Please upgrade your browser for the best possible experience.

Chrome Firefox Internet Explorer
×

Display Name Only Log In Now Live

First BioWare Post First BioWare Post

Tarlardon's Avatar


Tarlardon
04.10.2013 , 11:46 PM | #101
I fully agree on the comments regarding this one time password. This is indeed so incredibly annoying - I do not get it. Were so many people hacked in the last months that you think it is necessary to do that? Ever since then I do not even feel like logging in for half an hour to do some trading or daily quests which is why I am playing these kind of games in the first place, because they are supposed to enable you to play whenever you want wherever you are for just a short period of time. But having to wait for that damn password, log on to your email account, recognize you forgot the TAB button, bla bla.... just annoying...

CaptRavenous's Avatar


CaptRavenous
04.11.2013 , 12:38 AM | #102
Quote: Originally Posted by Phillip_BW View Post

I've been looking into this, and while your game authentications (10+ times logged in) are working as expected without you getting prompted for an OTP, you are indeed getting prompted too often when logging on to the website.

From what we are seeing in the logs, it appears you are using 'incognito' mode, or disallowing cookies to be saved within the browser. This could be something you have done on purpose to stop being tracked by ad trackers (I do something similar using a NoScript addon in conjunction with a Ghostery addon), or something an addon in your browser is doing for you without you realizing.

Either way, stopping cookies from being able to be saved for the SWTOR website will mean that you get prompted every time you open the browser and go to the website.

You could use a different browser that hasn't been customized as a test (log in once to create cookie, close browser and go to SWTOR again to see if you get prompted again). I'd be interested in the results.
I am prompted for a OTP every single time I log into the website.
Of course I disallow cookies in my browser. The first thing hackers look for on your PC are Temp files and Cookies. You just admitted to doing something similar yourself, yet those of us who know PC security are being shafted?

So, I should TURN DOWN my internet browser security for your game?

Sorry, but its pretty obvious, these security measures were put into place for those who know next to nothing about internet security, with no thought given to those who might have more secure systems than even you guys at Bioware have.

These measures were implemented by someone fresh out of an IT Security Management Course, without any research done into applied IT security measures.

Or, this is a ploy by Bioware to frustrate players into buying a Security Key?

In over 10 years of MMO play, I have never had an account hacked, or even had a Keylogger or Trojan program on any of the PCs I administrate.

That's ok. Your security measures only chase away more people from your forums. They know they can go to other unofficial forums where the security isn't so amateur, like it is here.

Sorry to say it, Phillip_BW, but you don't know what you are doing, despite your prostrations to the contrary.

Do your due diligence, then come back.
THE GREYWALKER CONCLAVE- Master Zarchon Greywalker
HOUSE OF XARDOX - Darth Xardox

BEGEREN COLONY ROLE PLAY SERVER - west coast

Warwench's Avatar


Warwench
04.11.2013 , 09:01 AM | #103
Quote: Originally Posted by CaptRavenous View Post
I am prompted for a OTP every single time I log into the website.
Of course I disallow cookies in my browser. The first thing hackers look for on your PC are Temp files and Cookies. You just admitted to doing something similar yourself, yet those of us who know PC security are being shafted?

So, I should TURN DOWN my internet browser security for your game?

Sorry, but its pretty obvious, these security measures were put into place for those who know next to nothing about internet security, with no thought given to those who might have more secure systems than even you guys at Bioware have.

These measures were implemented by someone fresh out of an IT Security Management Course, without any research done into applied IT security measures.

Or, this is a ploy by Bioware to frustrate players into buying a Security Key?

In over 10 years of MMO play, I have never had an account hacked, or even had a Keylogger or Trojan program on any of the PCs I administrate.

That's ok. Your security measures only chase away more people from your forums. They know they can go to other unofficial forums where the security isn't so amateur, like it is here.

Sorry to say it, Phillip_BW, but you don't know what you are doing, despite your prostrations to the contrary.

