Jump to content

Security key topic.


Thepyrethatburns

Recommended Posts

So quick background:

 

I didn't have a Smartphone until the beginning of the year so I never had a security authenticator for this game before. However, I was going over security methods for my third (and final) attempt at the 1002 certification and it reminded me of the security key for SWTOR. So I checked out the app on the Google Play store and saw a lot of reviews stating that the app doesn't really work well or that it asks for an 18-digit code now. Currently existing topics aren't really helpful in answering my questions either.

 

Other security relevant background:

a) My password is unique to this account even though the username is not. However, unlike most of my password, this is not a Keepass generated password and, while there are numbers/symbols, it could conceivably be guessed by a dictionary attack.

b) Nobody else has access to this computer nor does anyone have the ability to get on even if they did.

c) I do not respond to gold farmer E-mails (other than the Report Spam button) nor do I buy gold or go to shady websites selling gold.

d) While I'd get the mount and pet if I have access, I don't actually care about the Security key vendor or the extra Cartel coins.

e) I seem to have problems with my account as of this year redeeming codes. Support just sent a canned response that pretty much said "Nothing we can do" which does not give me a whole lot of faith in their ability to resolve anything if the Security Key goes south and I can't get into my account.

f) I'm not really looking for other forms of security authenticators. I'm just asking about the SWTOR authenticator.

 

So my questions are:

 

1) Does this app work with newer phones (Galaxy A71/Current version of Android.)?

 

1a) If you have had problems with this authenticator, how did you resolve it? Were you able to just remove the authenticator as the process mentions or did you go into customer support hell to try to resolve it?

 

2) Does this app generate a 6 or 18 key authentication?

 

3) Given my concerns and background habits, is the SWTOR key really worth it? I know the default response is "More security is always worth it" but, if this is going to be a large amount of hassle that may cut me off from my SWTOR account due to buggy application/non-responsive customer support, I'm willing to play the odds.

 

Thank you in advance to anyone who has specific answers to these questions.

Link to comment
Share on other sites

1) Working flawless on newest Android, don't know about others.

1a) I didn't have any problems

2) 6

3) I don't see many reasons not to use two factor authentication. Except "My account is worth nothing to me, so I don't care".

I would rather run the risk of having unlikely problems with the authenticator that I will surely get help solving than taking the risk of someone compromising my account.

Link to comment
Share on other sites

You’ll get an additional 100cc every month in addition to the added security. So, I’d recommend it. If you only ever play on one pc and access the forums and your account from the same pc, you have another option; WinAuth is an open source application for this and it runs (only) on Windows.
Link to comment
Share on other sites

1) Does this app work with newer phones (Galaxy A71/Current version of Android.)?

 

1a) If you have had problems with this authenticator, how did you resolve it? Were you able to just remove the authenticator as the process mentions or did you go into customer support hell to try to resolve it?

 

2) Does this app generate a 6 or 18 key authentication?

 

3) Given my concerns and background habits, is the SWTOR key really worth it? I know the default response is "More security is always worth it" but, if this is going to be a large amount of hassle that may cut me off from my SWTOR account due to buggy application/non-responsive customer support, I'm willing to play the odds.

 

Thank you in advance to anyone who has specific answers to these questions.

 

1: Mines a LG V60 with dual screen - 2021 model - so yes it should work.

2: 6 Key - but why would that matter to you? Pointless Question. It a standard rotating code like all other 2FA systems.

3: Yes....you shouldn't be asking this question if you are the expert you infer you are.

2FA makes password loss a moot issue. So long as you have your authenticatior - no ones breaking in. Period.

 

No offense:

I suggest you spend a little more time thinking about common sense of 2FA in itself and less tin foil hatting the risks out aside from the compatibility of the app.

 

I did have trouble setting up the app initially - but it was likely me and not the game or the server.

This is a first party app - not 3rd party - unique to the game.

They also pay you in cartel coins for securing your account every month.

Considering your posting with your accounts username - you could have a password 10 miles long - your at risk unless you use this app frankly. The Devs talked about this at length with some research.

The benefits outweigh the cons imho.

 

Bottom line - just do it - and move on with your life.

 

You don't need a cell btw - any android emulation package will do the job just as fine. Just google it out.

How else do you think devs write code for android? :)

 

ANYTHING that is of value or time invested should be 2FA'd regardless of who what where how.

Even Banks should be using Authenticators and not this bullcrap they call "security".

