Enddersshadow Posted April 4, 2013 Share Posted April 4, 2013 This is rediculous to have to chesk E-mail every single time i either log into the site or the game!! EVERY TIME. Tell me this is going to be changed Link to comment Share on other sites More sharing options...
XendorRyuthokar Posted April 4, 2013 Share Posted April 4, 2013 This is rediculous to have to chesk E-mail every single time i either log into the site or the game!! EVERY TIME. Tell me this is going to be changed Atleast you get your ONE-TIME! password everytime! I have not received a single password to my SWTOR Email account. Link to comment Share on other sites More sharing options...
Skodan Posted April 4, 2013 Share Posted April 4, 2013 I've been looking into this, and while your game authentications (10+ times logged in) are working as expected without you getting prompted for an OTP, you are indeed getting prompted too often when logging on to the website. From what we are seeing in the logs, it appears you are using 'incognito' mode, or disallowing cookies to be saved within the browser. This could be something you have done on purpose to stop being tracked by ad trackers (I do something similar using a NoScript addon in conjunction with a Ghostery addon), or something an addon in your browser is doing for you without you realizing. Either way, stopping cookies from being able to be saved for the SWTOR website will mean that you get prompted every time you open the browser and go to the website. You could use a different browser that hasn't been customized as a test (log in once to create cookie, close browser and go to SWTOR again to see if you get prompted again). I'd be interested in the results. the cookies cause it to happen. It was happening to me because i dont want family members seeing what sites i go to , so i have had my browser setup to where all the history, cookies, cached data, etc was cleared everytime i closed my window. i turned off those settings and it stopped popping up with the one-time password stuff Link to comment Share on other sites More sharing options...
XendorRyuthokar Posted April 4, 2013 Share Posted April 4, 2013 I need to send a thanks out to the customer service rep who finally helped me, too bad i didnt catch her name, id post it. I find ironic its the first time I did not recieve a ticket number either? anycase was on hold for 4 hours, the previous agent sent my ticket to a closed office and left me on hold..... lol not kidding if you are on hold for 2 hours hang up! This agent helped me set up new email, sent me password, waited to see that it worked and then apologized, There are good customer service reps at Bioware, unfortunately took me 4 attempts and 8 hours on hold to finally find one who knew how to assist with the one time password/email adress. Link to comment Share on other sites More sharing options...
Elminster_cs Posted April 4, 2013 Share Posted April 4, 2013 I've been looking into this, and while your game authentications (10+ times logged in) are working as expected without you getting prompted for an OTP, you are indeed getting prompted too often when logging on to the website. From what we are seeing in the logs, it appears you are using 'incognito' mode, or disallowing cookies to be saved within the browser. This could be something you have done on purpose to stop being tracked by ad trackers (I do something similar using a NoScript addon in conjunction with a Ghostery addon), or something an addon in your browser is doing for you without you realizing. Either way, stopping cookies from being able to be saved for the SWTOR website will mean that you get prompted every time you open the browser and go to the website. You could use a different browser that hasn't been customized as a test (log in once to create cookie, close browser and go to SWTOR again to see if you get prompted again). I'd be interested in the results. Can you please provide some information on why several mail are not able to recive the one time code? There are people that are no able to log in with this thing. Thanks. Link to comment Share on other sites More sharing options...
wateer Posted April 4, 2013 Share Posted April 4, 2013 I still can't play yet come on here Link to comment Share on other sites More sharing options...
XendorRyuthokar Posted April 5, 2013 Share Posted April 5, 2013 (edited) Can you please provide some information on why several mail are not able to recive the one time code? There are people that are no able to log in with this thing. Thanks. I could not get a definitive answer as to why certain email accounts wont work with OTP, but it was hinted that Hotmail and my internet service provider email was no good. Under the advice of employee who shall remain nameless I went with Google mail or Gmail.com, I recieve my "OTP" now no problem. Edited April 5, 2013 by XendorRyuthokar Link to comment Share on other sites More sharing options...
