I was wondering why the security keys were provided in a way that is not so dissimilar to classic dongles, but requires you to enter the code by hand, instead of it being simply a USB device that needs to be inserted. The concept of a dongle is not new, even though it is usually used as copy protection rather than user authentication, and therefore certainly not less secure.

I can imagine that one purpose is to prevent the user from leaving it inserted in the computer and therefore anyone who has the password and physical access to that computer able to access the account, whether or not it's the actual account holder or a different family member for example; but even so you could simply require the user to simply remove it before the game actually starts.

Entering the code by hand every time seems unnecessary complicated to me.

Because WOW didn't do it that way so they won't either.

I would use a dongle but not the current method.

That's because the main point of an authenticator is having something physically apart from the computer, that has to be entered manually. An USB dongle, or even a program that emulates an authenticator would make it susceptible to hacking and modding.

Authenticators can be annoying, but that's the price you have to pay for extra security. Kinda like door locks, when you think about it.

Trying to figure out how I insert my phone into usb port now.

That's a different matter. But you could use a secure wifi connection with an iPhone as well. It would still require the user to activate the program to make sure the user actually want to start SW:TOR on the nearby computer, but it's not strictly required to copy the code it displays by hand.

Not everyone has a usb connector on their computer.

Not everyone has an iphone.

You =/= everyone.

That's because the main point of an authenticator is having something physically apart from the computer, that has to be entered manually. An USB dongle, or even a program that emulates an authenticator would make it susceptible to hacking and modding.

Authenticators can be annoying, but that's the price you have to pay for extra security. Kinda like door locks, when you think about it.

Ah, of course, that makes sense. It's not just meant to protect your own account, it's also some kind of "captcha", and thus requires human interaction that cannot easily be mimicked by a machine.

I was wondering why the security keys were provided in a way that is not so dissimilar to classic dongles, but requires you to enter the code by hand, instead of it being simply a USB device that needs to be inserted. The concept of a dongle is not new, even though it is usually used as copy protection rather than user authentication, and therefore certainly not less secure.

 

I can imagine that one purpose is to prevent the user from leaving it inserted in the computer and therefore anyone who has the password and physical access to that computer able to access the account, whether or not it's the actual account holder or a different family member for example; but even so you could simply require the user to simply remove it before the game actually starts.

 

Entering the code by hand every time seems unnecessary complicated to me.

She said dongle....

Not everyone has a usb connector on their computer.

 

Not everyone has an iphone.

 

You =/= everyone.

That's irrelevant. Video games have very narrow hardware requirements already. Firstly you aren't required to use a security key, and secondly requiring a USB (1.0 or above) type A port on a modern computer, that fullfills the hardware requirements in first place would not be very constraining. The few people who would not be able to use one could be neglected. Remember that we're talking about an optional feature here.

Not everyone has a usb connector on their computer.

Please show me a PC that can run TOR but has no USB connectors.

Because USB Dongles are a $@%@$%@^&@$^&$^^#@!#^%$@ to deal with. The app is far easier to deal with and modify if necessary.

As well... how many people keep their USB devices secure... My house keys are more secure than my USB stick. How secure do people keep their key cards they need to get into their job?? How many of those do you see hanging from people's rear view mirror? How secure do you keep your password to your computer?? You wouldn't believe how many people just write it down and place a sticky note on their monitor....

The app is easier to manage

Please show me a PC that can run TOR but has no USB connectors.

Home built.

They exist.

Please show me a PC that can run TOR but has no USB connectors.

It wouldn't only be that the computer doesn't have any USB ports, but rather that the computer has no USB ports available.

However, that's no excuse not to make it available for those of us with lots of USB ports to spare.

Personally, with EA/Bioware requiring me to use the same account for SWTOR, the forums, and Origin, I'd rather have the option of splitting them into separate accounts.

Because WOW didn't do it that way so they won't either.

 

I would use a dongle but not the current method.

It was only a matter of time before someone made this comment!

WoW has combat, that must be why SWTOR has it too!

If it's connected to the computer, you can hook it with a logger. All you would need to do is exploit Plug-and-play and the interface adapter and place a hook on that. Operating Systems do not "watch" the interface adapter. Not only will it never be detected, it'll never be removed without a full reformat as a normal user cannot interface with the interface.

You could fake the presence of a USB device that isn't there with ease... but never that of a private key you don't have.

Look here: http://en.wikipedia.org/wiki/Public-key_cryptography (note that those keys may not only be used for encryption, but also for signatures)

bad idea is bad, i could hack any usb dongle in a few days, thx for just giving me and everyone else's account info!

stop being lazy and enter in the key, it's worth having the **** outfit on your pets and 1hr fleet passes! i use the iphone app atm but i know my phone will die eventually and ill be on the phoen for 12 hours removing the authenticator, but that's for the future!!!

...but I feel the need to raise the bar and demand a fingerprint and retinal scanner to log into the game...

Not everyone has a usb connector on their computer.

 

Not everyone has an iphone.

 

You =/= everyone.

Who doesn#t have a USB on thier computer?

They been standard for over 10 years now.

Home built.

 

They exist.