Rabenschwinge Posted February 14, 2012 Share Posted February 14, 2012 I was wondering why the security keys were provided in a way that is not so dissimilar to classic dongles, but requires you to enter the code by hand, instead of it being simply a USB device that needs to be inserted. The concept of a dongle is not new, even though it is usually used as copy protection rather than user authentication, and therefore certainly not less secure. I can imagine that one purpose is to prevent the user from leaving it inserted in the computer and therefore anyone who has the password and physical access to that computer able to access the account, whether or not it's the actual account holder or a different family member for example; but even so you could simply require the user to simply remove it before the game actually starts. Entering the code by hand every time seems unnecessary complicated to me. Link to comment Share on other sites More sharing options...
Dosma Posted February 14, 2012 Share Posted February 14, 2012 Trying to figure out how I insert my phone into usb port now. Link to comment Share on other sites More sharing options...
Skienz Posted February 14, 2012 Share Posted February 14, 2012 Because WOW didn't do it that way so they won't either. I would use a dongle but not the current method. Link to comment Share on other sites More sharing options...
Falks Posted February 14, 2012 Share Posted February 14, 2012 That's because the main point of an authenticator is having something physically apart from the computer, that has to be entered manually. An USB dongle, or even a program that emulates an authenticator would make it susceptible to hacking and modding. Authenticators can be annoying, but that's the price you have to pay for extra security. Kinda like door locks, when you think about it. Link to comment Share on other sites More sharing options...
Rabenschwinge Posted February 14, 2012 Author Share Posted February 14, 2012 Trying to figure out how I insert my phone into usb port now. That's a different matter. But you could use a secure wifi connection with an iPhone as well. It would still require the user to activate the program to make sure the user actually want to start SW:TOR on the nearby computer, but it's not strictly required to copy the code it displays by hand. Link to comment Share on other sites More sharing options...
Halofax Posted February 14, 2012 Share Posted February 14, 2012 Not everyone has a usb connector on their computer. Not everyone has an iphone. You =/= everyone. Link to comment Share on other sites More sharing options...
Rabenschwinge Posted February 14, 2012 Author Share Posted February 14, 2012 That's because the main point of an authenticator is having something physically apart from the computer, that has to be entered manually. An USB dongle, or even a program that emulates an authenticator would make it susceptible to hacking and modding. Authenticators can be annoying, but that's the price you have to pay for extra security. Kinda like door locks, when you think about it. Ah, of course, that makes sense. It's not just meant to protect your own account, it's also some kind of "captcha", and thus requires human interaction that cannot easily be mimicked by a machine. Link to comment Share on other sites More sharing options...
eklipzze Posted February 14, 2012 Share Posted February 14, 2012 I was wondering why the security keys were provided in a way that is not so dissimilar to classic dongles, but requires you to enter the code by hand, instead of it being simply a USB device that needs to be inserted. The concept of a dongle is not new, even though it is usually used as copy protection rather than user authentication, and therefore certainly not less secure. I can imagine that one purpose is to prevent the user from leaving it inserted in the computer and therefore anyone who has the password and physical access to that computer able to access the account, whether or not it's the actual account holder or a different family member for example; but even so you could simply require the user to simply remove it before the game actually starts. Entering the code by hand every time seems unnecessary complicated to me. She said dongle.... Link to comment Share on other sites More sharing options...
Rabenschwinge Posted February 14, 2012 Author Share Posted February 14, 2012 Not everyone has a usb connector on their computer. Not everyone has an iphone. You =/= everyone. That's irrelevant. Video games have very narrow hardware requirements already. Firstly you aren't required to use a security key, and secondly requiring a USB (1.0 or above) type A port on a modern computer, that fullfills the hardware requirements in first place would not be very constraining. The few people who would not be able to use one could be neglected. Remember that we're talking about an optional feature here. Link to comment Share on other sites More sharing options...
JanGrode Posted February 14, 2012 Share Posted February 14, 2012 Not everyone has a usb connector on their computer. Please show me a PC that can run TOR but has no USB connectors. Link to comment Share on other sites More sharing options...
rhirne Posted February 14, 2012 Share Posted February 14, 2012 (edited) Because USB Dongles are a $@%@$%@^&@$^&$^^#@!#^%$@ to deal with. The app is far easier to deal with and modify if necessary. As well... how many people keep their USB devices secure... My house keys are more secure than my USB stick. How secure do people keep their key cards they need to get into their job?? How many of those do you see hanging from people's rear view mirror? How secure do you keep your password to your computer?? You wouldn't believe how many people just write it down and place a sticky note on their monitor.... The app is easier to manage Edited February 14, 2012 by rhirne Link to comment Share on other sites More sharing options...
Halofax Posted February 14, 2012 Share Posted February 14, 2012 Please show me a PC that can run TOR but has no USB connectors. Home built. They exist. Link to comment Share on other sites More sharing options...
