I fully agree on the comments regarding this one time password. This is indeed so incredibly annoying - I do not get it. Were so many people hacked in the last months that you think it is necessary to do that? Ever since then I do not even feel like logging in for half an hour to do some trading or daily quests which is why I am playing these kind of games in the first place, because they are supposed to enable you to play whenever you want wherever you are for just a short period of time. But having to wait for that damn password, log on to your email account, recognize you forgot the TAB button, bla bla.... just annoying...

I've been looking into this, and while your game authentications (10+ times logged in) are working as expected without you getting prompted for an OTP, you are indeed getting prompted too often when logging on to the website.

 

From what we are seeing in the logs, it appears you are using 'incognito' mode, or disallowing cookies to be saved within the browser. This could be something you have done on purpose to stop being tracked by ad trackers (I do something similar using a NoScript addon in conjunction with a Ghostery addon), or something an addon in your browser is doing for you without you realizing.

 

Either way, stopping cookies from being able to be saved for the SWTOR website will mean that you get prompted every time you open the browser and go to the website.

 

You could use a different browser that hasn't been customized as a test (log in once to create cookie, close browser and go to SWTOR again to see if you get prompted again). I'd be interested in the results.

 

I am prompted for a OTP every single time I log into the website.

Of course I disallow cookies in my browser. The first thing hackers look for on your PC are Temp files and Cookies. You just admitted to doing something similar yourself, yet those of us who know PC security are being shafted?

 

So, I should TURN DOWN my internet browser security for your game?

 

Sorry, but its pretty obvious, these security measures were put into place for those who know next to nothing about internet security, with no thought given to those who might have more secure systems than even you guys at Bioware have.

 

These measures were implemented by someone fresh out of an IT Security Management Course, without any research done into applied IT security measures.

 

Or, this is a ploy by Bioware to frustrate players into buying a Security Key?

 

In over 10 years of MMO play, I have never had an account hacked, or even had a Keylogger or Trojan program on any of the PCs I administrate.

 

That's ok. Your security measures only chase away more people from your forums. They know they can go to other unofficial forums where the security isn't so amateur, like it is here.

 

Sorry to say it, Phillip_BW, but you don't know what you are doing, despite your prostrations to the contrary.

 

Do your due diligence, then come back.

I am prompted for a OTP every single time I log into the website.

Of course I disallow cookies in my browser. The first thing hackers look for on your PC are Temp files and Cookies. You just admitted to doing something similar yourself, yet those of us who know PC security are being shafted?

 

So, I should TURN DOWN my internet browser security for your game?

 

Sorry, but its pretty obvious, these security measures were put into place for those who know next to nothing about internet security, with no thought given to those who might have more secure systems than even you guys at Bioware have.

 

These measures were implemented by someone fresh out of an IT Security Management Course, without any research done into applied IT security measures.

 

Or, this is a ploy by Bioware to frustrate players into buying a Security Key?

 

In over 10 years of MMO play, I have never had an account hacked, or even had a Keylogger or Trojan program on any of the PCs I administrate.

 

That's ok. Your security measures only chase away more people from your forums. They know they can go to other unofficial forums where the security isn't so amateur, like it is here.

 

Sorry to say it, Phillip_BW, but you don't know what you are doing, despite your prostrations to the contrary.

 

Do your due diligence, then come back.

 

So what i gather, is you expect to be able to take a security control like disabling cookies or disabling javascript (or disabling anything else that potentially adds risk while using rich experiences online) and get the same rich experience?

 

you sir have 2 problems, you don't know how security works and you dont know how the internet works.

 

You cannot blatantly apply a security control across something like the internet to disable the rich experience and then whine because it doesn't work. You've done none of YOUR due diligence to determine the risk of what the control works on for the site you are applying it against. You need to evaluate, are cookies on this site ok or not? Do i trust the site? Am I ok with the loss of functionality from disabling cookies? the same goes for anything else, java, javascript, flash etc etc.

 

There are a lot of place you absolutely DO want to disable all of it because the impact of untrusted code is high and the loss of functionality is something you don't care about. you have to evaluate the risk, the impact and the likelihood on a site by site basis.

