Jump to content

An update on the One-Time-Password system (April 16th 2013)


Phillip_BW

Recommended Posts

The way you are handling the issue is ridiculous IMO.

 

Many people are working just fine without a security key, and NOT getting OTPed to death either. So explore your options on that end of things then.

 

Good for them. Too bad I'm not one of them.

 

Wow!!! simply WOW!! :eek:

 

I'm not trying to be rude but you own this game and a internet based computer, but wont ever own a moblie device!?!? Hrmm!?!? I'm smelling a troll! :p

 

I live everyday hearing high-pitched ringing in my ears, simply because I'm surrounded by neighbours who do use Wi-Fi and wireless devices.

The closer I get to them, the more pronounced the ringing becomes, and close proximity exposure will cause severe headaches.

 

Still, you both seem to be defending Bioware's lack of Physical Keys being in stock.

 

I've been playing here since October 2011. Been a subscriber the whole time. Under the old system, with the security passwords, I NEVER got hit with secret questions while logging into the game, or onto the SW:TOR website.

 

Now, I get OTP'd every time I log onto the forums.

 

Ok, annoying enough by itself, but since the Physical Security keys are so cheap, I figured, "Alright, I'll bite the bullet on this one, and get a Physical Key for the first time ever in 10 years of playing MMOs."

 

Except, Bioware no longer has any Physical Security Keys.

 

If I were the only person having this problem, or there were so very few of us, you may have a reason to attack me.

This problem is affecting thousands of players. Do a search here for either "OTP" or "One Time Password", read through the dozens of threads about the problems people are having, then come back.

 

This IS a legitimate complaint. From a person who loves this MMO more than any other game I have ever played, MMO or otherwise. Your need to defend Bioware over this and attack those who are having problems, is stupid.

Link to comment
Share on other sites

  • Replies 231
  • Created
  • Last Reply

Top Posters In This Topic

Still, you both seem to be defending Bioware's lack of Physical Keys being in stock.

 

No...I agree they need to replenish as soon as possible, but were suggesting things that most tech savoy people have. If those options don't work for you they need to do something about it.

Link to comment
Share on other sites

Alright, I have an update.

 

Just for the heck of it, I decided to google "Star Wars: The Old Republic security keys".

 

It seems, while they are out of stock on the SW:TOR website, they are in-stock on EA's Origin store.

 

Crazy.

 

I got one, problem solved.

 

Still, it shouldn't be such a hassle to find or get them. I still think Philip_BW has a lot of work to do to perfect their new security measures.

Edited by CaptRavenous
Link to comment
Share on other sites

Um, do you folks realize that the SMTP e-mail system was not designed to deliver mail instantly? It was designed with a built-in buffer between hops, in case any intermediate server was temporarily down. It was designed to get the mail there eventually, if at all possible, and when it's most convenient, which usually is "right away", but could equally well be, "only in the middle of the night". The fact that, most of the time, our e-mail arrives effectively instantly is not something that can be relied upon, even if we all want it.

 

This issue doesn't affect me in the least, but I still find myself annoyed by the design of it.

Link to comment
Share on other sites

Still, you both seem to be defending Bioware's lack of Physical Keys being in stock.

 

Negative.

 

Setting aside the security key solution for a moment....I am however suggesting there are things about your personal PC setup/configuration that other people are not experiencing.. which leads to the conclusion that there are still things you can do on your end to solve your problem.

 

For example:

 

You don't get OTPed on the launcher.. so it's not IP address rolling in your case.

You do get OTPed every time you access the web site. That indicates a browser setup/options_setting of some sort.

 

The browser issue is actually the simpler to deal with because IP rolling is generally beyond ones control and is in the hands of your ISP.

 

AND.. you are not being OTPed to death getting into the game... only the web site... which frankly if I was in that situation... I would be playing the game and not accessing the website/forum except for account specific transactions until they restock the keys (which Philip has said is being addressed). I'm sure there are some forum member that wish I had this problem. :p

Edited by Andryah
Link to comment
Share on other sites

Alright, I have an update.

 

Just for the heck of it, I decided to google "Star Wars: The Old Republic security keys".

 

It seems, while they are out of stock on the SW:TOR website, they are in-stock on EA's Origin store.

 

Excellent!

 

I applaud people who take the initiative to self solve an internet issue. So Kudos for finding yourself a key.

 

NOW.... Philip should have been able to point you to that solution IMO.. but hey... however a solution is found is a good solution for an individual.

Link to comment
Share on other sites

Where is my mobile authenticator for Windows Phone!!!!

 

It's a market share problem....most corporations don't have confidence that windows phones are going to survive a crowded smart phone market.

