This is rediculous to have to chesk E-mail every single time i either log into the site or the game!! EVERY TIME. Tell me this is going to be changed

Atleast you get your ONE-TIME! password everytime! I have not received a single password to my SWTOR Email account.

I've been looking into this, and while your game authentications (10+ times logged in) are working as expected without you getting prompted for an OTP, you are indeed getting prompted too often when logging on to the website.

 

From what we are seeing in the logs, it appears you are using 'incognito' mode, or disallowing cookies to be saved within the browser. This could be something you have done on purpose to stop being tracked by ad trackers (I do something similar using a NoScript addon in conjunction with a Ghostery addon), or something an addon in your browser is doing for you without you realizing.

 

Either way, stopping cookies from being able to be saved for the SWTOR website will mean that you get prompted every time you open the browser and go to the website.

 

You could use a different browser that hasn't been customized as a test (log in once to create cookie, close browser and go to SWTOR again to see if you get prompted again). I'd be interested in the results.

the cookies cause it to happen. It was happening to me because i dont want family members seeing what sites i go to , so i have had my browser setup to where all the history, cookies, cached data, etc was cleared everytime i closed my window.

i turned off those settings and it stopped popping up with the one-time password stuff

I need to send a thanks out to the customer service rep who finally helped me, too bad i didnt catch her name, id post it. I find ironic its the first time I did not recieve a ticket number either? anycase was on hold for 4 hours, the previous agent sent my ticket to a closed office and left me on hold..... lol not kidding if you are on hold for 2 hours hang up!

This agent helped me set up new email, sent me password, waited to see that it worked and then apologized,

There are good customer service reps at Bioware, unfortunately took me 4 attempts and 8 hours on hold to finally find one who knew how to assist with the one time password/email adress.

I've been looking into this, and while your game authentications (10+ times logged in) are working as expected without you getting prompted for an OTP, you are indeed getting prompted too often when logging on to the website.

 

From what we are seeing in the logs, it appears you are using 'incognito' mode, or disallowing cookies to be saved within the browser. This could be something you have done on purpose to stop being tracked by ad trackers (I do something similar using a NoScript addon in conjunction with a Ghostery addon), or something an addon in your browser is doing for you without you realizing.

 

Either way, stopping cookies from being able to be saved for the SWTOR website will mean that you get prompted every time you open the browser and go to the website.

 

You could use a different browser that hasn't been customized as a test (log in once to create cookie, close browser and go to SWTOR again to see if you get prompted again). I'd be interested in the results.

Can you please provide some information on why several mail are not able to recive the one time code?

There are people that are no able to log in with this thing. Thanks.

Can you please provide some information on why several mail are not able to recive the one time code?

There are people that are no able to log in with this thing. Thanks.

I could not get a definitive answer as to why certain email accounts wont work with OTP, but it was hinted that Hotmail and my internet service provider email was no good.

Under the advice of employee who shall remain nameless I went with Google mail or Gmail.com, I recieve my "OTP" now no problem.

I could not get a definitive answer as to why certain email accounts wont work with OTP, but it was hinted that Hotmail and my internet service provider email was no good.

 

Under the advice of employee who shall remain nameless I went with Google mail or Gmail.com, I recieve my "OTP" now no problem.

i know this, but i can tell you that my friend have an EXCITE mail and can't recive it.

I have done an EXCITE mail and i CAN recive it.

So there is some problems there. There are also people that can't recive from gmail or something like that. So we NEED some explanation on this.

A user find a solution, try this:

http://www.swtor.com/community/showthread.php?t=619913

None of the websites that I use on a regular basis that have legitimate "sensitive" personal data on me have a problem dealing with the fact that I always set browsers to the most draconian, anonymous, and "incognito" settings. Websites with information that I actually care about like my bank, credit card, loan servicers, and the one I do my taxes on all are able to secure my information without using OTP mechanics or relying on client side cookies to keep state with me.

 

If these companies that deal with the most sensitive personal financial information I have can manage the security of my data adequately without depending on loosened client side settings, then so can you.

It would worry me a lot if a web service started to recognise me across sessions if I had cookies disabled. That means the service is using opaque backdoor mechanisms (Flash storage, diverse HTML5 hacks, …) to perform user identification, or rely on transient and entirely unreliable session semantics like TCP connection lifetime.