 

You haven't done that though, you've just disabled things on all sites and said screw it, i don't care what loss of functionality I might suffer. Then you whine cos you lost functionality.

 

Website depend on good implementations of things like cookies/javascript to give their users a good experience. There is no way to examine who you are and determine that you don't need to be prompted without a little 2 way trust. If you wont trust SWTOR, they wont trust you. It's pretty simple and anyone with an OUNCE of actual security knowledge can see that.

 

Before you go off on tangents about cookie stealing and all that, be sure you REALLY understand how those things are done.

 

p.s. I do have quite a bit of security experience and can debate this and anything else around security all day if you like.

So what i gather, is you expect to be able to take a security control like disabling cookies or disabling javascript (or disabling anything else that potentially adds risk while using rich experiences online) and get the same rich experience?

 

you sir have 2 problems, you don't know how security works and you dont know how the internet works.

 

You cannot blatantly apply a security control across something like the internet to disable the rich experience and then whine because it doesn't work. You've done none of YOUR due diligence to determine the risk of what the control works on for the site you are applying it against. You need to evaluate, are cookies on this site ok or not? Do i trust the site? Am I ok with the loss of functionality from disabling cookies? the same goes for anything else, java, javascript, flash etc etc.

 

There are a lot of place you absolutely DO want to disable all of it because the impact of untrusted code is high and the loss of functionality is something you don't care about. you have to evaluate the risk, the impact and the likelihood on a site by site basis.

 

You haven't done that though, you've just disabled things on all sites and said screw it, i don't care what loss of functionality I might suffer. Then you whine cos you lost functionality.

 

Website depend on good implementations of things like cookies/javascript to give their users a good experience. There is no way to examine who you are and determine that you don't need to be prompted without a little 2 way trust. If you wont trust SWTOR, they wont trust you. It's pretty simple and anyone with an OUNCE of actual security knowledge can see that.

 

Before you go off on tangents about cookie stealing and all that, be sure you REALLY understand how those things are done.

 

p.s. I do have quite a bit of security experience and can debate this and anything else around security all day if you like.

 

I have no problems on any other websites, MMOs, or forums like I've been having here since they implemented the changes. I keep my cookies disabled and temp files cleared out as a precautionary measure, just in-case myself or someone in my family does accidently come across a blind link or ad that installs a virus. I have had 2 viruses in 15 years of being online, both of which were a minor threat, because there was no important info to steal from my PC in the way of cookies of temp files. Windows remembers NONE of my passwords, I keep those in a safer place, off my PC.

 

I've played other MMOs, and still do. I've not had any troubles with their security as I am now having here. Same with other forums I visit, no problems, just here.

 

I've lost no functionality in doing things the way I do. I can visit any other websites, everything that should work, does work. Except here.

 

I never get prompted for a OTP when logging into the game, only when signing into the forums. These new security measures were poorly implemented, and aimed at players who know next to nothing about IT security, or its a ploy to get us all to buy security keys, probably both.

 

If I know nothing about IT security, then my PCs should be royally screwed with viruses, Trojans, and keyloggers. They're not. I own 3 PCs and a laptop, and have never had any major problems with security, just the 2 viruses, as stated earlier. My track record with PCs and keeping them secure speaks for itself. I used to do government IT security. No PC or network was compromised under my watch.

 

Bottom line, my internet works just fine everywhere else, just not here with the stupid implementation of this OTP feature.

 

P.S. You'll note I didn't personally attack you.

Edited April 11, 2013 by CaptRavenous

I get the OTP's, but they don't work. I enter them in and.....nothing. I'm still sitting there looking at the login screen. Just admit it Phil, you blew it and go back to the old 'personal questions' system.

 

I did notice, however, several references to buying keys. Really? We have to buy additional security for a game we have already puchased. I would have thought appropriate security would have been included in the original price.

Edited April 13, 2013 by KaiserSol

For goodness sake!

 

I just quit WoW after five years.

 

Do you really think I'm going to keep subscribing after one month of SWTOR with this one-time password **** going on???

 

Get this log-in issue sorted and remove the one-time password requirement.

