Major Security Threat - Authenticator useless

I have not seen a security question pop up since I enabled the iphone authenticator.

I can switch ISP without having to log back into the game. I am just being kicked to the server select screen and can continue from there.

EA/BW play clueless when it comes to security concerns.

OP is completely right. The only way to remove an authenticator is by using the authenticator (preferably twice), or calling customer support- basically, just copy Blizzard, who did it correctly.


As to all of you with ludicrous non-advice such as "herp derp don't browse teh pornoz" and "guard your machine and you'll be fine"...

There's PLENTY of ways to get logged. Some actually don't involve doing anything "wrong"- you could be running a fully secure computer and get logged, without one opcode of malicious code ever running locally. Secondly, some people don't have multiple computers per household, or only have one gaming box that is entertainment to others. If you have a kid sister, mother, or grandmother using your machine, you simply need a way to deal with the virii once they hit, because they will, and it is not always obvious when you need to reinstall, when you need to just run antimalwarebytes, and when you need combofix.


Browsing mainstream sites, I got a drive-by-download once in Opera of all things (normally considered a pretty secure browser). I knew it RIGHT away, and I powered off and continued playing on my laptop. But pulling it out of the machine took nearly a week (it was the "antimalwaredoctor" malware thing). Some people could be fooled by the fake scan, and others could just never notice- if anyone but me had seen it happen, nope, it would be terrible. As it was, what I did to "deserve" it was running the latest version of a browser (that I no longer really trust- I browse most sites with firefox with noscript, and known good sites I will browse in chrome at times), and it had some mouseover exploit thing going on where mousing across an advert launched the malware downloader.

Long story short: authenticator is necessary and great, but everything that the OP said needs addressing.

the general forums however are probably not the best place to tell the world that there is a major security leak that people can abuse to hack into other accounts....Id have suggested a call or an email to CS or something less public.

Soo...

The key authenticator worked and she's saying it was supposed to stop people from logging into her origin account too? Isnt it supposed to only stop them from logging into the game/swtor account?

You know, I've never had any sympathy for people who get hacked. 3 years of WoW, 1 year of LotRO, 2 years of EVE (on and off) oh and 1 year of Maplestory (my guilty little secret). For only 1 year of all that time did I actually use an AV, and a free one at that. For all of it I had my firewall off. Never been hacked.

How you can have all that security as well as an authenticator and STILL get hacked... I can only imagine what kind of websites you've been downloading things from.

Nope.. but you CAN change your SWTOR info vie an EA/Origin account WITHOUT an auth key.

Which is the point the OP is making. His EA/Origin account was compromised, and e-mails/passwords were changed for his SWTOR account, through the EA/Origin account, when the persons who hijacked his account, changed the information on EA/Origin.

I'm not understanding how you guys are unable to understand how this is a serious security issue.

It doesn't matter if you have a security fob if you can get all your account info changed for SWTOR, by someone nailing your EA/Origin account. You get locked out of the game, because this method of tying in accounts like they have done is inherently dangerous and in effect, bypasses the entire point of having an authenticator because even though they may not be able to get into the game, they can still change your account information through EA/Origin. That is a major, glaring flaw in basic security of your account on their end.

Not to mention, not everybody has an authenticator. I'd venture to suggest that at least 1/2 the players if not more don't (just a guess, no info to back this up, but knowing gamers.. it wouldn't surprise me if less than half the accounts were not tied to authenticators).

~Saitada

I pointed this problem out weeks ago to Bioware. They didn't even read my ticket and gave me some crappy auto-response about how authenticators work...

you can not be sure they didnt read your ticket even if you recieved an auto response..the auto responses are ...well...automatic and they choose keywords from your ticket...well .. automatically and send a reply automatically with said keywords it chose...

automatically


it still doesnt mean that it isnt read by someone

Virus protection is for noobs. They really dont help very much. Smart surfing is much better then any antivirus.

True... however.. it also doesn't mean someone does. I've had drone messages sent to me in response to bug reports, that literally had NOTHING AT ALL to do with the bug report.. that were then closed w/o any further clue as to whether someone actually read it or not.

Hate to say this about a company I really want to like.. but their Customer Service and in game petition responses and follow up... are horrid.

~Saitada