One time password /sigh

Printable View

Show 40 post(s) from this thread on one page

06-19-2014, 07:20 AM
kidvideo

lol... smh... dude, do you even remember how you set up your account?
06-19-2014, 08:36 AM
Quesse

Just curious, is there an emergency removal password for those that have the hardware token?

What would be the method to gain access if your token stops working?

I've tried to figure this out before but could not.

EXAMPLE: https://secure.square-enix.com/accou...vc/coercioncan

This removal form only references the soft-token. What if you have a hardware token? Odd there is no corresponding form.

I ask because I got my hardware token when they first started offering them with FFXI. It must be 7 years old. Gonna die sometime soon >.<
06-19-2014, 09:11 AM
Noahlimits

Quote:

Originally Posted by kidvideo

lol... smh... dude, do you even remember how you set up your account?

There are TONS of people on the FFXIV reddit who have had their accounts compromised and banned after being hacked. If you use a PC, any keylogger or malware can get your username and password. If you're on ps4, have you ever used the same user name in another game (HoN, LoL, WoW, .. anything)? That's the main way they hack your FF account, they don't even need to guess your username. Not to mention PSN themselves have been hacked more than twice in the last 5 years. While they may not want any crap on your character, they'll sure use it to bot or shout RMT spam.
06-19-2014, 09:12 AM
Vallug

Where is the code in case something goes wrong?I cant find it.
06-19-2014, 11:27 AM
Zarzak

Quote:

Originally Posted by Jonny_Tapas

Hmmm maybe I have the e-mail thanks for the tip.

Can give the "plan ahead" argument all you want but um... How many people really look for these solutions before they encounter a problem.

Just saying.... taking a picture of it with my phone and emailing it to myself seemed like a no brainer
06-19-2014, 11:37 AM
Wobble

Quote:

Originally Posted by Jonny_Tapas

Hmmm maybe I have the e-mail thanks for the tip.

Can give the "plan ahead" argument all you want but um... How many people really look for these solutions before they encounter a problem.

When you linked it to your account it told you to save it, it did when I set up the phone app. I no longer use the phone app and have gone back to the token I got with my CE of the game. I actually still have the first one I got when they came out for FFXI and it still works. :)
06-19-2014, 11:43 AM
kidvideo

Quote:

Originally Posted by Noahlimits

There are TONS of people on the FFXIV reddit who have had their accounts compromised and banned after being hacked. If you use a PC, any keylogger or malware can get your username and password. If you're on ps4, have you ever used the same user name in another game (HoN, LoL, WoW, .. anything)? That's the main way they hack your FF account, they don't even need to guess your username. Not to mention PSN themselves have been hacked more than twice in the last 5 years. While they may not want any crap on your character, they'll sure use it to bot or shout RMT spam.

Meh. PSN was hacked, I'll grant you that, however user names, passwords & credit card numbers are encrypted, salted & hashed. I experienced no problems from the hack other than PSN itself being down. Otherwise I'm on a mac at home & a PC at work. & it would be foolish to use the same login user name & password across multiple sites. Very simple: PS4 software license is linked to my SE account. No one is hacking my SE account to add a PC rmt/bot. Anyone who fears hackers when they are personally being responsible & exercising common sense is watching too much fake nightly "news" shows.
06-19-2014, 11:52 AM
Sove92

Quote:

Originally Posted by Quesse

Just curious, is there an emergency removal password for those that have the hardware token?

I ask because I got my hardware token when they first started offering them with FFXI. It must be 7 years old. Gonna die sometime soon >.<

The hardware tokens don't have emergency removal passwords. About the battery dying, I think they have a low battery warning, because SE does mention you should change the token as soon as the battery starts to run out, and there is no other way to know it's running low, other than a low battery warning.

Quote:

Originally Posted by kidvideo

passwords & credit card numbers are encrypted, salted & hashed.

http://www.dailymail.co.uk/sciencete...ords-hour.html So much for password hashes and 16-character passwords. Your password is secure only as long as the hashes are not in cracker hands.
06-19-2014, 12:12 PM
madolyn

i had this problem a few weeks ago and i lost my emergency removal password. I just did a live chat with support and they removed it within 5 minutes and i was able to play again.
06-19-2014, 12:21 PM
Gilraen

Quote:

Originally Posted by Jonny_Tapas

It is not uncommon for people to then purge their e-mail accounts of the Square Enix e-mails they received and this step can be easily overlooked.

Who does this? Who purges emails related to things they have done that involve real money that aren't a.) receipts or b.) shipping notifications. I keep everything but Ebay emails because eff Ebay, like I need to keep 5 emails telling me about something I received in the mail already and have found to be satisfactory (though if it's not what I ordered I'm definitely going to have a use for those 5 emails). I have email files with email going back as far as 2003. Not because I'm hoarding them but because they all have information pertaining to things I still use to this day. It makes sense to archive old emails. This thing you say is like burning your bridges, nothing good ever comes of it.
06-19-2014, 12:28 PM
valho

Quote:

Originally Posted by Quesse

Just curious, is there an emergency removal password for those that have the hardware token?

What would be the method to gain access if your token stops working?

I've tried to figure this out before but could not.

EXAMPLE: https://secure.square-enix.com/accou...vc/coercioncan

This removal form only references the soft-token. What if you have a hardware token? Odd there is no corresponding form.

I ask because I got my hardware token when they first started offering them with FFXI. It must be 7 years old. Gonna die sometime soon >.<

You will need to login to Square Enix Account Management to remove the physical token but once removed you can't use it anymore. can read more about it here

Quote:

Originally Posted by Vallug

Where is the code in case something goes wrong?I cant find it.