 

SO I need to TURN DOWN MY SECURITY SETTINGS? What a dumb idea...........All I want to be able to do is log in and play. I don't know how to change cookie setting ffs! So don't go assuming I'm going to spend hours fiddling with setting just so I can play YOUR game! I am a user not a technical provider!!!

 

I want a game without one-time passwords! (over 10 minute waits in each of the last two days, each time I try to log on).

 

Give the consumer what he/she wants - a game they can play WHEN they want.

Received an email from SWTOR customer dis-service department "however we would rather err on the side of inconvenience than that of account security"

 

**** you, SWTOR!

 

Another 5 minute+ wait this morning for the one-time password to come through by email just to log onto the game. This is five minutes less I can play this morning before I have to go to work.

 

Know what 'workaround' solution I'm applying? I'm logging onto my online banking (no time delay in logging onto that service!) and cancelling my payment plan for SWTOR!

Yes, now past 16 minutes and still not logged in - by the time the passwords arrive they are expired! 3 attempts made!

 

What an utterly, utterly useless and ill executed idea, Mr Head of Security!

 

I have used the time though to contact my credit card company and to cancel the swtor payment agreement though - so something productive there! I wouldn't have cancelled but for the obnoxious and ignorant email from customer dis-services!

Customer service was no help at all.

 

The OTP's definitely do not work on my computer when trying to log directly into the game.

 

I don't know if this is the same for everyone, but I read somewhere if you log into the SWTOR website with an OTP this will allow the SWTOR software to recognise your computer amd then you should be able to log into the game normally. Might take a few attempts, but it worked for me.

 

This won't be a fix for players with ISPs that change your computer ID daily (and that is why this OTP is a dumb idea). I am no computer boffin but I hope this helps.

Customer service was no help at all.

 

The OTP's definitely do not work on my computer when trying to log directly into the game.

 

I don't know if this is the same for everyone, but I read somewhere if you log into the SWTOR website with an OTP this will allow the SWTOR software to recognise your computer amd then you should be able to log into the game normally. Might take a few attempts, but it worked for me.

 

This won't be a fix for players with ISPs that change your computer ID daily (and that is why this OTP is a dumb idea). I am no computer boffin but I hope this helps.

 

yep... dynamic IP which I am on with my ISP changes every day or when I reset my router , so I have to do this every day now. cookies are irrelevant plus they did't work on chrome for me if I log on more than once in one day? I had to use IE.

But now the launcher is not giving me a OTP now so I have to log on to the web site first to get OTP and then launch the game, it is a JOKE NOW and you are right it is a DUMB IDEA.

I can't use the OTP in the game Launcher. Everytime I try to cut and past the password or type it into the launcher it will say that my password is invalid. The only way I seem to able to launch the game is if I log into swtor.com first. I've played a lot of games. And I have never had to do so much work to play a game. I have so much problems with it, that I haven't played every much and as much as I don't want to, I might just stop playing. Because on top of all of this, it takes, 10 minutes before the OTP even gets to my email. This is worse than last summer when I was in queue for 45 minutes.

Great work SWTOR man!

 

Tried to log on this evening (just to see if you were bothered about any concept of customer 'service'). Result was an 8 minute wait for the one time password to come through. Result was, of course, that it was not accepted.

 

Second attempt - password received 13 minutes after first login attempt. Fails to be accepted again.

 

Still have not logged on.................

 

Will I ever been able to use up what paid subscription I have left outstanding.......?

Yeah I'm also having this problem.

Delayed OTP, and error when using it ( prob due to it being expired) .

Most attempts to log in now take me 30 mins, and from what I read, that's fast.

 

Unfortunately I don't have a smart phone so cant use the free app, and the physical security key devices are out of stock at the moment lol.

 

I understand why I need to use a OTP all the time, my net is dynamic IP. That's not my issue.

 

Even as a short term fix can you extend the valid times for the OTP, at least until you guys can figure out why the emails are taking so long to generate and send?

The OTP is making it very inconvenient for me. I am considering canceling my account. Life has enough inconveniences why should I pay a monthly fee for more? I hope to hear something positive soon. My assumption is that I will not and this will be logged as “by design” as the auction house search blunder was. I can handle in-game bugs, they come with the territory. Intentional design decisions that impact the users negatively are unacceptable.

