Please upgrade your browser for the best possible experience.

Chrome Firefox Internet Explorer
×

One-time Password

First BioWare Post First BioWare Post

ATAMIANM's Avatar


ATAMIANM
04.09.2013 , 09:32 PM | #1
Not sure where to post this so starting here....

I am really frustrated it seems no matter what I try to do, SWTOR keeps asking me to enter a one time password. Patch the game: enter your one time password. Log out and back in: enter your onetime password. Go to SWTOR website and log in? Enter your one time password. It never even defaults to my questions like it used to for security.

Just tonight I think I have gotten 7-8 one-time passwords, all for unbelievably silly things (like entering my username and correct password at login to SWTOR, or logging in to the game). Is there some way to turn this nightmare off?
_________________________________
Axillia- Sith Assassin LVL 55 Asajjia- Sith Marauder LVL 55 Sikhret- Imperial Agent LVL 55Akhenatan Jedi Guardian Lvl 53 --THE HARBINGER--

AndasKastor's Avatar


AndasKastor
04.09.2013 , 09:35 PM | #2
Set up your PC to accept cookies from SWTOR? From what I understand if they can't put a cookie on your PC it will send the 1 time password all the time.

Otherwise getting the security key will also work.

Trushott's Avatar


Trushott
04.09.2013 , 10:03 PM | #3
it sucks it really does

i even had 5 physical security keys in house not used from the 5 CE editions my houshold bought for game

so after getting tired of the one time password word thing i caved in and added one of them to all the accounts we used ... its an extra step now to log in and i hate it but seems it was a business decision imho more than security to entice people to get security keys by making the one time password as horrid and unfriendly to use as possible

i wish i didnt have to use the security keys but alas i think its the best forced option now as far as ease of use for website and game particulaly those with road warrior gaming laptops and dynamic IPS

if you need a securit key i think the iphone one is free ( not sure ) ? but with the iphone one you can not attach it to multiple accounts so if you have mutliple accounts in houshold youll need to get a physical key to attach up to 4 accounts to it
Lan'obi Loomis - sage <> Doc Loomis - Scoundrel
Cody Loomis - Gunslinger
How the heck does one fold fitted sheets?

ATAMIANM's Avatar


ATAMIANM
04.10.2013 , 05:24 PM | #4
Oh I forgot the most unbelievably annoying case:

wait 20-45 minutes for a FP/ops, halfway through get disconnected log in...ONE TIME PASSWORD! Cripes, I am tied to my email just to play a game?
_________________________________
Axillia- Sith Assassin LVL 55 Asajjia- Sith Marauder LVL 55 Sikhret- Imperial Agent LVL 55Akhenatan Jedi Guardian Lvl 53 --THE HARBINGER--

DreadzKaiser's Avatar


DreadzKaiser
04.11.2013 , 12:37 AM | #5
worse for me
half the time IT DOESNT EVEN SHOW UP
I SHOULDNT HAVE TO GO THROUGH MY EMAIL JUST TO LOGIN TO THE FORUMS TO COMPLAIN ABOUT THIS

EA IS TYPICALLY GOOD WITH SECURITY....as much as we all hate to admit it, they do that right if nothing else
i have yet to figure out a practial reason for all of this ********
A human being should be able to plan an invasion, butcher a hog, conn a ship, design a building, write a sonnet, balance accounts, build a wall, set a bone, comfort the dying, take orders, give orders, cooperate, act alone, solve equations, program a computer, cook a tasty meal, fight efficiently, and die gallantly. Specialization is for insects

CaptRavenous's Avatar


CaptRavenous
04.11.2013 , 12:42 AM | #6
This has become a major issue for people with more secure PCs than the average user.

Philip_BW, head of security here, has even admitted that the problem lies with people not having cookies enabled in their browsers, and admitted he himself does the same thing through third party programs! See it at the top of the page here.

Their security is cookie-dependent.

This gives you an idea of how good their security is.
THE GREYWALKER CONCLAVE- Master Zarchon Greywalker
HOUSE OF XARDOX - Darth Xardox

BEGEREN COLONY ROLE PLAY SERVER - west coast

PhaseSpace's Avatar


PhaseSpace
04.11.2013 , 04:12 AM | #7
Quote: Originally Posted by CaptRavenous View Post
Their security is cookie-dependent.
Wow. I thought they were tracking IP addresses. I don't know what to say now.
Weapons Grade Humanity

Phillip_BW's Avatar


Phillip_BW
04.11.2013 , 09:08 AM | #8 Click here to go to the next staff post in this thread. Next  
Quote: Originally Posted by PhaseSpace View Post
Wow. I thought they were tracking IP addresses. I don't know what to say now.
We are tracking IP addresses. We are also checking (for the browser) a SWTOR site specific cookie. We are checking many things.

People who deliberately delete cookies from their computers will have to be sent an OTP as part of log in. That is a self-inflicted situation and knowledge of just the cookie (the fear at least one prevalent poster appears to have) is not enough to 'hack' into an account on our site at least, so it is an unfounded fear to start with.

We are working on seeing what we can do for the players affected by ISP's that force a new IP address on a frequent basis. I don't have a definite date on when that will be, as we don't have a definite answer to give as yet. We are looking at various options and weighing them against other priorities the teams that do the actual 'work' also have.

Phillip Holmes
SWTOR Head of Security

ZeroPlus's Avatar


ZeroPlus
04.11.2013 , 09:28 AM | #9
Quote: Originally Posted by Phillip_BW View Post
...
We are working on seeing what we can do for the players affected by ISP's that force a new IP address on a frequent basis. I don't have a definite date on when that will be, as we don't have a definite answer to give as yet. We are looking at various options and weighing them against other priorities the teams that do the actual 'work' also have.
This would be great!

I'm one of those whose ISP forces a new IP address on a frequent basis. I was used to having to provide an answer to one of my secret questions on a daily basis. Having to check my e-mail everyday to login, (while being something I don't really mind doing to guarantee my account security), takes a lot longer than typing in the answer (especially because I often have to wait over a minute for the e-mail to arrive).
If you seek answers, you must always ask questions. - Master Vandar Tokare.

[Suggestion] Add another Blaster Pistol with the "A-300 Heavy Sonic Needler" model = DONE!

Swordy's Avatar


Swordy
04.11.2013 , 09:28 AM | #10
Quote: Originally Posted by Phillip_BW View Post
. That is a self-inflicted situation and knowledge of just the cookie (the fear at least one prevalent poster appears to have) is not enough to 'hack' into an account on our site at least, so it is an unfounded fear to start with.
Anybody can use a cross site scripting attack to steal the cookie of another which will allow them to be logged in on their website account.

Both the session id that the server uses and the session id that Drupal is using seems to be stored in the cookie that swtor.com uses. They could potentially use that to steal somebody's account couldn't they? I'm no expert in web security, it's more of an edge field to mine

Either way to others in the thread, buy the security key. Security keys are awesome and you never have to worry about it again. I just keep mine on my desk where I play rather than have one on my phone.
Chairman of The Official Sir Copperfield The Honourable Official Fan Club™