View Single Post

Phillip_BW's Avatar


Phillip_BW
04.03.2013 , 08:31 AM | #54 Click here to go to the next staff post in this thread. Next  
For all those posting about the game crash, it looks like I need to be a bit clearer on 'authentication' vs Launcher and Game crashes:

If you get to the point where you can click 'Play' in the Launcher, you are past 'logging in' and have moved into loading the game client. The changes we made to authentication (Display Name only, OTP, Self Service) have nothing to do with those game crashes.

If you can't get to the point where you can type in your authentication credentials and click the Login button, then you have an issue with the Launcher itself. The changes we made to authentication were back-end changes, and while other pieces were also modified on the 2nd, those weren't to do with the Display Name, OTP and Self Service features.

There are other threads (mainly in the Customer Service forum area) about those issues if you have them, and please move questions about the game client issue over there - I won't respond to them as I'm not involved. I do wish I could help, but my expertise is elsewhere.

I'm also only answering new questions about authentication that haven't already been answered in this or previous threads. Those threads are:
http://www.swtor.com/community/showthread.php?p=5954106
http://www.swtor.com/community/showthread.php?t=612230


Quote: Originally Posted by DarthVitrial View Post
But you DID say Subscribers will be getting those pets too, right?
Actually that wasn't me specifically - I think that may be the case, and I hope so, as I too collect the pets. I'm not involved in that side of things though, so don't know for sure.

Quote: Originally Posted by Aries_cz View Post
Trying to bring this back onto the topic of new authentication method and problems associated with it (black screens and crashes are being solved elsewhere, really guys). Some reply from Philip_BW or some other responsible "yellow" would be great.

It seems that people without security keys and with ISPs that rotate dynamic IPs like crazy are the most affected by this problem.
-
I am assuming that the One Time Password occurs only when the launcher does not recognize your current IP. This creates problem with Dynamic IPs, as mentioned above. If I am mistaken, please discount the suggestion.
-
Given the apparent problems this otherwise great security upgrade caused, are there any plans to maybe make the check for MAC address instead of IP address? If I understand the system correctly, it would solve the problem of launcher not recognizing the current machine, and using One-Time Password would add the current machine to a "verified" list.
The change in IP addresses by certain ISP's is a great inconvenience for those that use those ISP's. We totally understand that. The problem we face is that we have to take into account a lot more than just changing IP addresses, and have to set the level of security around 'all the players'. This means that some (in this case people that use changing IP ISP's) are going to be inconvenienced more than others. We also have to consider what attacks can be run against the system, and ignoring IP and changing to MAC address instead would actually open up quite a few attack vectors which you don't want us to allow. In reality we pay attention to a lot more than just the IP address, but that's a different conversation which I won't go into detail on 'for security reasons'.

Authentication is one of the most complex systems we have as we try to balance security with user inconvenience. In the end to have adequate security, some inconvenience is required. Believe me, if we could trust everybody to stick to their own account and just have people log in with an auto-saved username, we would. Reality is that there are a few 'bad' people out there that mean we have to treat authentication seriously. And we do.

To alleviate the problem we do have two options on our side:
For subscribers, there is the option to use the Mobile Security Key (and ex-subscribers can continue to use it after they stop subscribing up until they remove the Security Key from their account). This will mean you do not get an email every time your IP changes, and instead have to type in the Mobile Security Key Code.
For all players, there is the option to buy the Physical Security Key to achieve the same thing. Yes, I totally understand the Physical Security Key is currently out of stock in Europe, and we are working diligently with the European Origin Store staff to get that restocked ASAP. I have a tentative date for sometime in the next few weeks, but I'm not going to say exactly when until they confirm that date to the point where I feel comfortable posting it. I do not want to give false hope there!

Phillip Holmes
SWTOR Head of Security