Sabarok Posted February 14, 2012 Share Posted February 14, 2012 Please show me a PC that can run TOR but has no USB connectors. It wouldn't only be that the computer doesn't have any USB ports, but rather that the computer has no USB ports available. However, that's no excuse not to make it available for those of us with lots of USB ports to spare. Personally, with EA/Bioware requiring me to use the same account for SWTOR, the forums, and Origin, I'd rather have the option of splitting them into separate accounts. Link to comment Share on other sites More sharing options...
Woodspoon Posted February 14, 2012 Share Posted February 14, 2012 you'll probably find that a usb dongle would cost more to make than a keygen/app, I have no proof of this other than BW would probably want to go with the cheapest solution possible. Link to comment Share on other sites More sharing options...
KhealThar Posted February 14, 2012 Share Posted February 14, 2012 Because WOW didn't do it that way so they won't either. I would use a dongle but not the current method. It was only a matter of time before someone made this comment! WoW has combat, that must be why SWTOR has it too! Link to comment Share on other sites More sharing options...
RazielHex Posted February 14, 2012 Share Posted February 14, 2012 If it's connected to the computer, you can hook it with a logger. All you would need to do is exploit Plug-and-play and the interface adapter and place a hook on that. Operating Systems do not "watch" the interface adapter. Not only will it never be detected, it'll never be removed without a full reformat as a normal user cannot interface with the interface. Link to comment Share on other sites More sharing options...
mlinder Posted February 14, 2012 Share Posted February 14, 2012 the biggest reason......the company that makes these dongles make them for other MMOs already...rather than commissioning new tech its much easier cheaper and faster to use what works.... ESPECIALLY where security is concerned Link to comment Share on other sites More sharing options...
Rabenschwinge Posted February 14, 2012 Author Share Posted February 14, 2012 If it's connected to the computer, you can hook it with a logger. All you would need to do is exploit Plug-and-play and the interface adapter and place a hook on that. Operating Systems do not "watch" the interface adapter. Not only will it never be detected, it'll never be removed without a full reformat as a normal user cannot interface with the interface. You could fake the presence of a USB device that isn't there with ease... but never that of a private key you don't have. Look here: http://en.wikipedia.org/wiki/Public-key_cryptography (note that those keys may not only be used for encryption, but also for signatures) Link to comment Share on other sites More sharing options...
Iliena Posted February 14, 2012 Share Posted February 14, 2012 This is a new and original whinge ...but I feel the need to raise the bar and demand a fingerprint and retinal scanner to log into the game... and I want it all built into a sub 10 dollar USB 3 dongle! Link to comment Share on other sites More sharing options...
Rabenschwinge Posted February 14, 2012 Author Share Posted February 14, 2012 A simple USB dongle would work not so unlike the current devices - it receives a challenge string and calculates a verifiable response. However, it would not need an internal power supply or a quartz oscillator (because it would receive a challenge string rather than using an internal clock to create one). Thus, it would be simpler in some ways. Link to comment Share on other sites More sharing options...
Hokonoso Posted February 14, 2012 Share Posted February 14, 2012 bad idea is bad, i could hack any usb dongle in a few days, thx for just giving me and everyone else's account info! stop being lazy and enter in the key, it's worth having the **** outfit on your pets and 1hr fleet passes! i use the iphone app atm but i know my phone will die eventually and ill be on the phoen for 12 hours removing the authenticator, but that's for the future!!! Link to comment Share on other sites More sharing options...
sjmc Posted February 14, 2012 Share Posted February 14, 2012 (edited) ...but I feel the need to raise the bar and demand a fingerprint and retinal scanner to log into the game...I'd be ok with it using fingerprints....EDIT: Actually maybe that wouldn't be ok -- because to be effective they would have to store the fingerprints on the server, not the client. Edited February 14, 2012 by sjmc Link to comment Share on other sites More sharing options...
DarkCarnage Posted February 14, 2012 Share Posted February 14, 2012 i think it due to if you plug it in to your computer someone could make a virus that copy and send them the cypher code it uses and then they can hack your acount. while a usb would amke it easier for some poeple it a security thing so tehy need to make it abit harder then some poeple want. Link to comment Share on other sites More sharing options...
Goretzu Posted February 14, 2012 Share Posted February 14, 2012 Not everyone has a usb connector on their computer. Not everyone has an iphone. You =/= everyone. Who doesn#t have a USB on thier computer? They been standard for over 10 years now. Link to comment Share on other sites More sharing options...
ferroz Posted February 14, 2012 Share Posted February 14, 2012 Home built. They exist.I'm skeptical. If they exist, then you should be able to link the motherboard that they're be using that could be used to run TOR but doesn't have a single USB connection... Link to comment Share on other sites More sharing options...
Recommended Posts