 

If your not happy with it..then don't. But I suspect the greater majority would rather do it - not so much for security - but for the free CC's. :)

 

Not trying to be terse here...but the potential for misinformation by your post is a little too high.

Link to comment
Share on other sites

You don't need a cell btw - any android emulation package will do the job just as fine. Just google it out.

How else do you think devs write code for android? :)

This is a fair point; but it's also worth noting that the 6-digit code apps all follow RFC 6238 ( https://datatracker.ietf.org/doc/html/rfc6238 ), so it's a standardised calculation that they all do the same way, so *any* OTP/2FA app will do the job just as well as SWTOR's own-brand one. Google Authenticator, OTP Auth (I use this), Authy, etc., and notably WinAuth which runs on your Windows PC (so you doubly don't need a phone, nor an emulator).

Link to comment
Share on other sites

2) Does this app generate a 6 or 18 key authentication?

As noted above, it generates 6-digit codes to enter, like all the other OTP/2FA apps.

 

The 18-digit thing is talking about the "Authentication Code" that you enter into the app in order to set it up. (It's used as input into the calculations that generate the codes, along with the current date and time.)

Link to comment
Share on other sites

Thank all of you for the answers.

 

I will go ahead and download the authenticator.

 

As for a couple of the questions:

 

If you look at the reviews on the Google Play store, more than a few claimed that the authentication key had switched to 18 digits instead of 6 but that the authenticator hadn't been updated so it was still giving out 6. It seemed a relevant question to ask.

 

I play full screen and I have the phone so I'm not sure what I would gain by having Bluestacks or any other emulator running in the background.

 

Also, not a common question but I reread my first post and I'm not sure where anybody would get the impression that I'm an expert. But, for the record, I'm not an expert.

 

Thank you again for the answers.

Link to comment
Share on other sites

I play full screen and I have the phone so I'm not sure what I would gain by having Bluestacks or any other emulator running in the background.

At the point where you actually need the authenticator code, you are still in the launcher, so you aren't in full-screen(0), and the advantage of an emulator or of a program on your PC happens when you change your phone for some reason. If the app's data doesn't get transferred to the new phone(1), it's moderately annoying pull the old (presumably non-functional) phone's security key off the account, and the emulator/WinAuth prevents you from needing that.

 

(0) You never need the code while the game is full-screen unless you are Alt+Tabbed to yout browser to log in to the website.

 

(1) My experience is that if you regularly back up an iPhone using iTunes, the restore is more or less automatic and essentially effort-free, but YMMV on Android phones. The feedback I've seen here suggests that in some cases, it works, but a large fraction of people say "I changed phones, therefore as a matter of course I had to do X, Y, Z annoying steps(2) to get the key working again", which leads me to suspect one of two things:

* They don't really know that it's possible to transfer app settings from one Android to another. Never diss an explanation by "people didn't know better". (Carefully phrased to avoid the words "ignorance" and "ignorant".)

* The transfer process really is mostly broken on Android phones.

 

(2) They *are* annoying. With my series of iPhones, I've had to do it twice:

* When an iOS update meant that the old 8-digit app (32-bit) didn't work any more on the next iPhone, so I had to replace it with the 6-didgit app (64-bit).

* When iOS 15 glitched the app so I moved the keyness from SWTOR's own app to OTP Auth where my other SWTOR accounts are. (OTP Auth can show the codes on my Watch, which SWTORSK cannot.)

Edited by SteveTheCynic
Link to comment
Share on other sites

Fair points all but, when I punch in a code, I just automatically hit "Play" so I'd be constantly Alt-Tabbing out to close the emulator.

 

As for the difficulty of switching phones and the danger of Android Updates, perhaps I'm underestimating the difficulties involved but I see it as a negligible risk. My last two phones I kept until they were declared obsolete by either the carrier or the internal programming. (Given 2020's reputation, you can imagine how I initially felt when my Altair's Calendar and all linked functions stopped working on 1800 Dec 31, 2020) While accidents and theft happen, I feel relatively safe in the notion that I will not break or lose the phone for years to come. Updates are more common but *shrug* cross that bridge when I get to it. Perhaps that's a question that I should have thought of when I made my initial post but the die is cast.

 

But thank you for the followup.

