Please upgrade your browser for the best possible experience.

Chrome Firefox Internet Explorer
×

Major Security Threat - Authenticator useless

STAR WARS: The Old Republic > English > General Discussion
Major Security Threat - Authenticator useless
Reply

Page 5 of 14 « First < 3 4 5 6 7 > Last »

Kharzon's Avatar


Kharzon
01.29.2012 , 04:58 AM | #41
Ironically enough, a key logger would actually log the authenticators digits you input. You can use those to get into that same someone's account. There isn't a time limit or expiration for any of those codes on the authenticator.

FYI. Not everyone is internet or computer savvy. How do you think these things actually get onto computers in the first place? It's not just ****, it can come from any number of items. Congratulations, You've just been selected as our 1,000,000 visitor....

AV's do not get every single virus, worm, trojan, etc that are out, HOWEVER, they do have built in heuristic's. If you don't know what that is, can google is.

It'll also look for patterns, etc. Trainers for games are a prime example. A lot of them are made with Autoit which AV's flag automatically for various reasons. Doesn't mean it actually is harmful, it's just the program signature on the file.

In the end, it IS Biowares fault that I can write down my digits from the Auth and use them again. That's a major security issue.

Runtinator's Avatar


Runtinator
01.29.2012 , 04:59 AM | #42
Quote: Originally Posted by Kharzon View Post
Ironically enough, a key logger would actually log the authenticators digits you input. You can use those to get into that same someone's account. There isn't a time limit or expiration for any of those codes on the authenticator.

FYI. Not everyone is internet or computer savvy. How do you think these things actually get onto computers in the first place? It's not just ****, it can come from any number of items. Congratulations, You've just been selected as our 1,000,000 visitor....

AV's do not get every single virus, worm, trojan, etc that are out, HOWEVER, they do have built in heuristic's. If you don't know what that is, can google is.

It'll also look for patterns, etc. Trainers for games are a prime example. A lot of them are made with Autoit which AV's flag automatically for various reasons. Doesn't mean it actually is harmful, it's just the program signature on the file.

In the end, it IS Biowares fault that I can write down my digits from the Auth and use them again. That's a major security issue.
You realize the auth keys changes every 15s or so?

So EVEN if they got key logged an auth key, It would only be active for a very short period of time.
(had pretend CE key thing here)

Macheath's Avatar


Macheath
01.29.2012 , 04:59 AM | #43
Quote: Originally Posted by duelpad View Post
@OP

That's a little worrying. Did they actually get to your SWTOR characters?

I understand they gained access to your EA account because SWTOR and EA accounts are linked, but did they get to your characters in game, strip them of cash gear etc? Or did they authenticator keep the 'SWTOR' side of things protected?
The hacker could probably gain enough information, between your Origin and TOR accounts, to steal your identity in real life. I think what happens within the TOR game is the least of your worries.

-Macheath.
Remember, if the world didn't suck, we'd all fall off.

duelpad's Avatar


duelpad
01.29.2012 , 05:00 AM | #44
Quote: Originally Posted by Kharzon View Post
Ironically enough, a key logger would actually log the authenticators digits you input. You can use those to get into that same someone's account. There isn't a time limit or expiration for any of those codes on the authenticator.
That's weird. That's not my experience of how this type of technology works. Defeats the point of the device if this is true for the SWTOR authenticators.

GHeissi's Avatar


GHeissi
01.29.2012 , 05:00 AM | #45
Quote: Originally Posted by duelpad View Post
Are you sure? I changed my SWTOR password recently and that changed my Origin account password as well.
he is wrong.

http://www.swtor.com/info/faq/game#308837

Is an EA/Origin account required to play Star Wars: The Old Republic?

Yes, an EA/Origin account is required to play The Old Republic. If you created your account on swtor.com after July 21st, 2011, then swtor.com automatically creates a matching EA/Origin account and links the two. If you created your account on swtor.com before July 21st, then swtor.com will link your account with your Origin account (if there is an existing matching account) when you redeem a Pre-Order Code or Product Registration Code.

