Password Reset Security Flaw

If you attempt logging into the game from a different location without a security token(aka one-time password), you are told that you must reset your password with an email sent to you containing a link that allows you to do so. But this applies only when logging onto the game, not your Square Enix Account Management System.

It's possible to login to a persons Square Enix Account thru the management system, change the password, then use that password to login w/o triggering the automatic password reset do to logging in from a different location. Also, you do not receive an email when changes to your account, including the password.

Not everyone has a security token or a device able to use one. And a lot of people won't use a token since it's a hassle. And anyone would expect to be notified when ANY change to my account is made.

so use a token?

Security token is a hassle?

Can't you emulate a smartphone on a computer for the token?

And honestly, if you get hacked and you don't have a token, you're the only one to blame.

Quote:

---

Originally Posted by gamesmart

And honestly, if you get hacked and you don't have a token, you're the only one to blame.

---

This. 99% of the gill sellers are probably using hacked accounts. Everyday when I play I get stupid tells from 934759734593479879834753489 of them. If you don't want your account to eventually get hacked and be used by a stupid Chinese gill farmer, you better get a token.

Quote:

---

Originally Posted by gamesmart

Can't you emulate a smartphone on a computer for the token?

---

Thought I would add this:

Token on smartphone = Good.

Token on computer emulation = Bad.

The whole point of the token is so that if someone hacks your computer and steals your information they still can't log into your account because they don't have your token. If you put the token on the same computer you play FF 14 on, you effectively are completely getting rid of the added security the token is suppose to give.

The security token thing is a matter of opinion. What the OP brings up is a security inequality.

Breaking through an account on Square Enix Account Management instead of the game client is, for some reason, easier because of an additional security step that isn't present on Account Management, but present on the game client.

Yes, not having the security token leaves your account at a far greater risk, but this isn't about that.

The token is far from a hassle.

OP, I would like to add that this would probably be better to post in either Technical Support (http://forum.square-enix.com/ffxiv/f...hnical-Support), or Website Bugs (http://forum.square-enix.com/ffxiv/f...4-Website-Bugs).

As general discussion is mostly composed of the community and not people who can actually do something about a problem like this.

Well if you think token is a hassle, Your choice
https://infosanity.files.wordpress.c...ecfuncease.png