Do your due diligence, then come back.
So what i gather, is you expect to be able to take a security control like disabling cookies or disabling javascript (or disabling anything else that potentially adds risk while using rich experiences online) and get the same rich experience?

you sir have 2 problems, you don't know how security works and you dont know how the internet works.

You cannot blatantly apply a security control across something like the internet to disable the rich experience and then whine because it doesn't work. You've done none of YOUR due diligence to determine the risk of what the control works on for the site you are applying it against. You need to evaluate, are cookies on this site ok or not? Do i trust the site? Am I ok with the loss of functionality from disabling cookies? the same goes for anything else, java, javascript, flash etc etc.

There are a lot of place you absolutely DO want to disable all of it because the impact of untrusted code is high and the loss of functionality is something you don't care about. you have to evaluate the risk, the impact and the likelihood on a site by site basis.

You haven't done that though, you've just disabled things on all sites and said screw it, i don't care what loss of functionality I might suffer. Then you whine cos you lost functionality.

Website depend on good implementations of things like cookies/javascript to give their users a good experience. There is no way to examine who you are and determine that you don't need to be prompted without a little 2 way trust. If you wont trust SWTOR, they wont trust you. It's pretty simple and anyone with an OUNCE of actual security knowledge can see that.

Before you go off on tangents about cookie stealing and all that, be sure you REALLY understand how those things are done.

p.s. I do have quite a bit of security experience and can debate this and anything else around security all day if you like.

CaptRavenous's Avatar


CaptRavenous
04.11.2013 , 04:51 PM | #104
Quote: Originally Posted by Warwench View Post
So what i gather, is you expect to be able to take a security control like disabling cookies or disabling javascript (or disabling anything else that potentially adds risk while using rich experiences online) and get the same rich experience?

you sir have 2 problems, you don't know how security works and you dont know how the internet works.

You cannot blatantly apply a security control across something like the internet to disable the rich experience and then whine because it doesn't work. You've done none of YOUR due diligence to determine the risk of what the control works on for the site you are applying it against. You need to evaluate, are cookies on this site ok or not? Do i trust the site? Am I ok with the loss of functionality from disabling cookies? the same goes for anything else, java, javascript, flash etc etc.

There are a lot of place you absolutely DO want to disable all of it because the impact of untrusted code is high and the loss of functionality is something you don't care about. you have to evaluate the risk, the impact and the likelihood on a site by site basis.

You haven't done that though, you've just disabled things on all sites and said screw it, i don't care what loss of functionality I might suffer. Then you whine cos you lost functionality.

Website depend on good implementations of things like cookies/javascript to give their users a good experience. There is no way to examine who you are and determine that you don't need to be prompted without a little 2 way trust. If you wont trust SWTOR, they wont trust you. It's pretty simple and anyone with an OUNCE of actual security knowledge can see that.

Before you go off on tangents about cookie stealing and all that, be sure you REALLY understand how those things are done.

p.s. I do have quite a bit of security experience and can debate this and anything else around security all day if you like.
I have no problems on any other websites, MMOs, or forums like I've been having here since they implemented the changes. I keep my cookies disabled and temp files cleared out as a precautionary measure, just in-case myself or someone in my family does accidently come across a blind link or ad that installs a virus. I have had 2 viruses in 15 years of being online, both of which were a minor threat, because there was no important info to steal from my PC in the way of cookies of temp files. Windows remembers NONE of my passwords, I keep those in a safer place, off my PC.

I've played other MMOs, and still do. I've not had any troubles with their security as I am now having here. Same with other forums I visit, no problems, just here.

I've lost no functionality in doing things the way I do. I can visit any other websites, everything that should work, does work. Except here.

I never get prompted for a OTP when logging into the game, only when signing into the forums. These new security measures were poorly implemented, and aimed at players who know next to nothing about IT security, or its a ploy to get us all to buy security keys, probably both.

If I know nothing about IT security, then my PCs should be royally screwed with viruses, Trojans, and keyloggers. They're not. I own 3 PCs and a laptop, and have never had any major problems with security, just the 2 viruses, as stated earlier. My track record with PCs and keeping them secure speaks for itself. I used to do government IT security. No PC or network was compromised under my watch.