If you set your browser to anonymous mode, expect things to break. It is NOT a service provider's responsibility to cater to those shenanigans! Any halfway honest service will fail to recognise you.

And for the second paragraph, banks are about the worst offenders when it comes to completely ignoring any known best practice when it comes to security, and trusting in weak, esoteric voodoo instead. If you make those providers your measure for security, you're in trouble.

It would worry me a lot if a web service started to recognise me across sessions if I had cookies disabled. That means the service is using opaque backdoor mechanisms (Flash storage, diverse HTML5 hacks, …) to perform user identification, or rely on transient and entirely unreliable session semantics like TCP connection lifetime.

OTP isn't about keeping your session alive though, it is about adding extra security layers when there may be something suspicious going on. The whole idea of implementing these sort of security measures is to allow the server side to make a decision on what to do regardless of what the client side is providing/requesting. If I could just copy a cookie that says I've already entered a OTP and have an active session, it would completely defeat the purpose of it. Even if it required me to re-enter my credentials, if it got past the OTP that would be a big enough security hole. As such, no OTP related data belongs in a cookie, and all OTP logic/data should be server side. Something that would make more sense in this case would be to only prompt OTP once a week (or so) for IP changes that are within the same ISP's address space, and prompt every time only if the IP is outside that ISP or region.

I was sent an email that it was probably my dynamic IP address assigned by my cable company.

HELLO?!!! DOES ANYBODY KNOW ANYTHING ABOUT CABLE PROVIDERS AT BIOWARE?!!!

The largest cable providers in the US use a dynamic IP address. I used to work for one. Its part of the way they keep costs down.

Hey so one of my friends cant log in to his account, he never received his one-time password, and he tried changing his password but didnt get any of their e-mails so he cant do anything. Is there anything that can be done?

http://www.swtor.com/community/showthread.php?t=619913

I cannot play SWTOR unless I use the so-called "one-time" password every single time.

Why is SWTOR more fortified than the Kremlin? Is hacking so epidemic that such ridiculous measures are required? Or is it that a few idiots who can't choose a good password are ruining it for the rest of us?

I'm not a computer security guru, but does a game password that depends on another A) password-protected B) third-party C) email message loaded in a D) browser really offer better security than personalized questions?

No one would tolerate this level of annoyance from any online store, and gaming is far less important than financial transactions. For me at least, SWTOR is green obtuse tending to blue nonagon!

Here is the (disclaimer) HYPOTHETICAL!! situation. PH wanted a job with Interpol or the CIA as an elite and ultra secret international code breaker but Frank W. Abagnale would not hire him due to his lack of humor and interpersonal skills, so he submitted his very impressive resume to Bioware which had numerous jobs available at a reduced salary after firing all its 6 figure employees. Now PH is proving to the big shot encryption experts that he has the brilliance and intellect to create a system that is so ultra protected that even the intended account holders cant access it. Mohahaha meh, ha, ha, hmm, umm. hm.

What do you want to do tonight? The same thing we do every night, Try to take over the World!!!!!

Can't log into the game, either since the last patch. None of the fixes work for me.

But I can sleep well at night knowing my game is secure.

Yeah, i often use applications that cleans out my cookies etc, as safety measure since im not the only one with access to this computer. I did realise that was the reason for what's happening.

 

So what this means is, either i get prompted every time - or i lower my personal safety measures on my computer? Which is kinda counterproductive since one of the reasons i do this is to prevent others from access to my email...

And this is why the chages were not thought out. it opens all of us to more risk not less.

I've been having same problem can't log in it loads then crashes right before the character screen:(

have they fixed this yet

For Germany the solution with the IP is not the right one. 90% of all ISP's has a 24h disconnect per default ans every 24h we got a new IP. Bind it to IP range. Test the IP to the IP Range of the ISP from the last Login, thats ok. But the whole IP is Stupid.

Using Mobile token app is no solution. Mobile device can break. I had that in my time on playing Diablo 3. Mobile Device broken on firmware update. It takes 3 days to remove my token from account so that I can play again.

Buy hardware token is also no solution. I must have it to play. I wanna sit down to my laptop and play. my Phone is in the car. my security token also, but I can't play without? No way.

So remove this stupid OTP or change it to check ISP IP range.