Please upgrade your browser for the best possible experience.

Chrome Firefox Internet Explorer

BW hate the planet (please give us back the secret questions)

STAR WARS: The Old Republic > English > Customer Service (Read-Only)
BW hate the planet (please give us back the secret questions)
First BioWare Post First BioWare Post

Boufsa's Avatar

04.16.2013 , 03:19 AM | #1
Everybody know about the problem of the One time password madness. Did you know the last policy change had nothing to do with improving security, but rather with saving money on customer support?

In the old system you had to fill in 5 secret question and remember the answers, and more important REMEMBER EXACTLY THE SPELLING of these answers. Most people never shut down their internet box, so they filled it one time, then forgot about it, and one or two monthes later when they needed to reboot their box and got a new IP, they stumbled onto the secret question which they forgot the answers and called customer service. It seems that the problem has largely grown since free2play launch.

Since they where tired of answering to people who don't remember their answers, they switched to a new system where normal people can get rid of the problem by themselves. Nice try, but the new system is bugged, try again BW. But even it it was not bugged, it would still be deeply boring, because for people like me who care about the planet and shut down their internet box while they are not at home (and get a new IP everyday), we have now to login on our webmail and wait not less than 5 minutes before getting a (hopefully good) password.

Alternatively if you have a smartphone which you can surf the web with and install applications, you can use a security key access to go around the verification issue, but my mobile is not a smartphone (which are not really ecologic, especially the latest iphones). This is the second reason I can say BW don't bother about the planet because they incitate you to use alot energy (which you will have also to pay for) to secure your account.

I have a master's degree in engineering, I work in a telecom company which website gets at peak around 1000 authentication attempts per second, and it happens that I am from the team who is in charge of securing these authentications so I am well placed to tell when they tell you ******** and when they don't. Truth is that if the users could learn to make strong passwords they only use for the game and stop lending their account to other people, they would not need a '2 password' security. Actually which website you use to visit ask you for a two steps authentication procedure? But since people use the stupid same weak password for the game that they use for every other low security site on the web they get easily hacked, so BW decided to go around the problem by generating themselves strong unique passwords with a short expiration delay to make sure that you can't hack into an account if you haven't also hacked the mailbox (wait, isn't that even easier? But nevermind), and especially I think they target multiplayers account, since you may agree to share your password and account with other people, but you wouldn't give so easily your webmail password with all the sensible private mail you don't want them to read, right? In this context your main password just ensures someone from your family or friends can't log onto your account while you are away (or if you share your computer with them), while the real anti hackers security lies on their famous one time password. Ah and since they were planning to set up this one time password policy, they realized that using the mail adress to login (which caused previously no problem) could become a security issue especially on public or shared computers because once you know the adress of the mail account to hack, you have already 75% of the job done.

But please don't consider me as the usual unaware user. I know how the internet security works because this is my job. I know exactly what risks I am taking depending on what password typology I use (and on how I secured my whole computer from viruses and such), and I am asking you for an option to have the choice between the one time password and the secret questions, or to simply deactivate this 2nd security stage or make it weekly and If I get hacked it will be at my own risk.

Thanks for reading.

Pippoff's Avatar

04.16.2013 , 03:21 AM | #2
do you actually believe anyone (other than similarly pissed off players) actually reads any of this?

Beesodd's Avatar

04.16.2013 , 03:36 AM | #3 This is the last staff post in this thread.  
We read everything, Pippoff, even if we can't always respond.

Thanks for the feedback Boufsa. I have no facility to grant your request, but we are well aware of the discontent from some players regarding the current OTP implementation and issues that have arisen from it.

Unfortunately I have no new information on this right now, but be sure to keep an eye on the Dev Tracker for any updates, in particular from Phillip Holmes.

Sorry that I can't do more to specifically assist with this, but thanks again for the post.

Beesodd | BioWare Customer Service - Forum Support| Find help for all EA Games at Answer HQ.

Boufsa's Avatar

04.16.2013 , 03:38 AM | #4
No I don't, but I hope that all the details I gave will help other players figure out why things are done like they are, and that the multiplication of similar threads in the customer forum will be a signal for the developers so that they take action.

Edit: I post before seeing the BW reply, thank you for reading me

Pippoff's Avatar

04.16.2013 , 03:42 AM | #5
"Can't respond"??
what the hell does that mean?
if postings are read, why is nothing being done about the one time password fiasco?
why is there no direct approach vie email to "customer support"?

Boufsa's Avatar

04.16.2013 , 03:58 AM | #6
The problem is in three parts:
1) the one time password system itself
2) the delay of several minutes between sending two emails
3) the fact that the password systematically fails into the game client (and copy pasting seems inaccurate).

Points 1) and 2) are on purpose. They have to figure out what is the matter with 3) and how they will change their policy. Since this is a security matter, I would find it normal to take a few days. An instant fix would be suspect and a quick but partially wrong communication could be really bad. What is really important is that they confirm they are working on it and that we can expect a correction soon. I also pay for the game so I don't want to spend half an hour logging onto it each day

AlrikFassbauer's Avatar

04.16.2013 , 04:33 AM | #7
Quote: Originally Posted by Boufsa View Post
Truth is that if the users could learn to make strong passwords
Who teaches this to them ?
Where ?
And when ?

Boufsa's Avatar

04.17.2013 , 03:35 AM | #9
I have another question: could you tell us what is the expiration delay of the one time password?

Tatile's Avatar

04.17.2013 , 03:55 AM | #10
Quote: Originally Posted by Boufsa View Post
I have another question: could you tell us what is the expiration delay of the one time password?
Didn't Phillip say it was kind of long, but they're extending it because of email provider shenanigans?

It's probably three minutes at the moment and they may be extending it to ten *shrugs*