Please upgrade your browser for the best possible experience.

Chrome Firefox Internet Explorer
×

An update on the One-Time-Password system (April 16th 2013)

STAR WARS: The Old Republic > English > General Discussion
An update on the One-Time-Password system (April 16th 2013)
First BioWare Post First BioWare Post

Andryah's Avatar


Andryah
04.16.2013 , 04:21 PM | #11
Quote: Originally Posted by Ivan-Drago View Post
i had to call customer service cause I lock myself out of the game by entering too many wrong passwords back when the game first came out. I asked if it is worth downloading the security app and I was told not to because if I lost my phone getting account access could be a hassle. So i never downloaded it.
But if I can avoid this one time password business, I would download it.
Old and outdated.

Please don't use year old feedback from a customer service rep when discussing something in the present. All you are doing is injecting worry and doubt based on something that is not true today.
Forum disputatio ------> est completum ineptias.

Ivan-Drago's Avatar


Ivan-Drago
04.16.2013 , 04:28 PM | #12
Quote: Originally Posted by Andryah View Post
Old and outdated.

Please don't use year old feedback from a customer service rep when discussing something in the present. All you are doing is injecting worry and doubt based on something that is not true today.
So if I lost my phone with the security app on it, I would have no problem accessing the game and my account? And would having a security key bypass the one time password email?

Wodaz's Avatar


Wodaz
04.16.2013 , 04:28 PM | #13
Quote: Originally Posted by Verita View Post
If I remember correctly (and otherwise the security key wouldn't make much sense), this will ask you for a code from your linked phone, which, of course, is impossible in case of a lost, stolen or broken phone.
Well I was assuming that I had replaced the phone already downloaded the app on my new replaced phone and followed the "Remove your Security Key" function in your account page allowing you to use the new code provided by new phone and app to use the "Replace you Security Key" function.
"Wodaz here! I'm all about havin' fun. You know, get a couple cocktails in me, start a fire in someone's kitchen. Maybe go to SeaWorld, take my pants off. Anyway, I kinda known for my catch phrase WHAMMY!!!!!"

Wodaz's Avatar


Wodaz
04.16.2013 , 04:32 PM | #14
Quote: Originally Posted by Ivan-Drago View Post
So if I lost my phone with the security app on it, I would have no problem accessing the game and my account? And would having a security key bypass the one time password email?
Did you receive a new phone yet? If so go to "My Account"/"Security Key"/"Replace your Security Key", then once on "Replace your Security Key" page you will see a link that says, "Remove you current security key", click on it and follow instructions. This should allow you to enter a new app code to replace your old one.
"Wodaz here! I'm all about havin' fun. You know, get a couple cocktails in me, start a fire in someone's kitchen. Maybe go to SeaWorld, take my pants off. Anyway, I kinda known for my catch phrase WHAMMY!!!!!"

Andryah's Avatar


Andryah
04.16.2013 , 04:36 PM | #15
Quote: Originally Posted by Ivan-Drago View Post
So if I lost my phone with the security app on it, I would have no problem accessing the game and my account? And would having a security key bypass the one time password email?
They have added a self serve process for keys.. so you don't need Customer Support to remove keys anymore.

You are able to add/delete security keys on your own now. If you lost the key.... you would need to go through the one time password process to log in and remove the key.

Anyone with a key does not get one time passwords unless they fail to use a valid key for account login and/or get locked out.
Forum disputatio ------> est completum ineptias.

Dink's Avatar


Dink
04.16.2013 , 04:37 PM | #16
And I'll just add this in again...

Please create a mobile security key for Windows Phone (7/8) so we don't have to carry around the keychain fob thingy.

I've yet to add the security key to my account because it's a PITA to carry it around with me, and with the recent changes to how you've set security, I know I'm going to run into issue at some point (changing IP address, wanting to log into the forums away from home, etc.).

I asked this once and you responded with a statement equivalent to "there's not enough money in it for us" (your real answer was about the marketshare with Windows phones, but still equates to the same), but you have to realize that if you're giving people options - saying "For subscribers, there is the option to use the Mobile Security Key..." yet you don't actually provide us one, you're doing nothing but causing more of an inconvenience to people that support you.

I'd love nothing more than to be able to use the security key, but for some reason you just won't let me. Does it really cost that much (seriously asking because I don't know) to create a mobile app for Win phones?
Rebuc Arisso ::: Major :::
Eternal Vigilance. :::
The 'Ideal Guild Quiz' :::

chuixupu's Avatar


chuixupu
04.16.2013 , 04:43 PM | #17
Quote: Originally Posted by Ivan-Drago View Post
So if i have the security key app on my phone ( which I was discouraged to use by a Bioware customer service representative), i don't have to wait for a email?
That has to be a misunderstanding, or not the whole story. They want you to use it. It's the safest thing you can use.
Wardens of Fate / Alea Iacta Est
The Tarkus Legacy ~ The Harbinger/Jedi Covenant

CaptRavenous's Avatar


CaptRavenous
04.16.2013 , 05:10 PM | #18
Quote: Originally Posted by Phillip_BW View Post

Deleting cookies in a browser forces a new OTP every time
This is specific to using a web browser and our website. The game launcher is not affected by this behaviour.