 

3% market share world wide... 4.8% in Kantors key eight countries share measure..... 3.3% in the US.

 

Hate Microsoft for this.... everything they touch in the consumer electronic appliance space turns to doodoo. Which is a shame because the Nokia platform is really good. But you cannot blame corporations for being leery of supporting right now.

 

The good news is 5 years from now.. if Microsoft and Nokia do not seriously slip on a banana peel.... the Asian Market is theirs for the taking unless Apple seriously reforms their product price points and business model. And that will drive proliferation of market share world wide. But that is years away and many banana peels exist on the pathway.

Edited by Andryah
Link to comment
Share on other sites

I'm not trying to be rude but you own this game and a internet based computer, but wont ever own a moblie device!?!? Hrmm!?!? I'm smelling a troll! :p

 

Not necessarily. Some people just don't need a smartphone (assuming that's what was really meant by "mobile device"). All I ever use mine for is a bit of surfing because it's there anyway, as an alarm clock, and for the authenticator. My phone bill is around 1€/month. Once that sucker breaks, I likely won't get a replacement since an investment of several hundred currency units just wouldn't be justifiable.

 

Just saying.

Link to comment
Share on other sites

First of all, Thank you Bioware for the reply. I have to say though, that I have a feeling there's something you're not telling us: why is it that difficult to simply remove this feature? No need to worry about making sure emails are sent on time, etc. Simply removing the one time password and bringing back the security questions shouldn't be that difficult, right?
Link to comment
Share on other sites

Interesting because the described system behaviour doesn't match with my experience :rolleyes:

 

- I'm a subscriber

- I have a dynamic IP (that changes everytime I reboot the computer) confirmed.

- With the previous system I've set 3 security questions. Like 90% of the times I logged I had to enter one of the answers.

- I didn't have a security key

- I use IE and I have cookies enabled

 

Since the OTP implementation:

 

- I have never been asked to enter an OTP before (or the security answers), not in MySWTOR nor the launcher. Which is strange because the dynamic IP.

- Today I set a security key so I had to enter an OTP in MySWTOR. (which is expected)

The IP address you appear to be talking about is that allocated by your router, on your local LAN (usually something like 192.168.0.3 or whatever). The IP address that SWTOR sees (and the rest of the Internet) is that of your cable or ADSL modem on the Internet-facing side, which is allocated by your ISP. This can change when you cycle the power on your modem (or otherwise reestablish the connection). Sometimes the ISP will attempt to keep the IP address you had been allocated when you were last connected, but there's no guarantee of that.

 

So while your computer's IP address be changing locally (allocated by your router using DHCP), as far as everyone else is concerned it's usually the same.

 

FYI, the whole reason why you've got apparently private/separate IP addresses on your local network is due to the shortage of 32 bit IPv4 addresses. The technology that gives the illusion that all your devices on your LAN are the same external IP address is called IP masquerading. It'll be redundant if IPv6 ever really take over, but it seems to be taking a while. :)

Link to comment
Share on other sites

First of all, Thank you Bioware for the reply. I have to say though, that I have a feeling there's something you're not telling us: why is it that difficult to simply remove this feature? No need to worry about making sure emails are sent on time, etc. Simply removing the one time password and bringing back the security questions shouldn't be that difficult, right?

 

Because security questions don't really add that much protection. If we're talking about social engineering, if you're naive enough to give away your password, you're probably naive enough to give away your security questions as well. If we're talking about key logging, they will eventually ( probably sooner rather than later ) have the questions as well as your password. With an e-mail in the picture, it's harder for them. They have to deal with 2 passwords, and whatever additional protection your e-mail provider might have ( like SMS protect or smth ), and even the most naive of people would probably have alarm bells going off in their head if someone asked for their swtor password AND their e-mail password.

Link to comment
Share on other sites

right, so now that i have waited upwards of 20 minutes for an OTP to arrive to log-in, the launcher declared it invalid. So, after 20 or so more minutes, you did manage to send me another OTP, invalid again. I'm now sitting here, wasted 40 minutes of my life when all i wanted to do is play the game that i do pay a monthly subscription for.

 

So what do i do? Wait another 20 minutes for the next password only to hope that by pure chance of luck it might by valid and then go on and do this every single time i feel like playing a game i pay for every month?!

