Major Security Threat - Authenticator useless

So short version:

OP's computer gets compromised a bunch of times.
Authenticator protects his SWTOR account from being logged into to.
Bioware haters scream a lot.

Is that it, in a nutshell?

origin can be uninstalled and amazingly swtor will still work. no origin is needed after installation. your origin account password WILL be changed to your swtor password IF you used the ea/origin account to download.

as for info changes in the systems of origin and bioware...YES its all messed up. i have a good friend who lives a long way saway, we have a winteerenn new years day, kind of tradition where we buy each other a game. silly but its fun..... plus we usually purchase the same game or one that the other really wanted for xmas but didnt get....well thru steam theres no issues....i buy i gift he profits.....same for me from him....

BUT when it came down to he had SWTOR and i had not he wanted me to join his guild and pvp and raid together, sooo, in the even the game we are buying ISNT on steam, well its on Origin lol, so we have each others origin info, i log onto his account and purchase a game. he did the same for me for this game.

now i got the game a 3 month sub+ the free month, AND a security key fob device.
he bought the game in my account, with his CC, well i havent had the honor of RECEIVING my security key we purchased on jan 1 yet, so i contacted ea/origin to find out why.

well my origin AND bio ware accounts are fubar. my ea account has his address as ship to . my address has been replaced with his. the origin system noticed that the cc billing address is not the same as the shipping address and with out asking either one of us the system decided to change it all by itself, so the security key would have shipped to him instead. BUT THEY DANT HAVE ANY MORE SECURITY KEYS TO SHIP OUT! thats right purchased pretty much a month ago and they have no items but they are selling items to do not have ..lpisses me off really.

but thats not the issue thats a chump change extra layer of security my beef is NOW MY SWTOR ACCOUNT IS UNDER HIS NAME AS WELL. thats right because he purchased the game with my account bioware decided to change my account info to his name, and now they want me to take a picture of my govt issued id and then send them it and a screen cap of the verification email with the code for the game.

this alone is enough to drive some people mad, but im cool about it as theres obviously SERIOUS issues with bioware and origin accounts being linked. im sorry bioware but you got SERIOUS issues here.

so to sum up: origin does not allow gifting to your social circles.
origin and bio ware accounts do indeed get linked, and a intrusion into the origin portion WILL indeed nuke your bioware account.

the security key should prevent a log in but if the intuder changes your origin info your screwed as it WILL nuke your swtor account.

solution: REMOVE ALL CONNECTING LINKS BETWEEN ORIGIN AND SWTOR ACCOUNTS ASAP UNTIL THEY CORRECT THE ISSUES.

also dont let your friend buy you a game on origin so the game is linked to your account just use steam, if you cant buy the game on steam, then have your friend or family member send you a gift card, seriously no gifting on origin? how kindergarden, steam for me from now on please.



so the key logger the OP spoke of isnt biowares deal, but the fact your account with SWTOR WILL get comprimised with origin account intrusion. and you dont even have to have a malicious intruder, all it takes it someone elses name on a cc and a different billing address from your shipping address and your account BELONGS TO THE PERSON ON THE CC.

as i now have to prove my self by answering a security question every time i log onto the launcher since this issue arose.....my account must be tagged now.

so i now have to jump through hoops to prove the account i created is mine and the the pc i log in from is mine(same pc i dont play pc games or log on via some strange machine thats stupid and asking for hacks) and yet I DONT HAVE MY SECURITY KEY and even if it had shipped it would heave been shipped elsewhere.

bad bad bad form bioware, and horrible implementation of the account mash up.

needs to be removed and re done imho.

Not quite.

OP's computer gets compromised.
Authenticator protects his TOR account from being logged into.
Authenticator does not, however, protect his EA account from being logged into.
Keylogger signs into OP's EA account and uses it to change OP's TOR account info.
Bioware supporters say, "Working as intended."

Well, the authenticator did work as intended. So claiming it didn't is disingenuous.

The -problem- is that the Origin/TOR link ALSO worked as intended when it shouldn't exist at all.

Seriously, Origin is the worst thing ever created by anyone ever. (Ever. I mean it. EVER.) I absolutely hate the program/website/support with a passion and hope nothing but bad things on it, eventually having it crumble away into nothingness.

But man I love SWTOR.

This ^

Stay off of **** sites, kiddies.

This isn't related to SW:TOR except in the "Can't help phishing scams" aspect.

So I was a WoW raider right, and liked seeing how good my gear was compared to the other raiders on my server. One day I'm on wowhead and there's a link to wowarmory so I click it. Except it was an ad. And it turns out it probably wasn't wowarmory. I got to the part where you type your character name and it came up with

"Sorry, this is the first time your character has been loaded on this server, please enter account credentials for us to bring all your characters over at once."

Well I knew wowarmory was a Blizzard website so I did.

BAM! NAKED CHARACTERS!

Also, 5K gold. Just sayin'.

It's not always people doing the wrong thing - unless you count comparing epeens as the wrong thing. Come to think of it, you guys have a point...

So funny reading the replies by all the "PC techs" and tier 1 support people badmouthing the hardware key. Sorry, I don't care if you slept at a holiday inn express last night, that doesn't make you a security expert. If you think you're not vulnerable right now and there's no value in a hardware key then you're just a fool. Don't quit your dayjob...

You're an idiot.

Allowing an unprotected user account to overwrite login/passwords of a protected account violates the most rudimentary principles of network security best practices. It's absolutely absurd and completely amateur in every imaginable way. Disgraceful.

Of course, that doesn't stop Bioware Defense Force from blaming the affected users. It's the same rationale that leads to people telling victims of sexual harassment to "stop dressing provocatively" etc.

It isn't always a keylogger. In RIFT, there was a security loophole that let them log in without the username OR the password, just random numbers until they hit an account number.

In WoW, three years after I quit, my account was hacked. It had a unique password, so there's no chance a keylogger nabbed it. I'd never hired a leveling service. The only remaining possibilities are a security loophole on their part or a brute force hack.