Major Security Threat - Authenticator useless

Yes, it was bypassed.
On the SWTOR system itself you need it to access the 'my account' area.
You don't need it to change the protected info when you go through the origin system.

The code is viable until it rolls over to the next code. That's why if your device clock gets skewed it is no longer useful.

It's not requested from the server, it is created based on a mathematical formula and the current time.

The physical authenticator generates a new code every 30s. To make things easier for the user, and to prevent codes changing on you while typing them it, they usually alow each code for twice that amount of time. This prevents occurances of generating a code at say, time 27s and part way through typing it in, it all of a sudden changes on you. This does mean that at any given time there are two valid codes, but doesn't really affect security all that much. Trying to guess two out of a million (8 digit) possabilities is still nearly just as impossible as guessing one.

No, it was not. The authenticator protects SWTOR and ONLY SWTOR and it did that correctly, if youchoose to link accounts to services that have no authenticator then thats not a failure of the Auth system.

They never got into SWTOR despite having a keylogger on his system, think aboutthat.

Psst. EA/Bioware chose to do this on your behalf a few months ago. Even if you haven't signed up for Origin you now have an origin account.

Make sure you send them a thank you note.

There is no choice in this. An EA account is automatically linked to SWTOR and vice versa.

Bottom line: under no circumstance should an unprotected account be allowed to make changes to a protected account without satisfying the protected account's security requirements first.

Already had one and I purposely bought my copies via Origin, I w as also aware of the linking, still doesnt make any difference to anything, the Auth key stopped them from getting into SWTOR which is its only job.

I have a question and hope you all can answer. I have an account for TOR, its a valid account. I use the same information to log into EA or Origin and get "User Name or Password is Invalid." Are these accounts truly linked and why don't my credentials work on those sites?

Maybe because they are not truly linked, I have my origin account under a different email account as well as a different on for my EA account. I have some 10 different email accounts including my 3 business accounts. If your accounts are actually linked I would suggest either changing that information or having those accounts closed or removed, if you do have them linked then it does create a bit of a risk.

Authenticators can be easily hacked by a Man in the middle attack no protection is 100% ever

http://en.wikipedia.org/wiki/Man-in-the-middle_attack

You can use a seperate email adress to make a new account.

The Auth system protects SWTOR, nothing else, thats the bottom line.