 

Before you guys walk all over me:

  • I checked the mail headers (and am competent in doing this, i have 2 bachelors degrees in computer science) and the emails took 4 seconds to arrive at my mail provider and get pushed via IMAP to my desktop. All other services i use on a day-to-day basis reach me via this route almost in real-time, apart from swtor....
  • I copy pasted the OTP exactly without any extra white-spaces and pasted it into a textfile to validate before finally pasting it into the launcher exactly as it appeared in the email
  • I did not try to log in to the website (which would generate another OTP, leaving me to guess what email belongs to what log-in request, another technical flaw that shouldve been acocunted for!), so this is not the source of the OTPs being incorrect.

 

End of the story, i cancelled my subscription. I have 3 characters, one of which is lvl 50, and have purchased the expansion early on, which i now deeply regret. Had i known it came bundled with this madness i wouldve never considered subscribing..

 

Well, youve got yourself another leaving customer to be proud of, by managing to screw up a working system. I can only warn everyone i meet about not paying you until this situation is reverted... seriosly, how hard can it be?!

Link to comment
Share on other sites

  • I did not try to log in to the website (which would generate another OTP, leaving me to guess what email belongs to what log-in request, another technical flaw that shouldve been acocunted for!), so this is not the source of the OTPs being incorrect.

 

That's weird. If I try and log on both the website and the game at the same time, I only get one password, which can be used in both places. Also, if I use the password on either the game or the website, I do not need to do it for the other.

Link to comment
Share on other sites

That's weird. If I try and log on both the website and the game at the same time, I only get one password, which can be used in both places. Also, if I use the password on either the game or the website, I do not need to do it for the other.

 

I was assuming that a one time password is tied to one log in request, since i always get seperate emails for every time i try go log in somewhere. I have to point out, i just tried adding the security key app, so if swtor allows, i may be able to play the last 6 days of my paid for subscription time, only to discover yet again, that the key that was sent is invalid... It only took 5-10 minutes to arrive now, though, so i reckon one might see that as an improvement (</sarcasm>).

Edited by dennisfisch
mispell
Link to comment
Share on other sites

Because security questions don't really add that much protection. If we're talking about social engineering, if you're naive enough to give away your password, you're probably naive enough to give away your security questions as well. If we're talking about key logging, they will eventually ( probably sooner rather than later ) have the questions as well as your password. With an e-mail in the picture, it's harder for them. They have to deal with 2 passwords, and whatever additional protection your e-mail provider might have ( like SMS protect or smth ), and even the most naive of people would probably have alarm bells going off in their head if someone asked for their swtor password AND their e-mail password.

If you're naive enough to give away your password and secret questions, most likely you're naive enough to give away your email password, which is what most email providers require. But since I take care of my one security all this is out of the picture.

Link to comment
Share on other sites

right, so now that i have waited upwards of 20 minutes for an OTP to arrive to log-in, the launcher declared it invalid. So, after 20 or so more minutes, you did manage to send me another OTP, invalid again. I'm now sitting here, wasted 40 minutes of my life when all i wanted to do is play the game that i do pay a monthly subscription for.

 

So what do i do? Wait another 20 minutes for the next password only to hope that by pure chance of luck it might by valid and then go on and do this every single time i feel like playing a game i pay for every month?!

 

Before you guys walk all over me:

  • I checked the mail headers (and am competent in doing this, i have 2 bachelors degrees in computer science) and the emails took 4 seconds to arrive at my mail provider and get pushed via IMAP to my desktop. All other services i use on a day-to-day basis reach me via this route almost in real-time, apart from swtor....
  • I copy pasted the OTP exactly without any extra white-spaces and pasted it into a textfile to validate before finally pasting it into the launcher exactly as it appeared in the email
  • I did not try to log in to the website (which would generate another OTP, leaving me to guess what email belongs to what log-in request, another technical flaw that shouldve been acocunted for!), so this is not the source of the OTPs being incorrect.

 

End of the story, i cancelled my subscription. I have 3 characters, one of which is lvl 50, and have purchased the expansion early on, which i now deeply regret. Had i known it came bundled with this madness i wouldve never considered subscribing..

 

Well, youve got yourself another leaving customer to be proud of, by managing to screw up a working system. I can only warn everyone i meet about not paying you until this situation is reverted... seriosly, how hard can it be?!

 

You can cancel your subscription all you want.. If you think you can handle all this better than them, then by all means step up to the place..

 

The thread was started by Bioware.. They are at least keeping us in the loop about this issue.. More than most companies will do...

 

I know that this situation is frustrating.. But good things come to those who wait.. Waiting is not the easiest thing, but good things will come.. 20 minutes is a long time to get an email.. OP said they are going to extend the amount of time they will last.. There isn't much they can do.. How long email gets to you really isn't in their control or yours for that matter..