Bottom line, my internet works just fine everywhere else, just not here with the stupid implementation of this OTP feature.

P.S. You'll note I didn't personally attack you.
THE GREYWALKER CONCLAVE- Master Zarchon Greywalker
HOUSE OF XARDOX - Darth Xardox

BEGEREN COLONY ROLE PLAY SERVER - west coast

KaiserSol's Avatar


KaiserSol
04.12.2013 , 09:56 PM | #105
I get the OTP's, but they don't work. I enter them in and.....nothing. I'm still sitting there looking at the login screen. Just admit it Phil, you blew it and go back to the old 'personal questions' system.

I did notice, however, several references to buying keys. Really? We have to buy additional security for a game we have already puchased. I would have thought appropriate security would have been included in the original price.

CaptainAnn's Avatar


CaptainAnn
04.15.2013 , 11:21 PM | #106
For goodness sake!

I just quit WoW after five years.

Do you really think I'm going to keep subscribing after one month of SWTOR with this one-time password **** going on???

Get this log-in issue sorted and remove the one-time password requirement.

SO I need to TURN DOWN MY SECURITY SETTINGS? What a dumb idea...........All I want to be able to do is log in and play. I don't know how to change cookie setting ffs! So don't go assuming I'm going to spend hours fiddling with setting just so I can play YOUR game! I am a user not a technical provider!!!

I want a game without one-time passwords! (over 10 minute waits in each of the last two days, each time I try to log on).

Give the consumer what he/she wants - a game they can play WHEN they want.

CaptainAnn's Avatar


CaptainAnn
04.15.2013 , 11:33 PM | #107
Received an email from SWTOR customer dis-service department "however we would rather err on the side of inconvenience than that of account security"

**** you, SWTOR!

Another 5 minute+ wait this morning for the one-time password to come through by email just to log onto the game. This is five minutes less I can play this morning before I have to go to work.

Know what 'workaround' solution I'm applying? I'm logging onto my online banking (no time delay in logging onto that service!) and cancelling my payment plan for SWTOR!

CaptainAnn's Avatar


CaptainAnn
04.15.2013 , 11:43 PM | #108
Yes, now past 16 minutes and still not logged in - by the time the passwords arrive they are expired! 3 attempts made!

What an utterly, utterly useless and ill executed idea, Mr Head of Security!

I have used the time though to contact my credit card company and to cancel the swtor payment agreement though - so something productive there! I wouldn't have cancelled but for the obnoxious and ignorant email from customer dis-services!

KaiserSol's Avatar


KaiserSol
04.16.2013 , 03:19 AM | #109
Customer service was no help at all.

The OTP's definitely do not work on my computer when trying to log directly into the game.

I don't know if this is the same for everyone, but I read somewhere if you log into the SWTOR website with an OTP this will allow the SWTOR software to recognise your computer amd then you should be able to log into the game normally. Might take a few attempts, but it worked for me.

This won't be a fix for players with ISPs that change your computer ID daily (and that is why this OTP is a dumb idea). I am no computer boffin but I hope this helps.

ajazzz's Avatar


ajazzz
04.16.2013 , 07:21 AM | #110
Quote: Originally Posted by KaiserSol View Post
Customer service was no help at all.

The OTP's definitely do not work on my computer when trying to log directly into the game.

I don't know if this is the same for everyone, but I read somewhere if you log into the SWTOR website with an OTP this will allow the SWTOR software to recognise your computer amd then you should be able to log into the game normally. Might take a few attempts, but it worked for me.

This won't be a fix for players with ISPs that change your computer ID daily (and that is why this OTP is a dumb idea). I am no computer boffin but I hope this helps.
yep... dynamic IP which I am on with my ISP changes every day or when I reset my router , so I have to do this every day now. cookies are irrelevant plus they did't work on chrome for me if I log on more than once in one day? I had to use IE.
But now the launcher is not giving me a OTP now so I have to log on to the web site first to get OTP and then launch the game, it is a JOKE NOW and you are right it is a DUMB IDEA.