 

-Pissed Sith

So does this mean we can now remove our own mobile security key from our accounts without calling in?

 

I was an early adopter of the mobile key and since I change ROMS on my Android phone a lot it made the mobile authenticator useless to me.

 

I purchased a physical one, but do not always if it on me.

 

If I can remove my own key this is great news and I can put it back on my phone.

 

Thank you for any responses.

Yes, the one-time password problem still means us with the variable IP addresses cannot log on.

 

Well done design team! You've stopped hackers and also stopped subscribers from playing the game!

Beginning, today, April 2, 2013, logging in to the game or website will require your Display Name. Email addresses are no longer accepted; your Display Name is the only accepted option.

 

Read More

 

Who thing is ridiculous every time the net drops out or a power outage have to ring support international to fix it

Having the same issues as described above. It was already annoying to get a one-time password everytime I logged in. Now it is even worse, waiting for the password to arrive and then finding out it's not accepted and having to redo everything all over again. If they dont provide a solution soon i'm going to reconsider my subscription

Return confidential questions back. Bothered to wait for 2 hours, one-time passwords.

Very frustrating the new system. Why not give players the option of either using OTP or their secret questions ... I know which one I'd opt for.

Also having this problem with the so-called "one-time password", the problem lies with my account, not with my ip address or computer. My son, has an account (preferred status) while mine is subscriber. We use different computers and different connections normally and he never gets asked for a "one-time password" but if I try to log onto my account on his computer and his connection guess what happens? "Please enter your one-time password." VERY FRUSTRATING. You guys need to seriously consider renaming it to "every-time new password"

Also having this problem with the so-called "one-time password", the problem lies with my account, not with my ip address or computer. My son, has an account (preferred status) while mine is subscriber. We use different computers and different connections normally and he never gets asked for a "one-time password" but if I try to log onto my account on his computer and his connection guess what happens? "Please enter your one-time password." VERY FRUSTRATING. You guys need to seriously consider renaming it to "every-time new password"

 

IF you log on to your account from his computer after having played on your computer... you will like trigger an OTP becasue they are different computers so they have different IP addresses. If it is just when you web browse the forum.. then that is the cookies in the web browser that are triggering it.

Edited April 27, 2013 by Andryah

I know that, it happens whether I have been on another computer or not. I can log onto the computer I normally use five times in a row and EVERY time I get the same request for a new 'one-time password". This is a relatively recent problem so it's been caused by something Bioware did recently. The problem is NOT with the computers or IP address, I mentioned the fact that I have the exact same problem on a completely different computer to help prove this Edited April 27, 2013 by jaqaldin
changing the person addressed

I know that, it happens whether I have been on another computer or not. I can log onto the computer I normally use five times in a row and EVERY time I get the same request for a new 'one-time password". This is a relatively recent problem so it's been caused by something Bioware did recently. The problem is NOT with the computers or IP address, I mentioned the fact that I have the exact same problem on a completely different computer to help prove this

 

Mentioning you have the exact same problem on another computer clouded what you were trying to say.

 

How do you know something has not changed on your end of things? The reason I ask is because if Bioware changes something on their end of things.... I would expect to see a huge wave of complaints from people who used to noth get a OTP but now suddenly do.

 

Is the problem when logging into the web site or when logging into the game?? Or both? When did it start?

Edited April 27, 2013 by Andryah

it's both, and I haven't changed anything on either computer recently, the only change at my end is that my subscription recently ended (was a 2 month one) and I resubscribed, it started happening immediately afterwards but there were also patches being installed at that time. Because the issue is only with my subscriber account regardless of which computer I use, I assume that the issue is most likely with the account. Also if you look at the first post I made you'll notice that I said I "normally" play on the same computer, so I don't think that really "clouded" anything I said.

 

If you look back through this thread you will see that there are a few other people complaining about this, it's still possible to play the game of course, just an irritating inconvenience.

 

I opened a ticket in game. The customer service reps got back to me quickly enough - never had a problem there, customer service has always been good in my experience. They apologised for the inconvenience, told me they were investigating and advised me to post here, so I'm posting here.

Edited April 28, 2013 by jaqaldin
answering specifc comment