 

It is your choice to leave.. But you would be doing so for really no reason.. They are human and make mistakes just like us.. They are least deserve the chance to fix problem.. 40 minutes of your life?? Did you know that the average person throughout their lifetime spends fives years waiting in lines, four years doing housework, eight months opening junk mail, six years eating, six months waiting at traffic lights, and one year looking for lost possessions. And you are worried about 40 minutes?? :)

Link to comment
Share on other sites

You can cancel your subscription all you want.. If you think you can handle all this better than them, then by all means step up to the place..

That's a logical fallacy.

 

It is your choice to leave.. But you would be doing so for really no reason.. They are human and make mistakes just like us.. They are least deserve the chance to fix problem.. 40 minutes of your life?? Did you know that the average person throughout their lifetime spends fives years waiting in lines, four years doing housework, eight months opening junk mail, six years eating, six months waiting at traffic lights, and one year looking for lost possessions. And you are worried about 40 minutes?? :)

40 minutes after which he was still unable to play, and unless I misunderstood his post, he flat out hasn't been able to play at all. I'd be pissed too if my gametime wasted away while I was unable to log. Would I permanently quit because of this, and never come back even if they fixed it ? Probably not, but that's my choice, I could totally understand why someone else might not choose to trust again.

 

If you're naive enough to give away your password and secret questions, most likely you're naive enough to give away your email password, which is what most email providers require. But since I take care of my one security all this is out of the picture.

 

What you alone do is irrelevant. If statistics show that a large enough number of people are unhappy because they lost their accounts ( or are afraid that they may lose their accounts, and see that others are providing increased security ), and Bioware/EA are losing a large enough amount of money on providing support for restoring accounts, then they will try and prevent it.

Edited by LasherC
Link to comment
Share on other sites

This is the worst idea to date.

 

And coming from this games dev team...that says alot. (i'm looking at you guy who thought Bolster was a good idea)

 

 

After a year i finally talked my long time GF into playing with me. She even went out and bought a new PC that runs better then mine!!! literally two weeks later she wants to quit because of the one time password.

 

My account has the mobile key app because i have an iPhone. She uses Blackberry Z10 and can't get the app. Security key physical device is sold out, and she doesn't wanna have to pay more just to play the game she subscribes to anyway. And it takes 10-30 minutes for her just to log into the game now while she waits for the password.

 

 

She told me if it doesn't get fixed soon, shes going back to WoW until Elder scrolls comes out. She doesn't wanna sit around for 30 minutes every time she wants to play. (longer technically...cause then she has to try again because it times out. I was playing for almost an hour the other day before she could even get on with her PC)

 

Anyway...please fix this. If she quits...i quit to. I wanna play WITH my gf. So that will be two more subs you guys lose due to bad policy and decision making...

 

 

 

-cartel market being a priority over content

-poor customer service

-Bolster ruining pvp

-PVP gear we work hard for is now less effective at pvp then regular gear.

-lack of cross server pvp qeues

-unable to log in because you wanna squeeze more money out of your subscribers with a key that SHOULD be customer choice. not required.

Link to comment
Share on other sites

well the thing is, i wouldn't dream about complaining if this was some kind of charity or open source project or whatever. But I'm paying real money for a service that doesn't work, not for technical reason, but because of design flaws. You know, I'm a software developer myself (doing it for a living as a matter of fact), and if i had to tell my boss that such a feature will inhibit our customers ability to use our service, i'd have a hard time convincing him to implement it. In the end, this cost bioware money while being of no benefit and generating bad PR at the same time (think of the recent sim city desaster, though it managed to screw players because of DRM, but lets not get too side-tracked here.!).

 

I just don't see how anyone could justify making a paying customer waste up to an hour to use a service that should (as long as it is up and running) be available instanenously.

 

The simple fact that people are complaining as much about a single topic as much as they do at the moment should point out how completely wrong this decision is. By the way, i do not have a problem subscribing again, if the system is fixed, just while it is broken. But the window is closing soon, revert it to security questions and think of something better in the meantime. Test it thouroughly (USEABILITY!) before making it available. People will come back, including me.

Link to comment
Share on other sites

Anyway...please fix this. If she quits...i quit to. I wanna play WITH my gf. So that will be two more subs you guys lose due to bad policy and decision making...

 

-cartel market being a priority over content

-poor customer service

-Bolster ruining pvp

-PVP gear we work hard for is now less effective at pvp then regular gear.

-lack of cross server pvp qeues

-unable to log in because you wanna squeeze more money out of your subscribers with a key that SHOULD be customer choice. not required.

 

1.) Trust me, no one cares if you or your girlfriend quit. Not trying to be rude -- but posts like this make no sense to me. Personal stories like this make no difference -- they only make some people view it as whining and "gimme gimme".

