USB Security Token

Printable View

Show 40 post(s) from this thread on one page

07-10-2011, 04:00 AM
Zagen

Quote:

Originally Posted by Misi

And I keep mine near my comp and don't carry it around. Point? If a virus is made particularity for it, all the person who made it has to do is program it to go after drives, keystroke, dl malware,ect. it isn't impossible. and as soon as its recognized as being plugged it its too late. Doesn't matter if its 1 second or 30. Tokens are effective because they arn't "apart" of your computer. If its connected you may as well not have a security device at all.

I'm fine with the token being the way it is. even with having to replace one after a few years. It is much safer being a "token" then a usb device. I'd think the only realistic concern is waiting for the new token to get here while your battery is dying. i'd imagine you'd have to still use the old one to sign in to even unlink said dying token so you'd have to do it before it did kick the bucket. Then wait weeks/months in some cases for your newly ordered token to arrive.

Thing is they aren't any safer unplugged from the computer than they would be plugged in.

Do yourself a favor and research what a hacker is capable of doing once they have a program on your computer, it will do much more than the security token ever will for you. Everyone who honestly thinks their account is safer with a token should do this not just you specifically.
07-10-2011, 04:32 AM
Misi

Quote:

Originally Posted by Zagen

Thing is they aren't any safer unplugged from the computer than they would be plugged in.

Do yourself a favor and research what a hacker is capable of doing once they have a program on your computer, it will do much more than the security token ever will for you. Everyone who honestly thinks their account is safer with a token should do this not just you specifically.

Not denying that, I agree. Tokens are not infallible like people tend to believe.
07-10-2011, 05:30 AM
Ziyyigo-Tipyigo

Quote:

Originally Posted by Zagen

If someone really wants to hack your account

Yeah yeah, they can come over to your house and beat your password out of you with a lead pipe. That's no excuse to be low-hanging fruit.

Quote:

Originally Posted by Zagen

The token was a legal way for SE to charge for inventory space while making people scared of hackers feel safer when they really aren't.

The token is a way to reduce the volume of headache-inducing "my password was 12345 and my account was hacked!" support calls. Even telephone operators in India cost money.
07-10-2011, 05:36 AM
Ziyyigo-Tipyigo

Quote:

Originally Posted by Zagen

Do yourself a favor and research what a hacker is capable

If the NSA really wants your gil, they will get it. That doesn't mean they'll bother.

It's called "risk analsys." Simply because someone can do something to compromise you doesn't mean they will, especially if the cost and effort to do so outweighs the potential reward. If a hacker can compromise 50% of your user accounts with 5 mintues' work, but it will take 5 hours to get the other 50%, why would he? That's 5 hours he could have spent selling the gil he already has.

You don't have to outrun the bear, just outrun the guy next to you.
07-10-2011, 06:10 AM
Wolfe

Hey guys, here's a simple solution. Make an app for smart phones that allow you to do this. Guess what, WoW already has one for iPhones.

There are also third party programs out there that do this already. I've seen two programs so far that can successfully generate the "secure" code for the security tokens. It uses the same code on the back of your token that SE has you use when you register it. They're safe too, because it's all programmed in already and doesn't require Internet access to use. I have one of these programs on a laptop that has Internet turned off and it generates the code flawlessly. And since FFXI isn't even on the laptop there's no need to worry about security.

SE will never do this though. The reason being, if there's money to be made, (insert derogatory phrase here).

I hate WoW, but the fact that their security token is free on iPhone, and you can do a lot more with their game on smart phones (in general, such as crafting), I'm getting really tempted to switch.
07-10-2011, 10:39 AM
Zumi

You have to call them up to unlink a dead security token, kind of sucks since it long distance and they don't got a 1800 number.
07-10-2011, 01:23 PM
Laraul

Quote:

Originally Posted by Zagen

If someone really wants to hack your account they'd have it setup so that when PoL attempts to send out your Account info (Token Code, Username, SE name, Passwords) it rejects the connection similar to a firewall blocking access, it then sends the information to the hacker so they can log on before the token key resets and change your password.

Actually if someone wanted your account they would break into your house steal the computer and your security token (if you leave it next to the computer). Of course, if someone you did not know broke into your house, your FFXI account would probably be last thing on your mind.

You are much more likely to lose your account to someone you know and see everyday in the real world. You let them in and talk for a bit... the next day your token is missing. Worse yet, your computer login info has changed. Fortunately most people aren't this way. They know that doing that would be wrong.

Look, if you are concerned that your security token is failing, then head to https://secure.square-enix.com/account/app/svc/otpCan. Login, choose "One time password" on the left side of the page. Click Next, and you'll see "security token removal." Follow the instructions and you won't ever need to use the security token again. In fact you can't you'll have to purchase a new one.
07-10-2011, 01:46 PM
Laraul

Quote:

Originally Posted by Wolfe

Hey guys, here's a simple solution. Make an app for smart phones that allow you to do this. Guess what, WoW already has one for iPhones.

Yes... there is. Have you used it? Works but if you delete it before you unlink the Unique ID you will have to call to remove it from your account. It's also much more restrictive as rather than generating a one time password, it generates a password every 60 seconds. You have to enter you email, password, and then a 8 digit code before it expires.

They do sell a token also. It used to be a little more expensive than SE's. In anycase, SE is NOT making money off the sale of security tokens.

Oh and the irony of all this is that why do people worry that a security token with no RAM, OS, or processor is susceptible to malicious code and a powerful smartphone that backs up your installed software. Which doesn't even need USB now. It all wireless.

What I am saying is, both are safe (assuming that you haven't jail broken the phone or anything). Both provide a huge boost in securing your account. They both have their pros and cons.
07-11-2011, 12:32 AM
Alhanelem

The notion that the security token is just a money-grabbing venture by is nonsense.

The whole reason the token is effective is because it's not connected to anything, thus isn't vulnerable to hacking or anything.
$10 every several years is a trivial expense.
07-11-2011, 02:36 AM
Inafking

The point of it interfacing as a keyboard would be to keep it from being attacked by malicious software. As long as you can't send code to it, it can't be infected. Also, if you don't know that batteries die, and that they're an important part of what the security token does then I'm not sure how to explain this all to you anyway.

Show 40 post(s) from this thread on one page