Please upgrade your browser for the best possible experience.

Chrome Firefox Internet Explorer
×

Major Security Threat - Authenticator useless

STAR WARS: The Old Republic > English > General Discussion
Major Security Threat - Authenticator useless
Reply

Page 9 of 14 « First < 7 8 9 10 11 > Last »

GHeissi's Avatar


GHeissi
01.29.2012 , 05:40 AM | #81
Quote: Originally Posted by MrTijger View Post
Already had one and I purposely bought my copies via Origin, I w as also aware of the linking, still doesnt make any difference to anything, the Auth key stopped them from getting into SWTOR which is its only job.
Please read some information about two factor authentication. The whole system builds around the fact that protected information can not be accessed without the two credentials. If you are certain that your security token was not compromised, then a third party could not have accessed your informations.

But this is not the case. Even if your token has not been compromised, your information could have been, thus invalidating the additional security of a two factor authentication system.

Kelvian's Avatar


Kelvian
01.29.2012 , 05:41 AM | #82
Quote: Originally Posted by marshalleck View Post
There is no choice in this. An EA account is automatically linked to SWTOR and vice versa.

Bottom line: under no circumstance should an unprotected account be allowed to make changes to a protected account without satisfying the protected account's security requirements first.
I have to disagree with you. I can not log on to EA using my SWTOR account information. I get "Your user name and/or password are invalid." My EA account is under a competely different account then my SWTOR account.

MrTijger's Avatar


MrTijger
01.29.2012 , 05:42 AM | #83
Quote: Originally Posted by GHeissi View Post
Please read some information about two factor authentication. The whole system builds around the fact that protected information can not be accessed without the two credentials. If you are certain that your security token was not compromised, then a third party could not have accessed your informations.

But this is not the case. Even if your token has not been compromised, your information could have been, thus invalidating the additional security of a two factor authentication system.
Again, that is not what the Authenticator is for, its there to protect access to the game which it did, if you get a keylogger you are already beyond compromised to begin with.

Ellif's Avatar


Ellif
01.29.2012 , 05:44 AM | #84
Quote: Originally Posted by Pastorfrog View Post
5 minutes? Source?

15-30 seconds is standard for this sort of device.
Just tried this, went to log into the launcher. Put in my authenticator code (android app) and then wandered off without pressing login. Came back just over 5 minutes later and hit login.

It accepted the code. Not sure what the actual timeout is for these but it seems set way to long.
The true quarry of any great adventurer is the undiscovered territory of their own soul

corbanite's Avatar


corbanite
01.29.2012 , 05:44 AM | #85
Quote: Originally Posted by Mikkeos View Post
Yes, it was bypassed.
On the SWTOR system itself you need it to access the 'my account' area.
You don't need it to change the protected info when you go through the origin system.
Nope you got keylogged.. Info sent and input immediately to log into your account. Code is good for a good many seconds.

GHeissi's Avatar


GHeissi
01.29.2012 , 05:45 AM | #86
Quote: Originally Posted by MrTijger View Post
Again, that is not what the Authenticator is for, its there to protect access to the game which it did, if you get a keylogger you are already beyond compromised to begin with.
Wrong. Only one factor was compromised (RSA implementation ensures that a valid token can only be entered once), this is the reason to implement multiple factors, you need a valid combination of all factors to compromise the system.

corbanite's Avatar


corbanite
01.29.2012 , 05:46 AM | #87
Quote: Originally Posted by corbanite View Post
Nope you got keylogged.. Info sent and input immediately to log into your account. Code is good for a good many seconds.


err hope they do not stop the security question security if you use an authenticator because security questions protect against change of ip

GHeissi's Avatar


GHeissi
01.29.2012 , 05:50 AM | #88
Quote: Originally Posted by corbanite View Post
Nope you got keylogged.. Info sent and input immediately to log into your account. Code is good for a good many seconds.
Nope, a valid code will be invalidated, once entered. Of course the whole system would be pointless, if you can use a keylogger to circumvent the authenticator.

Mikkeos's Avatar


Mikkeos
01.29.2012 , 06:00 AM | #89
Quote: Originally Posted by GHeissi View Post
Nope, a valid code will be invalidated, once entered. Of course the whole system would be pointless, if you can use a keylogger to circumvent the authenticator.
Negative.
The code is not invalidated by a wrong logon attempt.
EA chose not to do that.

Once I had caps lock on and tried to log on a couple of times (5 or 6) with the very same code. After clearing the password and typing it in correctly I could log on fine - still with the first code generated.
Q: So, is there anything at all in the game that mitigates falling damage?
A: elevators

GHeissi's Avatar


GHeissi
01.29.2012 , 06:03 AM | #90
Quote: Originally Posted by Mikkeos View Post
Negative.
The code is not invalidated by a wrong logon attempt.
EA chose not to do that.

Once I had caps lock on and tried to log on a couple of times (5 or 6) with the very same code. After clearing the password and typing it in correctly I could log on fine - still with the first code generated.
Wow. You enter the valid authenticator code and an invalid password and the authenticator code is still valid after that? That's a problem.
Page 9 of 14 « First < 7 8 9 10 11 > Last »

Reply
STAR WARS: The Old Republic > English > General Discussion
Terms Archive | Privacy Policy | Terms of Service | FAQ | EUALA | Rules of Conduct | Online Safety | Contact Us
LucasArts, the LucasArts logo, STAR WARS and related properties are trademarks in the United States and/or in other countries of Lucasfilm Ltd. and/or its affiliates. © 2011-2012 Lucasfilm Entertainment Company Ltd. or Lucasfilm Ltd. All rights reserved. BioWare and the BioWare logo are trademarks of EA International (Studio and Publishing) Ltd. EA and the EA logo are trademarks of Electronic Arts Inc. All other trademarks are the property of their respective owners.