Link to comment
Share on other sites

This is a fair point; but it's also worth noting that the 6-digit code apps all follow RFC 6238 ( https://datatracker.ietf.org/doc/html/rfc6238 ), so it's a standardised calculation that they all do the same way, so *any* OTP/2FA app will do the job just as well as SWTOR's own-brand one. Google Authenticator, OTP Auth (I use this), Authy, etc., and notably WinAuth which runs on your Windows PC (so you doubly don't need a phone, nor an emulator).

 

Very good points.

But afaik - they don't accept 3rd party - at this time anyway.

Not sure if someone hacked one out.

Rather use my sophos app over any other thing - everything in one place.

Link to comment
Share on other sites

Fair points all but, when I punch in a code, I just automatically hit "Play" so I'd be constantly Alt-Tabbing out to close the emulator.

 

As for the difficulty of switching phones and the danger of Android Updates, perhaps I'm underestimating the difficulties involved but I see it as a negligible risk. My last two phones I kept until they were declared obsolete by either the carrier or the internal programming. (Given 2020's reputation, you can imagine how I initially felt when my Altair's Calendar and all linked functions stopped working on 1800 Dec 31, 2020) While accidents and theft happen, I feel relatively safe in the notion that I will not break or lose the phone for years to come. Updates are more common but *shrug* cross that bridge when I get to it. Perhaps that's a question that I should have thought of when I made my initial post but the die is cast.

 

But thank you for the followup.

 

As long as your phone isn't 5 years old plus - you should be fine.

Generally the app is simple enough that Id be surprised older phones wouldn't support it.

But that's up to your carrier/phones manufacturer....which may or may not be a good thing.

 

Emulations as pointed out can work as well. So you got your options at least.

 

Worrying over software/hardware tends to cause migraines/ulcers - we have to do the best we can with what we got.

Link to comment
Share on other sites

Very good points.

But afaik - they don't accept 3rd party - at this time anyway.

Not sure if someone hacked one out.

Rather use my sophos app over any other thing - everything in one place.

SWTORSK is RFC-compliant, so any other RFC-compliant app will do just as well.(1)(2) I have *four* SWTOR accounts, all on OTP Auth, but I know I could transfer any or all of them to WinAuth, Google Authenticator, Saas-Pass, Authy, or any of the other RFC-compliant authentication key apps out there. The number of such apps is not small.

 

So yes, your Sophos app should just work. Make sure, if offered the choice,(3) to have it generate time-based codes.

 

EDIT: The RFC compliance is such that the SWTOR servers cannot even tell which app you use, but naturally, they are unlikely to offer you any tech support unless you use SWTORSK.

 

(1) That's more or less what it means for a thing to be RFC-compliant, no matter which RFC you're talking about, although very few people bother with RFC 1149.

 

(2) More likely better, since, for example, the other apps support multiple accounts, which SWTORSK does not.

 

(3) I mention this point because OTP Auth *does* offer a choice between time-based and something else that I don't remember what it is.

Edited by SteveTheCynic
Link to comment
Share on other sites

Fair points all but, when I punch in a code, I just automatically hit "Play" so I'd be constantly Alt-Tabbing out to close the emulator.

Or you could just leave it running, especially if it's WinAuth rather than an emulator. WinAuth is a native-on-Windows app rather than an Android app that you run in an emulator. It even allows you to copy the current code so you can just paste it into the SWTOR launcher.

Link to comment
Share on other sites

SWTORSK is RFC-compliant, so any other RFC-compliant app will do just as well.(1)(2) I have *four* SWTOR accounts, all on OTP Auth, but I know I could transfer any or all of them to WinAuth, Google Authenticator, Saas-Pass, Authy, or any of the other RFC-compliant authentication key apps out there. The number of such apps is not small.

 

So yes, your Sophos app should just work. Make sure, if offered the choice,(3) to have it generate time-based codes.

 

EDIT: The RFC compliance is such that the SWTOR servers cannot even tell which app you use, but naturally, they are unlikely to offer you any tech support unless you use SWTORSK.

 

(1) That's more or less what it means for a thing to be RFC-compliant, no matter which RFC you're talking about, although very few people bother with RFC 1149.

 

(2) More likely better, since, for example, the other apps support multiple accounts, which SWTORSK does not.

 

(3) I mention this point because OTP Auth *does* offer a choice between time-based and something else that I don't remember what it is.

 

Good to know...must have missed that option.

 

I tire of the "1 more damn app" era.....sick and tired of that BS.

Link to comment
Share on other sites

×
×
  • Create New...