 

2.) Funny, when did they say CM was a priority? I'd love to know how you know this -- considering we've gotten a reasonable amount of NON-CM content.

 

3.) Bolster only ruins PvP if you have no skill and hide behind gear. Clearly there are a few issues with non-bolstered PvP, but that isn't what you're talking about.

 

4.) PvP gear is NOT less effective. Please stop posting false information.

 

5.) They admitted to the problems. They're trying to fix it. Until now, most people have had no issues -- and even now, most people aren't having issues. I fail to see how this is them "squeezing" money out of everyone. If they really wanted to get the lousy $5 for the physical key (which, by the way, isn't free to make) or the $0 for the app (oh yeah, that one is free!) they would make it a requirement.

 

Using your hatred/anger of BW to twist things doesn't make them true.

Link to comment
Share on other sites

The IP address you appear to be talking about is that allocated by your router, on your local LAN (usually something like 192.168.0.3 or whatever). The IP address that SWTOR sees (and the rest of the Internet) is that of your cable or ADSL modem on the Internet-facing side, which is allocated by your ISP. This can change when you cycle the power on your modem (or otherwise reestablish the connection). Sometimes the ISP will attempt to keep the IP address you had been allocated when you were last connected, but there's no guarantee of that.

 

So while your computer's IP address be changing locally (allocated by your router using DHCP), as far as everyone else is concerned it's usually the same.

 

FYI, the whole reason why you've got apparently private/separate IP addresses on your local network is due to the shortage of 32 bit IPv4 addresses. The technology that gives the illusion that all your devices on your LAN are the same external IP address is called IP masquerading. It'll be redundant if IPv6 ever really take over, but it seems to be taking a while. :)

 

Thanks for taking your time to answer my post but is not like you say. I have a dynamic IP, and I've had a dynamic IP for 20 years, be sure that I confirmed it before to write my post (thats why I wrote "confirmed").

There is a more possible explanation, probably the system check for ranges. Anyways, I wanted tell my experience to point that not in all cases the OTP system works as stated.

Link to comment
Share on other sites

Thanks for taking your time to answer my post but is not like you say. I have a dynamic IP, and I've had a dynamic IP for 20 years, be sure that I confirmed it before to write my post (thats why I wrote "confirmed").

There is a more possible explanation, probably the system check for ranges. Anyways, I wanted tell my experience to point that not in all cases the OTP system works as stated.

 

I'd imagine his "confusion" is over your statement -- rebooting your computer will NOT change your external IP. This only changes your internal IP, and you stated

- I have a dynamic IP (that changes everytime I reboot the computer) confirmed.

 

However -- in general, unless you are paying for a static IP, you have a dynamic IP (at least in the US).

Link to comment
Share on other sites

OTP messages sometimes expire before they can be used

There are quite a few reasons why there can be a delay in the email getting delivered in time, and not all of them on the SWTOR side of the fence. While we all expect email to instantaneously arrive, this is not always the case, and as a result we are changing how quickly the OTP code expires before it can be used successfully.

 

thanks for that, that should work and is a quick and easy solution.

 

the whole bla about what my superior told me to blame it on our customers email proviers.

etc etc.

 

its nonsense. it worked fine before the addon and since the official launch of ROTHC it does not. My theory is (and since you were posting the theory or lame excuse your superior told you to tell us I'll mine)

since the addon generated more players, your infrastructure for sending OTP's is overwhelmed and that's why they take too long.

 

IP address changes are very annoying

I have to wholeheartedly agree that having to enter a new OTP every time the IP changes is very annoying. We actually have pieces of the long-term fix already deployed, and the delay in being able implement the additional pieces to reduce the IP check's importance in our weighting of the various controls in place is two-fold.

 

Firstly we have to prioritize this work alongside other clearly important pieces of work. Delaying work needed for the release of Rise of the Hutt Cartel for example was discussed and understandably getting the expansion out on time took precedence.

Secondly, we have limited resource. As much as it would be nice if we could have lots more people on each of the teams involved in making the required changes, we are running a business...

 

I can't give an ETA on when we will have the remaining pieces of work completed. I know its not what people want to hear, but as soon as we have an ETA for this, I will post a better timeframe for the change to be deployed.

 

good to hear can't wait. the quick solution posted above will hopefully work for me until that's cleared out.

but waiting for that mail is also very annoying. I am using my provider for years now. and I don't think that the delay which started on sunday and ROTHC which also started on sunday is coincidence.

Link to comment
Share on other sites


×
×
  • Create New...