Please upgrade your browser for the best possible experience.

Chrome Firefox Internet Explorer
×

An update on the One-Time-Password system (April 16th 2013)

STAR WARS: The Old Republic > English > General Discussion
An update on the One-Time-Password system (April 16th 2013)
First BioWare Post First BioWare Post

Andryah's Avatar


Andryah
04.16.2013 , 06:27 PM | #31
Quote: Originally Posted by CaptRavenous View Post
Alright, I have an update.

Just for the heck of it, I decided to google "Star Wars: The Old Republic security keys".

It seems, while they are out of stock on the SW:TOR website, they are in-stock on EA's Origin store.
Excellent!

I applaud people who take the initiative to self solve an internet issue. So Kudos for finding yourself a key.

NOW.... Philip should have been able to point you to that solution IMO.. but hey... however a solution is found is a good solution for an individual.
sayonara SWTOR. I will miss the game, I will miss many players, I will NOT miss being lied to and deceived. I will not miss rookie level mistakes of epic proportions.

Zorblack's Avatar


Zorblack
04.16.2013 , 07:46 PM | #32
Where is my mobile authenticator for Windows Phone!!!!

Andryah's Avatar


Andryah
04.16.2013 , 07:57 PM | #33
Quote: Originally Posted by Zorblack View Post
Where is my mobile authenticator for Windows Phone!!!!
It's a market share problem....most corporations don't have confidence that windows phones are going to survive a crowded smart phone market.

3% market share world wide... 4.8% in Kantors key eight countries share measure..... 3.3% in the US.

Hate Microsoft for this.... everything they touch in the consumer electronic appliance space turns to doodoo. Which is a shame because the Nokia platform is really good. But you cannot blame corporations for being leery of supporting right now.

The good news is 5 years from now.. if Microsoft and Nokia do not seriously slip on a banana peel.... the Asian Market is theirs for the taking unless Apple seriously reforms their product price points and business model. And that will drive proliferation of market share world wide. But that is years away and many banana peels exist on the pathway.
sayonara SWTOR. I will miss the game, I will miss many players, I will NOT miss being lied to and deceived. I will not miss rookie level mistakes of epic proportions.

Laurreth's Avatar


Laurreth
04.17.2013 , 01:55 AM | #34
Quote: Originally Posted by Wodaz View Post
I'm not trying to be rude but you own this game and a internet based computer, but wont ever own a moblie device!?!? Hrmm!?!? I'm smelling a troll!
Not necessarily. Some people just don't need a smartphone (assuming that's what was really meant by "mobile device"). All I ever use mine for is a bit of surfing because it's there anyway, as an alarm clock, and for the authenticator. My phone bill is around 1€/month. Once that sucker breaks, I likely won't get a replacement since an investment of several hundred currency units just wouldn't be justifiable.

Just saying.
Rüstige Rentner auf Jar'Kai Sword — schau einfach mal rein ☺
“I like how the whining about "censored" butts started instantly but it took 2 days for someone to notice the legs are also ****ed up” — rantboi

Negranit's Avatar


Negranit
04.17.2013 , 04:21 AM | #35
First of all, Thank you Bioware for the reply. I have to say though, that I have a feeling there's something you're not telling us: why is it that difficult to simply remove this feature? No need to worry about making sure emails are sent on time, etc. Simply removing the one time password and bringing back the security questions shouldn't be that difficult, right?

jasoneth's Avatar


jasoneth
04.17.2013 , 04:22 AM | #36
Quote: Originally Posted by Laerian View Post
Interesting because the described system behaviour doesn't match with my experience

- I'm a subscriber
- I have a dynamic IP (that changes everytime I reboot the computer) confirmed.
- With the previous system I've set 3 security questions. Like 90% of the times I logged I had to enter one of the answers.
- I didn't have a security key
- I use IE and I have cookies enabled

Since the OTP implementation:

- I have never been asked to enter an OTP before (or the security answers), not in MySWTOR nor the launcher. Which is strange because the dynamic IP.
- Today I set a security key so I had to enter an OTP in MySWTOR. (which is expected)
The IP address you appear to be talking about is that allocated by your router, on your local LAN (usually something like 192.168.0.3 or whatever). The IP address that SWTOR sees (and the rest of the Internet) is that of your cable or ADSL modem on the Internet-facing side, which is allocated by your ISP. This can change when you cycle the power on your modem (or otherwise reestablish the connection). Sometimes the ISP will attempt to keep the IP address you had been allocated when you were last connected, but there's no guarantee of that.

