Major Security Threat - Authenticator useless

The problem is that your SWTOR account is automatically linked to your Origin account (or if you didn't have an Origin account yet it creates one for you). There is no way to unlink these accounts, disable the Origin side or even make them use different login details.

That means that if your SWTOR login details are compromised, they instantly have your Origin login as well. Except you can use an authenticator on the SWTOR side as a last line of defence, but for some daft reason Origin doesn't require the same security check, which is ridiculous since it is 100% linked and there's nothing you can do about it!

What will have happened here is that the wannabe account thief tried logging into the game, hoping to steal a nice amount of credits, but then got thwarted by the authenticator - being aware of the backdoor in the security he went to Origin and changed the OP's details willy-nilly just to piss him off (and lock him out of his own account).

If Bioware/EA had properly thought out their security, this wouldn't be able to happen. There should either be a way to unlink the Origin account OR the authenticator should protect both accounts at the same time.

All they're doing by keeping it this way is creating more work for the customer service department, which arguably is already in over its head at the moment.

False.

If you create a SW:TOR account, it is an Origin account. They are the same thing. You can not make a SW:TOR-only account; they are all Origin accounts.

Don't believe me?

Create a dummy SW:TOR account with a throwaway email address. (I'm assuming its' still possible to make an account without having to add a product key to it immediately.) Then go to the Origin website and log in using your brand new SW:TOR account's information.

I know this how?

Because that is how I purchased the game. I made a SW:TOR account via this website. I loaded the Origin website, logged in using my SW:TOR information and purchased a digital deluxe edition product key via the Origin website.

The SW:TOR account creation process tells you that it is making an Origin account. It's not the Bioware division of EA's fault if people don't read that bit.

I would be more than happy if BW/EA also linked Authenticators used in SWTOR to your EA/Origin accounts that they automatically created for you if you have or use an authenticator. THAT is a reasonable expectation actually.

Why they didn't bother to think of that is beyond me.. but i'm finding that BW/EA do a lot of things that simply beggar the imagination as to what the heck they were thinking (or more likely.. not thinking) when they came up with whatever idiotic idea they decided to go with.

~Saitada

Agreed

What I don't get is why they half-*** everything. Obviously this authenticator system was copied from Blizzard/WoW just like everything else in this game. But also just like everything else in the game it is not as good as the original system (Blizzard's system) they copied. I don't know whether to laugh or cry.

Amen, brother.

That's not a good exploit. They should shut that loophole immediately. What is the point of having an authenticator if they can by-pass it all by hacking origin instead -.-.

I've never had a keylogger on my pc but that's besides the point. The exploit needs to dealt with.

Ok, so they use a man in the middle attack and they have login information which is usable for about 20 seconds.

What then?

I think this is more of a problem to take to EA since it is their end which is allowing your account to be hacked, and getting EA to change their policy will probaly take a while so try to avoid websites which download keyloggers.

Eset has an Artificial Intelliegence that quarantines files that look like they are virus but are not on it's list and it's list is updated daily.