Mikkeos's Avatar


Mikkeos
01.29.2012 , 05:01 AM | #46
When the authenticator is active, you need it to go into the 'my account' area for accessing and changing your account info for SWTOR.

A hacked access to the Origin system avoids the need for the authenticator for changing your data on the SWTOR system.

At least that is what I understand is happening.


Now the next step.
Attack on the SWTOR account - fails. The Authenticator works. The account is locked.
You call the CSR. They ask you for your information. You're out of business since the account info has been changed through the Origin websystem.
Q: So, is there anything at all in the game that mitigates falling damage?
A: elevators

Icid's Avatar


Icid
01.29.2012 , 05:01 AM | #47
Quote: Originally Posted by Runtinator View Post
They arent linked.

If you bought the game with origin. All you had to do was get the cdkey that was emailed to you from origin. Then come to the swtor website, Make an account (with a different email then origin if you want).

Then you can download the game threw the swtor.com website, and basically uninstall origin afterwards.


Origin is not needed to play swtor.
They are indeed linked. Just as a test, try logging into EA/Origin with your SWTOR account info. I can almost guarente you will be able to log in. It will be a different account then the one you purchased the game with if you used a different email, but you will still be able to log in. If you create a SWTOR account, EA automatically creates an EA/Origin account using the same info and changing any information through EA/Origin will change your info for that same SWTOR account, and vise versa.

Those who are saying this is the OPs fault are missing the whole point here. The OP didn't claim BioWare was at fault for his account getting hacked, they were just pointing out a giant backdoor into your account. Your SWTOR account and chars may be safe, but the hackers can still rendor your account unusable to you, at least untill you call BioWare to get it straightened out. The whole point of the authenticator is to secure your entire account, not just your characters, or one part of the whole account.

Heliotic's Avatar


Heliotic
01.29.2012 , 05:01 AM | #48
Quote: Originally Posted by Runtinator View Post
They arent linked.

If you bought the game with origin. All you had to do was get the cdkey that was emailed to you from origin. Then come to the swtor website, Make an account (with a different email then origin if you want).

Then you can download the game threw the swtor.com website, and basically uninstall origin afterwards.


Origin is not needed to play swtor.
But if you bought and registered swtor with one email address and then go on to buy a game on origin with that same email address they will be linked from then on.

There's no reason to defend this decision, it is completely stupid on every level.

Heliotic's Avatar


Heliotic
01.29.2012 , 05:02 AM | #49
Quote: Originally Posted by Kharzon View Post
In the end, it IS Biowares fault that I can write down my digits from the Auth and use them again. That's a major security issue.
You can't actually do this. That's flat out FUD.

Pastorfrog's Avatar


Pastorfrog
01.29.2012 , 05:02 AM | #50
Quote: Originally Posted by thefinalsolution View Post
im not defending bioware at all, i actually agree that there should not be a way to bypass an authenticator, however, i am pointing out that the initial fault of this whole debacle is, in fact, the OP....just sayin'


its not hard to keep your pc virus/logger free
That point is irrelevant to the subject at hand, however. Whether or not someone has a virus, the authenticator should protect the account (which, in this case, it appears it did, though the account was locked for multiple failed entry attempts).
Page 5 of 14 « First < 3 4 5 6 7 > Last »

Reply
STAR WARS: The Old Republic > English > General Discussion
Terms Archive | Privacy Policy | Terms of Service | FAQ | EUALA | Rules of Conduct | Online Safety | Contact Us
LucasArts, the LucasArts logo, STAR WARS and related properties are trademarks in the United States and/or in other countries of Lucasfilm Ltd. and/or its affiliates. © 2011-2012 Lucasfilm Entertainment Company Ltd. or Lucasfilm Ltd. All rights reserved. BioWare and the BioWare logo are trademarks of EA International (Studio and Publishing) Ltd. EA and the EA logo are trademarks of Electronic Arts Inc. All other trademarks are the property of their respective owners.