Login to Square Enix Account Management, you will see it once you are login.

The instruction for emergency password removal is also sent to your email address, so emm check you email every time you register something then you won't miss it.
06-19-2014, 05:06 PM
BunnyChain

Quote:

Originally Posted by Quesse

Just curious, is there an emergency removal password for those that have the hardware token?

What would be the method to gain access if your token stops working?

I've tried to figure this out before but could not.

EXAMPLE: https://secure.square-enix.com/accou...vc/coercioncan

This removal form only references the soft-token. What if you have a hardware token? Odd there is no corresponding form.

I ask because I got my hardware token when they first started offering them with FFXI. It must be 7 years old. Gonna die sometime soon >.<

Maybe you can generate one and write it down for later use? Not sure if a code stays usable for a long time though...
06-19-2014, 05:13 PM
Rosy

The hardware token has a key on the back which you use to access your account to remove it when the battery runs low.
06-19-2014, 08:40 PM
kidvideo

Quote:

Originally Posted by Sove92

So much for password hashes and 16-character passwords. Your password is secure only as long as the hashes are not in cracker hands.

That article was a journalistic experiment, not what happened to Sony. Security breeches happen, change your password... & move on. This is part the reason SE has designed restrictions on the items in the game. Like spirit bonding, no trade, etc... There's no incentive to hack an account where the hacker would be forced to register their licensed copy to the account, for gear they can't steal & is worth only a few gil at best.
06-19-2014, 09:07 PM
Felis

Quote:

Originally Posted by kidvideo

I really doubt it happens this way. Strong passwords, common sense.

Also, SE makes you link you account to the software license. Any changes or updates to the SE account generate an email notification. For a "hacker" to be that determined to hack the account, register THEIR copy of the software to my account, intercept the notification email... just so they can rmt, bot or merch my gear? You'll never convince me it's worth all that effort.

There is no software license. The registration key is for creating an account and registering a platform version.
Once a hacker have your account datas he can login to your account with a torrent downloaded client.

This is wy every MMO producers say "Don't give away your account datas to another person"
06-19-2014, 09:57 PM
Kuroyuki-Hime

I recommend buying a hardware token. I've used and still use some software tokens but not SEs one because the required permissions are too much. Example:

Battle.net Authenticator: No special permissions needed for this app
SE software token: Camera/Microphone (uses at least on of following elements:camera/microphone); HardwareID&Phone information (App can access your phone number and hardware ID, is able to check when you do a call and read the remote number)

Why does a software token need to know when I have a call and with whom? And what feature requires it to turn on my mic/cam??

Hardware token costs 10$.
06-19-2014, 11:20 PM
necrosis

Quote:

Originally Posted by Elway358

I've never even taken my little keyfob out of the wrapper from my CE. Being that I'm on PS4 and don't give out/use my log in info on strange sites/areas, I see it as an absolutely useless extra step that I have no desire to take.

Even the free teleport benefit is not even close to enough incentive for me to be bothered with using it.

I love people who call extra security "useless".
06-19-2014, 11:24 PM
necrosis

Quote:

Originally Posted by ispano

Uh, actually you can't. It won't let you log in with the PC client unless you have a PC code on said account.

This.

SE cracked down on this with FFXIV. In FFXI you used to be able to get around buying two copies with the game (and disk biased expansions) if you had a friend that played on the opposite platform.
06-19-2014, 11:36 PM
Souljacker

Quote:

Originally Posted by necrosis

This.

SE cracked down on this with FFXIV. In FFXI you used to be able to get around buying two copies with the game (and disk biased expansions) if you had a friend that played on the opposite platform.

Is that a fact? That's disappointing, but will hardly deter RMT. It does mean I'm not buying a used copy anywhere when I get a Ps4. Shame.
06-19-2014, 11:39 PM
kidvideo

Quote:

Originally Posted by Felis

There is no software license. The registration key is for creating an account and registering a platform version.
Once a hacker have your account datas he can login to your account with a torrent downloaded client.

registration key, software license, whatev. The copy of FFXIV that I purchased is registered to my SE account. A hacker's copy would need to be registered to my account... assuming they could get my user name & password... regardless, SE would send an email notification about the new registration. So, meh.
06-19-2014, 11:59 PM
DragonFlyy

Quote:

Originally Posted by ispano

Uh, actually you can't. It won't let you log in with the PC client unless you have a PC code on said account.

My brother bought the PS3 version. Logged in once and said it looked like crap. He logs in on his computer now and never bought the PC version, so it does work. Just not the other way around.

Quote:

Which these mysterious hackers of yours do not have.

Packet snooping. Your username and password are transmitted as plain text. It's not the easiest way to get the information, but it is one way and you wouldn't even have a recourse against it. Hence the use of a security token that changes every use/thirty seconds.

However, the most common way of getting passwords is through social engineering. Look it up, it's rather interesting.
06-20-2014, 12:03 AM
kidvideo

Quote:

Originally Posted by DragonFlyy

Packet snooping. Your username and password are transmitted as plain text. It's not the easiest way to get the information, but it is one way and you wouldn't even have a recourse against it. Hence the use of a security token that changes every use/thirty seconds.

However, the most common way of getting passwords is through social engineering. Look it up, it's rather interesting.

Nope.
/10char

Show 40 post(s) from this thread on one page

All times are GMT +9. The time now is 06:23 AM.