USB Security Token

I've had my security token for a while and I'm worried about the bettery running out. All FFXI platforms have USB support. Shouldn't be hard to make something you can plug in that would comunicate directly without the need for a battery or typing in anything manualy. Just set it up to interface as a USB keyboard, then have a button on it that would register the 6 digit 1 time password as key presses. Basicly you put the cursor where you want it to type in the 1 time password (weather it's in the POL application or web browser) and press the button. The token would read the system time, generate the 1 time password and type it in for you. No need to change any of the current software for this to work, just make the new usb tokens.

Not too sure about this, but I think USB drives can be attacked by viruses. (like a keylogger) While it sucks that the token is on a one time battery life span, at least its not susceptible to being attacked as a device. ie: can't be connected to the machine to stay safe. I can see why they wouldn't want to go that route.

You people make the assumption that people are going to simply leave their token connected all the time. I keep my token on my key chain. And how would this help with the battery life? Why are you worried about the token's battery NOW? What makes you think the battery is getting weak? Have the numbers become very faint to read? These things should last a good five to ten years.

This device is immune to key loggers. The purpose of a security token is to generate a unique number that can only be used once. The generated number has a lifespan of maybe 20 to 30 minutes. And if you want a new code, wait ten seconds and press the button again. The new code when entered will automatically prevent the any prior code from working.

As for being a USB device being prone to viruses, well have you ever heard of a keyboard or mouse being "infected" by a key logger?

When the tokens run down we will probably just have to unlink them, I have zero faith they will make linking a fresh security keychain thing in any way easy at all.

The security token is something like a coded watch. It ticks every so often (like a watch) and gives you a number. That means it's constantly running and will run out of battery similar to a watch. The battery for these are usually large and can last for a few years unless you constantly press the button to make it shows the numbers. However, the quality of the battery leaves a bit to wonder as it's made in china and I don't have many good experience with china made electronics. On the other hand, I have opened a similar token before and it's possible to replace the battery. You might have to reset it and sync it again with SE (like syncing a watch with your current time).

While the token is fairly secure, it's not going to miraculously preventing you from getting hacked. I'll give you an example. Suppose you have a keylogger on your PC that can interfere with POL. You log on, type in your 6-digits and the keylogger steals the digits while crashing your POL. So you can't put in new digits to prevent a log on until you can get rid of the keylogger. On the other side of the world, the criminal now has a fresh 6-digit code every time you attempt to log in. Thus he can log in and steal all your stuff. The whole process of stealing all your valuables take about 10-15 on your main if he just throw away the rare/ex and load your character with valuables and teleport it.

A clear head will go much further in protecting yourself in the hostile internet.

Quote:

---

Originally Posted by Inafking

Shouldn't be hard to make something you can plug in that would comunicate directly

---

Thereby negating its entire purpose.

If your system can communicate with it, malware can communicate with it.

Quote:

---

Originally Posted by Ziyyigo-Tipyigo

Thereby negating its entire purpose.

If your system can communicate with it, malware can communicate with it.

---

If someone really wants to hack your account they'd have it setup so that when PoL attempts to send out your Account info (Token Code, Username, SE name, Passwords) it rejects the connection similar to a firewall blocking access, it then sends the information to the hacker so they can log on before the token key resets and change your password.

False sense of security is what the token really is besides extra in game inventory.

The token was a legal way for SE to charge for inventory space while making people scared of hackers feel safer when they really aren't.

SE doesn't make the tokens, they buy them from another company that produces the exact same token for plenty of other online games. Unfortunately, planned obsolescence is a way of life for most tech products, so it's unlikely they'll be adding a recharging station feature for any of these tokens.

If I'm not mistaken, I believe SE just buys you another one if you run the battery out though. Is that incorrect?

Quote:

---

Originally Posted by Greatguardian

If I'm not mistaken, I believe SE just buys you another one if you run the battery out though. Is that incorrect?

---

Unless they changed it you have to buy another one yourself or cancel the feature. I haven't kept up with the procedures with the token as I just used it for the inventory space, so that might have changed.

Quote:

---

Originally Posted by Laraul

You people make the assumption that people are going to simply leave their token connected all the time. I keep my token on my key chain. And how would this help with the battery life? Why are you worried about the token's battery NOW? What makes you think the battery is getting weak? Have the numbers become very faint to read? These things should last a good five to ten years.

This device is immune to key loggers. The purpose of a security token is to generate a unique number that can only be used once. The generated number has a lifespan of maybe 20 to 30 minutes. And if you want a new code, wait ten seconds and press the button again. The new code when entered will automatically prevent the any prior code from working.

As for being a USB device being prone to viruses, well have you ever heard of a keyboard or mouse being "infected" by a key logger?

---

And I keep mine near my comp and don't carry it around. Point? If a virus is made particularity for it, all the person who made it has to do is program it to go after drives, keystroke, dl malware,ect. it isn't impossible. and as soon as its recognized as being plugged it its too late. Doesn't matter if its 1 second or 30. Tokens are effective because they arn't "apart" of your computer. If its connected you may as well not have a security device at all.

I'm fine with the token being the way it is. even with having to replace one after a few years. It is much safer being a "token" then a usb device. I'd think the only realistic concern is waiting for the new token to get here while your battery is dying. i'd imagine you'd have to still use the old one to sign in to even unlink said dying token so you'd have to do it before it did kick the bucket. Then wait weeks/months in some cases for your newly ordered token to arrive.