Someon has been attempting to log into my account all day.

Luckily, I only get booted from the server thanks to the authentication error.
However, this has happened twenty times today and it makes playing impossible, and I'm obviously more than a little nervous.

Any solution to this?

Do you have a one time password thingy?

change your password obviously

Quote:

---

Originally Posted by PapaSteel

Luckily, I only get booted from the server thanks to the authentication error.
However, this has happened twenty times today and it makes playing impossible, and I'm obviously more than a little nervous.

Any solution to this?

---

Nobody's trying to log into your account. It's some kind of server error.

Quote:

---

Originally Posted by PapaSteel

Luckily, I only get booted from the server thanks to the authentication error.
However, this has happened twenty times today and it makes playing impossible, and I'm obviously more than a little nervous.

Any solution to this?

---

That's happening to everyone.

Not sure what the exact error is, but I would try to get the one-time password app or the keychain thing. Makes it much more difficult for users to try and get into your account.

Quote:

---

Originally Posted by Ruri

Not sure what the exact error is, but I would try to get the one-time password app or the keychain thing. Makes it much more difficult for users to try and get into your account.

---

sadly, with this game, it does jackall. It can be bypassed.

I was getting the same error, with a little less frequency. I am using the security token and I even changed my password. I already submitted a ticket to see what was happening.

Hackers are using randomized session IDs to connect with the servers! Oh noes!


I also got authentication error twice since last night. Either they changed something or the hackers really are doing mass brute force...

Huh. Fascinating.

Well, thanks guys!

Quote:

---

Originally Posted by viion

sadly, with this game, it does jackall. It can be bypassed.

---

Don't spread false info please. People are dumb enough for not using one (who can). Now we just need to promote the non use of the token.

Quote:

---

Originally Posted by ZohnoReecho

Don't spread false info please. People are dumb enough for not using one (who can). Now we just need to promote the non use of the token.

---

Actually, the authenticator can be bypassed. Someone pointed out a massive security flaw that bypasses the launcher and lets anyone log into any account and all they need is the session ID which is surprisingly easy to obtain. I have personally witnessed this and am shocked at such a security flaw.

Quote:

---

Originally Posted by Jwrigh7784

Actually, the authenticator can be bypassed. Someone pointed out a massive security flaw that bypasses the launcher and lets anyone log into any account and all they need is the session ID which is surprisingly easy to obtain. I have personally witnessed this and am shocked at such a security flaw.

---

Apparently, they have fixed it to be IP-locked now? I don't know the specifics, but people have been reporting that when they log in from a different IP, their account gets locked until they confirm it through email etc. Similar to how things worked in 1.0. For people with dynamic IPs, maybe it will be a hassle, but I think it's a welcome change. I'm not sure how this will affect session IDs, but nonetheless, it will make logins from external areas a bit harder.

Quote:

---

Originally Posted by Jwrigh7784

Actually, the authenticator can be bypassed. Someone pointed out a massive security flaw that bypasses the launcher and lets anyone log into any account and all they need is the session ID which is surprisingly easy to obtain. I have personally witnessed this and am shocked at such a security flaw.

---

If you have something that can read that session from the process believe me that nothing can stop it from redirecting the game login page to a fake one and steal the data you insert.

Just because it can be bypassed doesn't mean you don't have to do the best to protect yourself.

It's as if I wouldn't wear a bulletproof vest because they can shot me in the head anyway.

The session IDs are now being made invalid when you log off. What you are seeing is an interruption in service. If someone tried to log into your account while you are on, they get the error that someone is already logged in, it doesn't boot you out.

Quote:

---

Originally Posted by whoopeeragon

Apparently, they have fixed it to be IP-locked now? I don't know the specifics, but people have been reporting that when they log in from a different IP, their account gets locked until they confirm it through email etc. Similar to how things worked in 1.0. For people with dynamic IPs, maybe it will be a hassle, but I think it's a welcome change. I'm not sure how this will affect session IDs, but nonetheless, it will make logins from external areas a bit harder.

---

No the IP check is because they do not have a OTP attached to the account. SE has done this for a rather long time even going back to FFXI.

Is this what is happening? http://na.finalfantasyxiv.com/lodest...1cbefd7134829f

Quote:

---

Originally Posted by Zfz

Hackers are using randomized session IDs to connect with the servers! Oh noes!


I also got authentication error twice since last night. Either they changed something or the hackers really are doing mass brute force...

---

They changed something, the chances of brute forcing a significant number of session IDs are about as high as the Sun going nova, today. It doesn't have a high enough success rate to make sense to any hacker, not to mention that it gives SE an opportunity to trace them more effectively and IP ban their sorry rear ends.

Quote:

---

Originally Posted by Jwrigh7784

Actually, the authenticator can be bypassed. Someone pointed out a massive security flaw that bypasses the launcher and lets anyone log into any account and all they need is the session ID which is surprisingly easy to obtain. I have personally witnessed this and am shocked at such a security flaw.

---

Sure if your computer is hacked.

So basically if you hack someones computer, the session id becomes 'Easy to obtain'. Shocking.