Elminster_cs Posted April 5, 2013 Share Posted April 5, 2013 I could not get a definitive answer as to why certain email accounts wont work with OTP, but it was hinted that Hotmail and my internet service provider email was no good. Under the advice of employee who shall remain nameless I went with Google mail or Gmail.com, I recieve my "OTP" now no problem. i know this, but i can tell you that my friend have an EXCITE mail and can't recive it. I have done an EXCITE mail and i CAN recive it. So there is some problems there. There are also people that can't recive from gmail or something like that. So we NEED some explanation on this. Link to comment Share on other sites More sharing options...
AeroAstroRick Posted April 5, 2013 Share Posted April 5, 2013 ONE-time passwords required EVERYTIME you login...that sure makes sense...and it's not like it's a pain in the butt or anything... Link to comment Share on other sites More sharing options...
kgville Posted April 5, 2013 Share Posted April 5, 2013 This new log in system is a pain in the BUTT!!! yes it may be more secure but really this ONE TIME LOG IN thing that we have to do EVERY TIME is annoying please go back to security questions or something because it takes like 3 times as long to get in game!!! Link to comment Share on other sites More sharing options...
wateer Posted April 5, 2013 Share Posted April 5, 2013 So any one wana tell me how I can play again? Link to comment Share on other sites More sharing options...
Elminster_cs Posted April 5, 2013 Share Posted April 5, 2013 A user find a solution, try this: http://www.swtor.com/community/showthread.php?t=619913 Link to comment Share on other sites More sharing options...
Laurreth Posted April 5, 2013 Share Posted April 5, 2013 None of the websites that I use on a regular basis that have legitimate "sensitive" personal data on me have a problem dealing with the fact that I always set browsers to the most draconian, anonymous, and "incognito" settings. Websites with information that I actually care about like my bank, credit card, loan servicers, and the one I do my taxes on all are able to secure my information without using OTP mechanics or relying on client side cookies to keep state with me. If these companies that deal with the most sensitive personal financial information I have can manage the security of my data adequately without depending on loosened client side settings, then so can you. It would worry me a lot if a web service started to recognise me across sessions if I had cookies disabled. That means the service is using opaque backdoor mechanisms (Flash storage, diverse HTML5 hacks, …) to perform user identification, or rely on transient and entirely unreliable session semantics like TCP connection lifetime. If you set your browser to anonymous mode, expect things to break. It is NOT a service provider's responsibility to cater to those shenanigans! Any halfway honest service will fail to recognise you. And for the second paragraph, banks are about the worst offenders when it comes to completely ignoring any known best practice when it comes to security, and trusting in weak, esoteric voodoo instead. If you make those providers your measure for security, you're in trouble. Link to comment Share on other sites More sharing options...
potatman Posted April 5, 2013 Share Posted April 5, 2013 It would worry me a lot if a web service started to recognise me across sessions if I had cookies disabled. That means the service is using opaque backdoor mechanisms (Flash storage, diverse HTML5 hacks, …) to perform user identification, or rely on transient and entirely unreliable session semantics like TCP connection lifetime. OTP isn't about keeping your session alive though, it is about adding extra security layers when there may be something suspicious going on. The whole idea of implementing these sort of security measures is to allow the server side to make a decision on what to do regardless of what the client side is providing/requesting. If I could just copy a cookie that says I've already entered a OTP and have an active session, it would completely defeat the purpose of it. Even if it required me to re-enter my credentials, if it got past the OTP that would be a big enough security hole. As such, no OTP related data belongs in a cookie, and all OTP logic/data should be server side. Something that would make more sense in this case would be to only prompt OTP once a week (or so) for IP changes that are within the same ISP's address space, and prompt every time only if the IP is outside that ISP or region. Link to comment Share on other sites More sharing options...
attackgypsy Posted April 5, 2013 Share Posted April 5, 2013 I was sent an email that it was probably my dynamic IP address assigned by my cable company. HELLO?!!! DOES ANYBODY KNOW ANYTHING ABOUT CABLE PROVIDERS AT BIOWARE?!!! The largest cable providers in the US use a dynamic IP address. I used to work for one. Its part of the way they keep costs down. Link to comment Share on other sites More sharing options...
Freedreamer Posted April 6, 2013 Share Posted April 6, 2013 Hey so one of my friends cant log in to his account, he never received his one-time password, and he tried changing his password but didnt get any of their e-mails so he cant do anything. Is there anything that can be done? Link to comment Share on other sites More sharing options...
