's where physical RNG keys win; even if someone learns one of your numbers it will do them no good.