So while your computer's IP address be changing locally (allocated by your router using DHCP), as far as everyone else is concerned it's usually the same.

FYI, the whole reason why you've got apparently private/separate IP addresses on your local network is due to the shortage of 32 bit IPv4 addresses. The technology that gives the illusion that all your devices on your LAN are the same external IP address is called IP masquerading. It'll be redundant if IPv6 ever really take over, but it seems to be taking a while.
Teo, co-host and producer of OotiniCast

LasherC's Avatar


LasherC
04.17.2013 , 04:47 AM | #37
Quote: Originally Posted by Negranit View Post
First of all, Thank you Bioware for the reply. I have to say though, that I have a feeling there's something you're not telling us: why is it that difficult to simply remove this feature? No need to worry about making sure emails are sent on time, etc. Simply removing the one time password and bringing back the security questions shouldn't be that difficult, right?
Because security questions don't really add that much protection. If we're talking about social engineering, if you're naive enough to give away your password, you're probably naive enough to give away your security questions as well. If we're talking about key logging, they will eventually ( probably sooner rather than later ) have the questions as well as your password. With an e-mail in the picture, it's harder for them. They have to deal with 2 passwords, and whatever additional protection your e-mail provider might have ( like SMS protect or smth ), and even the most naive of people would probably have alarm bells going off in their head if someone asked for their swtor password AND their e-mail password.

dennisfisch's Avatar


dennisfisch
04.17.2013 , 05:24 AM | #38
right, so now that i have waited upwards of 20 minutes for an OTP to arrive to log-in, the launcher declared it invalid. So, after 20 or so more minutes, you did manage to send me another OTP, invalid again. I'm now sitting here, wasted 40 minutes of my life when all i wanted to do is play the game that i do pay a monthly subscription for.

So what do i do? Wait another 20 minutes for the next password only to hope that by pure chance of luck it might by valid and then go on and do this every single time i feel like playing a game i pay for every month?!

Before you guys walk all over me:
  • I checked the mail headers (and am competent in doing this, i have 2 bachelors degrees in computer science) and the emails took 4 seconds to arrive at my mail provider and get pushed via IMAP to my desktop. All other services i use on a day-to-day basis reach me via this route almost in real-time, apart from swtor....
  • I copy pasted the OTP exactly without any extra white-spaces and pasted it into a textfile to validate before finally pasting it into the launcher exactly as it appeared in the email
  • I did not try to log in to the website (which would generate another OTP, leaving me to guess what email belongs to what log-in request, another technical flaw that shouldve been acocunted for!), so this is not the source of the OTPs being incorrect.

End of the story, i cancelled my subscription. I have 3 characters, one of which is lvl 50, and have purchased the expansion early on, which i now deeply regret. Had i known it came bundled with this madness i wouldve never considered subscribing..

Well, youve got yourself another leaving customer to be proud of, by managing to screw up a working system. I can only warn everyone i meet about not paying you until this situation is reverted... seriosly, how hard can it be?!

LasherC's Avatar


LasherC
04.17.2013 , 05:32 AM | #39
Quote: Originally Posted by dennisfisch View Post
  • I did not try to log in to the website (which would generate another OTP, leaving me to guess what email belongs to what log-in request, another technical flaw that shouldve been acocunted for!), so this is not the source of the OTPs being incorrect.
That's weird. If I try and log on both the website and the game at the same time, I only get one password, which can be used in both places. Also, if I use the password on either the game or the website, I do not need to do it for the other.

dennisfisch's Avatar


dennisfisch
04.17.2013 , 05:36 AM | #40
Quote: Originally Posted by LasherC View Post
That's weird. If I try and log on both the website and the game at the same time, I only get one password, which can be used in both places. Also, if I use the password on either the game or the website, I do not need to do it for the other.
I was assuming that a one time password is tied to one log in request, since i always get seperate emails for every time i try go log in somewhere. I have to point out, i just tried adding the security key app, so if swtor allows, i may be able to play the last 6 days of my paid for subscription time, only to discover yet again, that the key that was sent is invalid... It only took 5-10 minutes to arrive now, though, so i reckon one might see that as an improvement (</sarcasm>).