Elminster_cs Posted April 6, 2013 Share Posted April 6, 2013 Hey so one of my friends cant log in to his account, he never received his one-time password, and he tried changing his password but didnt get any of their e-mails so he cant do anything. Is there anything that can be done? http://www.swtor.com/community/showthread.php?t=619913 Link to comment Share on other sites More sharing options...
Elrond_Hubbard Posted April 6, 2013 Share Posted April 6, 2013 I cannot play SWTOR unless I use the so-called "one-time" password every single time. Why is SWTOR more fortified than the Kremlin? Is hacking so epidemic that such ridiculous measures are required? Or is it that a few idiots who can't choose a good password are ruining it for the rest of us? I'm not a computer security guru, but does a game password that depends on another A) password-protected B) third-party C) email message loaded in a D) browser really offer better security than personalized questions? No one would tolerate this level of annoyance from any online store, and gaming is far less important than financial transactions. For me at least, SWTOR is green obtuse tending to blue nonagon! Link to comment Share on other sites More sharing options...
XendorRyuthokar Posted April 6, 2013 Share Posted April 6, 2013 (edited) Here is the (disclaimer) HYPOTHETICAL!! situation. PH wanted a job with Interpol or the CIA as an elite and ultra secret international code breaker but Frank W. Abagnale would not hire him due to his lack of humor and interpersonal skills, so he submitted his very impressive resume to Bioware which had numerous jobs available at a reduced salary after firing all its 6 figure employees. Now PH is proving to the big shot encryption experts that he has the brilliance and intellect to create a system that is so ultra protected that even the intended account holders cant access it. Mohahaha meh, ha, ha, hmm, umm. hm. PH Shall have his REVENGE!!!, What do you want to do tonight? The same thing we do every night, Try to take over the World!!!!! Edited April 6, 2013 by XendorRyuthokar Link to comment Share on other sites More sharing options...
KennethHoover Posted April 6, 2013 Share Posted April 6, 2013 Can't log into the game, either since the last patch. None of the fixes work for me. But I can sleep well at night knowing my game is secure. Link to comment Share on other sites More sharing options...
Elrond_Hubbard Posted April 6, 2013 Share Posted April 6, 2013 Is it worth pointing out the sad irony of another Star Wars franchise being driven into the ground by lame ideas? We have been Jar Jarred. Link to comment Share on other sites More sharing options...
wateer Posted April 7, 2013 Share Posted April 7, 2013 (edited) I tried repatching it works ok to far just a couple crashes here and their. Hopefully the hutt cartel patch will take care of the crash problems. Edited April 7, 2013 by wateer Misspelling Link to comment Share on other sites More sharing options...
Rincewend Posted April 8, 2013 Share Posted April 8, 2013 Yeah, i often use applications that cleans out my cookies etc, as safety measure since im not the only one with access to this computer. I did realise that was the reason for what's happening. So what this means is, either i get prompted every time - or i lower my personal safety measures on my computer? Which is kinda counterproductive since one of the reasons i do this is to prevent others from access to my email... And this is why the chages were not thought out. it opens all of us to more risk not less. Link to comment Share on other sites More sharing options...
DarhtHop Posted April 8, 2013 Share Posted April 8, 2013 I've been having same problem can't log in it loads then crashes right before the character screen:( have they fixed this yet Link to comment Share on other sites More sharing options...
Achimobil Posted April 10, 2013 Share Posted April 10, 2013 For Germany the solution with the IP is not the right one. 90% of all ISP's has a 24h disconnect per default ans every 24h we got a new IP. Bind it to IP range. Test the IP to the IP Range of the ISP from the last Login, thats ok. But the whole IP is Stupid. Using Mobile token app is no solution. Mobile device can break. I had that in my time on playing Diablo 3. Mobile Device broken on firmware update. It takes 3 days to remove my token from account so that I can play again. Buy hardware token is also no solution. I must have it to play. I wanna sit down to my laptop and play. my Phone is in the car. my security token also, but I can't play without? No way. So remove this stupid OTP or change it to check ISP IP range. Link to comment Share on other sites More sharing options...
Recommended Posts