There is a very small number of people that are using what Chrome calls 'Incognito' browsing, AKA 'Private' in Firefox. This is where no browser cookies are available or persist. There are also settings within browsers for turning off cookies for all sites as a blanket setting.

I realize that this provides some level of protection from browsing activity being associated and cross-referenced by ad agencies and the like, however this has a side effect for SWTOR - we rely on the presence of a web cookie as one of the many security checks we have in place to identify a machine. This is primarily due to ensuring security is maintained where a number of players share the same Internet connection - University networks, progressive companies that allow people to play SWTOR from work as well as Internet Cafe's or shared Wi-Fi hotspots. The cookie is not the only check we have in place, but it is treated with a high enough weight behind it that if it is not present, there will be an OTP sent.

So, that leaves us with a few ways to not get prompted each and every time:
  • Enable cookies for specific sites, and include SWTOR (usually swtor.com, but also sometimes starwarstheoldrepublic.com)
  • Enable cookies for 'all the sites', and use plugins such as NoScript and Ghostery to stop 3rd party cookies that aren't site specific (this is my personal approach, and that is the only reason I mention it)
  • Use a Mobile or Physical Security Key. I mention this not because we are trying to get everybody to use a Security Key (the OTP is also a form of dual-factor security so in the end everybody has increased security), but because it is one of the ways of avoiding having to be sent an OTP every time
ETA: up to you as the person affected and which way you want to go. Or not at all if you don't mind the OTP message every time you log in.
A side note on the Mobile Security Key topic - I have seen some people recommend using a mobile phone emulator and using the Mobile Security Key application that way, and while this technically works, it does break one of the reasons the Security Key is considered dual-factor in that your username, password and security key generator are all on the same machine. Putting the emulator on a separate machine would be more sensible, but we do not support the Mobile Security Key application if it is used within an emulator.
The SW:TOR website says Physical Security Keys are out-of-stock, so I can't buy one from you guys until they are back in stock. When will this be?
I tried finding one from a store, such as EB games, but no one will sell me one unless I buy another copy of the game with it!
I have no mobile devices, so getting a Mobile Security key is right out.

I have to say, this is getting ridiculous.
THE GREYWALKER CONCLAVE- Master Zarchon Greywalker
HOUSE OF XARDOX - Darth Xardox

BEGEREN COLONY ROLE PLAY SERVER - west coast

Andryah's Avatar


Andryah
04.16.2013 , 05:15 PM | #19
Quote: Originally Posted by CaptRavenous View Post
I have no mobile devices, so getting a Mobile Security key is right out.
google "android emulator" pick one of your choosing... load it on PC... load the security app.. improve your quality of life.

This suggestion as been offered in every thread about the topic in this forum. Why is it you are unaware of it??

Yes they say they don't support it (because putting it on the same PC you run the game on breaks two-factor, so Philip is obligated to recommend against it)... but the point is.. it gives you the user choices when you feel you have none.... until you have a mobile device (which does not have to be a phone btw) OR the hardware security key. OR... live with the one time passwords.
Forum disputatio ------> est completum ineptias.

CaptRavenous's Avatar


CaptRavenous
04.16.2013 , 05:26 PM | #20
Quote: Originally Posted by Andryah View Post
google "android emulator" pick one of your choosing... load it on PC... load the security app.. improve your quality of life.

This suggestion as been offered in every thread about the topic in this forum. Why is it you are unaware of it??

Yes they say they don't support it (because putting it on the same PC you run the game on breaks two-factor)... but the point is.. it gives you the user choices when you feel you have none.... until you have a mobile device OR the hardware security key. OR... live with the one time passwords.
Quote: Originally Posted by Phillip_BW View Post

A side note on the Mobile Security Key topic - I have seen some people recommend using a mobile phone emulator and using the Mobile Security Key application that way, and while this technically works, it does break one of the reasons the Security Key is considered dual-factor in that your username, password and security key generator are all on the same machine. Putting the emulator on a separate machine would be more sensible, but we do not support the Mobile Security Key application if it is used within an emulator.
I was aware of it, and I'm not getting one for the reasons Philip_BW stated.

I will never own a mobile device.

All that aside, the way security keys are being handled is ridiculous.
THE GREYWALKER CONCLAVE- Master Zarchon Greywalker
HOUSE OF XARDOX - Darth Xardox

BEGEREN COLONY ROLE PLAY SERVER - west coast